Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Safe Mode boot only, OTL log post per garmanma


  • This topic is locked This topic is locked
35 replies to this topic

#1 FerretLaw

FerretLaw

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:51 AM

Posted 28 February 2010 - 04:07 PM

Installed a program a few days ago and received a Paladin security program warning. Took steps to remove the virus with no luck and the situation worsened. No anti-virus programs would work. Currently, the computer will only boot into safe mode, with and without networking. Any other mode results in a blue screen crash.
Google redirects every link. Search links can be accessed by inputting the address directly into the address bar. However, receive a server cannot be located internet error message at every attempt to access any website that has anti-virus software (such as MBAM, spybot, etc.) or is a virus forum (here & at Malwarebytes).
Am borrowing a mac to access this forum and to download programs onto a flash drive to transfer to the infected laptop.

The only virus-related programs that will work are: rKill & ATF Cleaner
Programs that will not work:
MBAM (used every troubleshooter and advice from this forum); Spybot; SuperAntiSpyware; AdAware; Avast!; SmitFraudFix; zbotkiller; TFC; ESET; DDS; GMER; defogger; Combofix
I haven't been able to get DrWebCureIt to download onto a flash drive from the mac I'm borrowing even though I could do with other programs.
I receive error messages that registry changes are denied by system administrator policies change.
I've followed directions to change the BIOS settings to allow boot from a CD but the burned CD will not work. I've put a DVD in and can see the files although video won't open.



Here is the OTL log I was able to get. There was only this one after two attempts, no other log or report appeared even minimized.

OTL logfile created on: 2/28/2010 3:41:07 PM - Run 5
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Becky\Desktop\Utilities\antivirus
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 76.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 19.03 Gb Free Space | 27.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 567.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/17 11:25:46 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Becky\Desktop\Utilities\antivirus\OTL.exe
PRC - [2009/04/25 00:27:50 | 00,636,088 | --S- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2099/01/01 12:00:00 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\system32\neniweja.dll
MOD - [2010/01/17 11:25:46 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Becky\Desktop\Utilities\antivirus\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - [2010/02/11 13:53:39 | 00,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/02/11 13:53:39 | 00,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/02/11 13:53:39 | 00,040,384 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/07/10 09:51:22 | 00,532,264 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/04/13 19:11:56 | 00,053,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\6to4v32.dll -- (6to4)
SRV - [2007/10/25 17:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 13:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/03/03 23:03:10 | 00,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/08/30 17:00:50 | 00,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/08/30 16:55:18 | 00,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/08/30 16:49:34 | 00,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/07/23 00:43:46 | 00,372,809 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2005/07/23 00:40:54 | 00,086,016 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2005/07/23 00:40:16 | 00,139,264 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2005/05/20 19:41:42 | 00,153,600 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2005/04/12 01:13:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2005/03/29 21:04:02 | 01,847,296 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2005/03/04 17:33:26 | 00,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/03/04 17:33:24 | 00,131,072 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/03/04 17:33:24 | 00,118,784 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/03/04 17:33:20 | 00,278,528 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/02/10 15:44:04 | 00,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe -- (VAIO Entertainment Task Scheduler)
SRV - [2005/02/09 08:43:58 | 00,143,360 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -- (VAIO Entertainment Aggregation and Control Service)
SRV - [2005/01/14 18:26:56 | 00,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2005/01/14 18:21:32 | 00,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2005/01/14 18:20:14 | 00,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2004/10/23 05:16:36 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/09/16 17:50:18 | 00,061,440 | ---- | M] (KYOCERA MITA CORPORATION) [Auto | Stopped] -- C:\Program Files\Kyocera\FileUtility\SFUSVC.exe -- (SFUSVC)
SRV - [2003/08/28 03:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) [Auto | Stopped] -- C:\WINDOWS\system32\BRSVC01A.EXE -- (Brother XP spl Service)
SRV - [2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/02/28 01:28:34 | 00,303,104 | ---- | M] (Lexmark International, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)


========== Driver Services (SafeList) ==========

DRV - [2010/02/28 15:31:17 | 00,791,552 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\eoipvhmx.sys -- (eoipvhmx)
DRV - [2010/02/11 13:42:34 | 00,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/02/11 13:42:13 | 00,162,512 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/02/11 13:39:01 | 00,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/02/11 13:38:34 | 00,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/02/11 13:38:23 | 00,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/11 13:38:07 | 00,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/11/23 08:43:30 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/23 08:43:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/23 08:43:28 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/04/15 15:25:42 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2009/02/24 18:42:14 | 00,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/06/27 10:00:10 | 00,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/04/13 19:11:56 | 00,002,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\fmfdisk.sys -- (fmfdisk)
DRV - [2008/04/13 13:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/05/23 16:26:34 | 00,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/06/02 07:16:58 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/12/24 11:03:25 | 00,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2005/10/16 07:00:00 | 00,012,928 | ---- | M] (Bo Brantén) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\filedisk.sys -- (FileDisk)
DRV - [2005/07/23 01:02:44 | 00,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/07/19 23:14:02 | 03,289,088 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/04/12 01:13:00 | 03,299,808 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/02/22 20:01:46 | 00,807,742 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/01/07 03:01:40 | 00,052,736 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifmsony.sys -- (tifmsony)
DRV - [2004/12/27 02:35:26 | 00,007,424 | ---- | M] (JuneFabrics) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pnetmdm.sys -- (pnetmdm)
DRV - [2004/11/03 21:15:00 | 02,301,568 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/09/08 14:37:10 | 00,161,024 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2004/09/08 14:36:54 | 00,685,184 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/09/08 14:36:20 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/08/19 15:25:24 | 00,154,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 07:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2004/03/17 15:04:14 | 00,013,059 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/09/29 15:31:38 | 00,094,601 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/08/13 03:27:00 | 00,002,304 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Machnm32.sys -- (Machnm32)
DRV - [2003/06/18 19:12:50 | 00,071,961 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyPI.sys -- (SPI)
DRV - [2000/12/05 19:18:02 | 00,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 22:15:08 | 00,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com/search?q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/search?q=


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-122374490-3495641759-4196105982-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-122374490-3495641759-4196105982-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-122374490-3495641759-4196105982-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-122374490-3495641759-4196105982-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-122374490-3495641759-4196105982-500\S-1-5-21-122374490-3495641759-4196105982-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.5

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/23 15:39:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/17 23:48:47 | 00,000,000 | ---D | M]

[2010/02/23 15:39:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/02/26 19:53:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z8ecd4w8.default\extensions
[2010/02/23 15:45:57 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z8ecd4w8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/02/23 15:45:59 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/03/14 23:13:50 | 00,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/08/21 22:20:14 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2008/12/01 11:50:26 | 00,004,946 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\comcast.xml

O1 HOSTS File: ([2010/02/03 21:46:44 | 00,377,780 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13044 more lines...
O2 - BHO: (C:\WINDOWS\system32\sjoab.dll) - {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - C:\WINDOWS\system32\sjoab.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-122374490-3495641759-4196105982-500\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-122374490-3495641759-4196105982-500..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Documents and Settings\Administrator\Local Settings\Temp\nvsvc32.exe ()
O4 - HKU\S-1-5-21-122374490-3495641759-4196105982-500..\Run: [Remote System Protection] C:\WINDOWS\System32\sjoab.DLL ()
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-122374490-3495641759-4196105982-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-122374490-3495641759-4196105982-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1265565561750 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1265565544421 (MUWebControl Class)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: PUFLITE http://www.kernproperty.com/ColpaControls/...rol/PUFLITE.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.18,93.188.161.35
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (neniweja.dll) - C:\WINDOWS\System32\neniweja.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O22 - SharedTaskScheduler: {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - 7whfiudhf8s7f3oifhif7syfdhsof - C:\WINDOWS\system32\sjoab.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Light Flo Wallpaper TrueColor 1280x800.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Light Flo Wallpaper TrueColor 1280x800.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/18 15:26:35 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\4DW4R3PiyKkQInan.dll
[2010/02/24 12:51:46 | 00,043,520 | ---- | C] (Rox) -- C:\WINDOWS\System32\cfxfbnhad4.dll
[2010/02/24 12:43:41 | 02,723,264 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\vcredist_x86.exe
[2010/02/24 12:27:42 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/24 12:17:59 | 16,488,224 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jre-6u18-windows-i586-s.exe
[2010/02/24 12:17:22 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\Desktop\spybotsd162.exe
[2010/02/24 12:16:56 | 97,364,760 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Administrator\Desktop\Ad-AwareInstaller.exe
[2010/02/24 11:27:08 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/24 11:27:04 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/24 11:27:04 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/24 11:26:12 | 05,061,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\MWB setup.exe
[2010/02/24 11:17:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\U3
[2010/02/24 10:57:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/02/23 17:08:30 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/02/23 16:41:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\comcasttb
[2010/02/23 16:29:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CallingID
[2010/02/23 16:29:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\scanner
[2010/02/23 16:15:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2010/02/23 16:15:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/02/23 16:08:58 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/02/23 15:48:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2010/02/23 15:46:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\QuickScan
[2010/02/23 15:44:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/02/23 15:39:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2010/02/23 15:39:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2010/02/23 15:12:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2010/02/23 15:12:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2010/02/23 15:08:51 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2010/02/23 15:08:24 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2010/02/23 15:08:24 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2010/02/23 15:08:24 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2010/02/23 15:08:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sony Corporation
[2010/02/23 15:08:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2010/02/23 15:08:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2010/02/23 15:08:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2010/02/23 15:08:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2010/02/23 15:08:23 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2010/02/23 15:08:23 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2010/02/23 15:08:23 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2010/02/23 15:08:23 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2010/02/23 15:08:23 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2010/02/23 15:08:23 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2010/02/23 15:08:23 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2010/02/23 15:08:23 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2010/02/23 15:08:23 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2010/02/23 15:08:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2010/02/23 15:08:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000}
[2010/02/23 14:47:51 | 00,000,000 | ---D | C] -- C:\Program Files\YouSendIt
[2010/02/23 14:41:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/02/23 14:20:45 | 00,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/23 14:20:44 | 00,162,512 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/23 14:20:36 | 00,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/23 14:20:34 | 00,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/23 14:20:30 | 00,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/23 14:20:30 | 00,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/23 14:20:29 | 00,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/23 14:17:56 | 00,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/02/23 14:17:56 | 00,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/23 14:17:42 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/02/23 14:17:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/02/23 13:50:08 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2010/02/23 13:50:08 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2010/02/23 13:50:08 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2010/02/23 13:50:08 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2010/02/23 13:50:08 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2010/02/23 13:50:07 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2010/02/23 13:50:07 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2010/02/23 13:50:07 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2010/02/23 13:50:07 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2010/02/23 13:50:07 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2010/02/23 13:50:07 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2010/02/23 12:58:45 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/02/23 12:13:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/02/15 17:26:11 | 00,012,928 | ---- | C] (Bo Brantén) -- C:\WINDOWS\System32\drivers\filedisk.sys
[2010/02/15 17:25:51 | 00,000,000 | ---D | C] -- C:\Program Files\WinImage
[2010/02/09 17:24:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/02/07 16:28:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/02/07 16:28:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/02/07 12:59:48 | 00,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2010/01/07 01:36:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2009/12/30 00:14:00 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/12 09:39:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2009/12/12 09:38:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/12/11 15:17:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2009/07/05 17:43:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/04/21 10:39:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/04/18 19:03:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/03/20 22:25:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2008/05/23 00:21:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/10/28 12:22:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/12/06 09:38:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2005/03/18 15:30:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\4DW4R3PiyKkQInan.dll
[2099/01/01 12:00:00 | 00,071,168 | -HS- | M] () -- C:\WINDOWS\System32\tegavipo.dll
[2099/01/01 12:00:00 | 00,070,656 | -HS- | M] () -- C:\WINDOWS\System32\reforola.dll
[2099/01/01 12:00:00 | 00,070,656 | -HS- | M] () -- C:\WINDOWS\System32\melunule.dll
[2099/01/01 12:00:00 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\nipiluti.dll
[2099/01/01 12:00:00 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\neniweja.dll
[2099/01/01 12:00:00 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\dotuluje.dll
[2010/02/28 15:43:42 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\kivajisa
[2010/02/28 15:33:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/28 15:31:17 | 00,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\eoipvhmx.sys
[2010/02/27 16:54:27 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/02/27 16:54:26 | 01,310,720 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/02/27 16:48:33 | 00,017,548 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/26 20:16:30 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\8ixnvmc5.exe
[2010/02/26 20:16:04 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/02/26 20:15:24 | 00,050,477 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2010/02/26 19:41:52 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/26 19:41:51 | 00,010,752 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll
[2010/02/26 19:39:56 | 00,001,555 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\_VOIDkrl32mainweq.dll
[2010/02/24 13:27:09 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/24 13:27:09 | 00,001,100 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/02/24 12:53:46 | 00,164,856 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/24 12:51:46 | 00,043,520 | ---- | M] (Rox) -- C:\WINDOWS\System32\cfxfbnhad4.dll
[2010/02/24 12:51:46 | 00,003,566 | ---- | M] () -- C:\WINDOWS\System32\kafenc
[2010/02/24 12:44:16 | 02,723,264 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\vcredist_x86.exe
[2010/02/24 12:30:28 | 00,000,851 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to renamed start file.lnk
[2010/02/24 12:28:05 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010/02/24 12:06:20 | 16,488,224 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jre-6u18-windows-i586-s.exe
[2010/02/24 11:54:24 | 02,672,312 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2010/02/24 11:53:08 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\Desktop\spybotsd162.exe
[2010/02/24 11:52:22 | 97,364,760 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Administrator\Desktop\Ad-AwareInstaller.exe
[2010/02/24 11:51:16 | 07,757,856 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2010/02/24 11:48:52 | 03,870,269 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/02/24 11:22:08 | 04,240,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/02/24 11:21:09 | 00,001,148 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to m_b_a_m_-_c_l_e_a_n.lnk
[2010/02/24 11:20:56 | 00,002,855 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to r_k_i_l_l.pif
[2010/02/24 11:14:02 | 05,061,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\MWB setup.exe
[2010/02/23 15:03:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/23 15:00:00 | 00,000,294 | ---- | M] () -- C:\WINDOWS\tasks\rqkcdeyu.job
[2010/02/23 14:42:52 | 00,000,715 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/23 14:42:52 | 00,000,286 | RHS- | M] () -- C:\boot.ini
[2010/02/23 14:42:52 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/23 14:39:46 | 00,116,003 | ---- | M] () -- C:\WINDOWS\System32\virus-list
[2010/02/23 14:39:46 | 00,088,191 | ---- | M] () -- C:\WINDOWS\System32\reg-list.reg
[2010/02/23 14:39:45 | 00,000,029 | ---- | M] () -- C:\WINDOWS\System32\cur-version
[2010/02/23 14:35:13 | 00,000,240 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/02/23 14:23:23 | 00,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/02/23 14:20:31 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/02/23 13:50:44 | 00,002,526 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/02/23 12:04:27 | 00,000,480 | ---- | M] () -- C:\WINDOWS\Shortcut to clock.lnk
[2010/02/23 11:46:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/02/23 10:22:58 | 00,004,716 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\fiosejgfse.dll
[2010/02/23 09:58:02 | 00,049,152 | ---- | M] () -- C:\WINDOWS\System32\_VOIDpkdsmcjwku.dll
[2010/02/23 09:58:01 | 00,049,152 | ---- | M] () -- C:\WINDOWS\System32\_VOIDcrxtxyniti.dll
[2010/02/23 09:57:59 | 00,000,248 | ---- | M] () -- C:\WINDOWS\System32\_VOIDoehhjvfmot.dat
[2010/02/23 09:57:57 | 00,042,496 | ---- | M] () -- C:\WINDOWS\System32\drivers\_VOIDwqkdtrsnpm.sys
[2010/02/23 09:57:57 | 00,026,624 | ---- | M] () -- C:\WINDOWS\System32\_VOIDyepbgmxren.dll
[2010/02/23 09:56:35 | 00,153,088 | ---- | M] () -- C:\WINDOWS\msa.exe
[2010/02/23 09:56:19 | 00,020,000 | ---- | M] () -- C:\WINDOWS\System32\sjoab.dll
[2010/02/23 09:56:18 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mswintmp.dat
[2010/02/23 08:25:40 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/02/22 23:46:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/02/22 17:46:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/02/19 23:46:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/15 10:27:02 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/02/11 13:53:57 | 00,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/11 13:53:36 | 00,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/02/11 13:42:34 | 00,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/11 13:42:13 | 00,162,512 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/11 13:39:01 | 00,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/11 13:38:34 | 00,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/11 13:38:31 | 00,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/11 13:38:23 | 00,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/11 13:38:07 | 00,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/07 22:15:53 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Nancy Drew 2 Stay Tuned for Danger.INI
[2010/02/07 13:22:28 | 00,385,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/07 13:22:28 | 00,054,682 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/07 13:22:27 | 00,443,254 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/03 21:46:44 | 00,377,780 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/03 18:46:16 | 00,001,827 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger .lnk

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 00,071,168 | -HS- | C] () -- C:\WINDOWS\System32\tegavipo.dll
[2099/01/01 12:00:00 | 00,070,656 | -HS- | C] () -- C:\WINDOWS\System32\reforola.dll
[2099/01/01 12:00:00 | 00,070,656 | -HS- | C] () -- C:\WINDOWS\System32\melunule.dll
[2099/01/01 12:00:00 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\nipiluti.dll
[2099/01/01 12:00:00 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\neniweja.dll
[2099/01/01 12:00:00 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\dotuluje.dll
[2099/01/01 12:00:00 | 00,006,456 | -H-- | C] () -- C:\WINDOWS\System32\kivajisa
[2010/02/26 20:35:27 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\8ixnvmc5.exe
[2010/02/26 20:31:38 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/02/26 20:27:01 | 00,050,477 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2010/02/24 12:51:46 | 00,003,566 | ---- | C] () -- C:\WINDOWS\System32\kafenc
[2010/02/24 12:30:28 | 00,000,851 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to renamed start file.lnk
[2010/02/24 12:28:05 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010/02/24 12:17:59 | 02,672,312 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2010/02/24 12:17:55 | 03,870,269 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/02/24 12:17:36 | 07,757,856 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2010/02/24 11:21:09 | 00,001,148 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to m_b_a_m_-_c_l_e_a_n.lnk
[2010/02/24 11:20:56 | 00,002,855 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to r_k_i_l_l.pif
[2010/02/23 15:08:23 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/02/23 15:08:21 | 01,310,720 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/02/23 14:39:51 | 00,116,003 | ---- | C] () -- C:\WINDOWS\System32\virus-list
[2010/02/23 14:39:51 | 00,088,191 | ---- | C] () -- C:\WINDOWS\System32\reg-list.reg
[2010/02/23 14:39:51 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\cur-version
[2010/02/23 13:50:44 | 00,002,526 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/02/23 13:50:07 | 00,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2010/02/23 13:50:07 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2010/02/23 13:50:07 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2010/02/23 12:13:35 | 00,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/02/23 12:04:27 | 00,000,480 | ---- | C] () -- C:\WINDOWS\Shortcut to clock.lnk
[2010/02/23 10:05:13 | 00,004,716 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\fiosejgfse.dll
[2010/02/23 09:59:54 | 00,000,294 | ---- | C] () -- C:\WINDOWS\tasks\rqkcdeyu.job
[2010/02/23 09:59:10 | 00,001,555 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\_VOIDkrl32mainweq.dll
[2010/02/23 09:58:11 | 00,010,752 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll
[2010/02/23 09:58:00 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\_VOIDcrxtxyniti.dll
[2010/02/23 09:57:59 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\_VOIDpkdsmcjwku.dll
[2010/02/23 09:57:57 | 00,042,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\_VOIDwqkdtrsnpm.sys
[2010/02/23 09:57:57 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\_VOIDyepbgmxren.dll
[2010/02/23 09:57:57 | 00,000,248 | ---- | C] () -- C:\WINDOWS\System32\_VOIDoehhjvfmot.dat
[2010/02/23 09:57:06 | 00,153,088 | ---- | C] () -- C:\WINDOWS\msa.exe
[2010/02/23 09:56:51 | 00,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\eoipvhmx.sys
[2010/02/23 09:56:51 | 00,000,282 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/02/23 09:56:45 | 00,000,240 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/02/23 09:56:19 | 00,020,000 | ---- | C] () -- C:\WINDOWS\System32\sjoab.dll
[2010/02/23 09:56:18 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mswintmp.dat
[2010/02/07 22:15:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Nancy Drew 2 Stay Tuned for Danger.INI
[2010/02/03 18:46:16 | 00,001,827 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger .lnk
[2010/01/17 22:02:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Waverly.INI
[2009/12/31 00:55:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ResortingToDanger.INI
[2009/12/26 15:18:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2009/10/03 23:27:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Ransom.INI
[2009/01/14 01:58:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2008/08/22 11:15:53 | 00,000,172 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/07/25 12:37:17 | 00,000,064 | ---- | C] () -- C:\WINDOWS\CIV.INI
[2008/06/30 13:06:19 | 00,000,066 | ---- | C] () -- C:\WINDOWS\GDINST.INI
[2008/06/27 12:30:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Stg.INI
[2008/05/30 18:31:40 | 00,000,188 | ---- | C] () -- C:\WINDOWS\System32\lxbacoin.ini
[2008/05/30 18:28:17 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBALCNP.DLL
[2008/04/20 07:55:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2008/04/08 22:46:41 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/04/08 22:46:41 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/07/28 00:22:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/06/15 01:14:51 | 00,006,449 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/05/18 17:32:53 | 00,000,148 | ---- | C] () -- C:\WINDOWS\nscatch.ini
[2007/04/10 09:50:00 | 00,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/07/17 23:17:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/05/09 12:37:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2006/04/14 09:57:28 | 00,374,784 | ---- | C] () -- C:\WINDOWS\3dg32.dll
[2006/01/10 13:41:42 | 00,000,040 | ---- | C] () -- C:\WINDOWS\BO5140.INI
[2006/01/10 13:41:23 | 00,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/01/10 13:41:22 | 00,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/01/10 13:41:21 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2006/01/09 15:59:28 | 00,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2006/01/09 11:01:49 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
[2006/01/09 11:01:46 | 00,041,984 | ---- | C] () -- C:\WINDOWS\System32\ZFExt.dll
[2005/12/26 14:46:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/11/15 23:38:00 | 00,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2005/11/11 18:06:21 | 00,000,031 | ---- | C] () -- C:\WINDOWS\FP3D.INI
[2005/11/10 04:48:25 | 00,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/11/10 04:42:53 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/10 04:42:53 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/10 04:42:53 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/10 04:42:53 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/10 04:42:53 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/10 04:42:53 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/10 04:41:10 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/10 04:33:34 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2005/03/18 16:45:45 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/18 16:37:56 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/03/18 16:28:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2005/03/18 15:32:42 | 00,000,902 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/03/18 14:09:19 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/03/18 14:09:13 | 00,000,762 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/03/18 14:08:39 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\6to4v32.dll
[2005/03/18 14:08:39 | 00,002,304 | ---- | C] () -- C:\WINDOWS\System32\fmfdisk.sys
[2003/03/19 21:14:50 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\pagesync.dll
[2003/01/07 18:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/12 16:21:12 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2001/07/07 05:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B803FAA
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C82AA2E
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE36080E
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC4AD9C5
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DC301B6
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E473FF1
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C3D1E1C
@Alternate Data Stream - 250 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4829D27E
@Alternate Data Stream - 235 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C6A9B00
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC2932DB
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16A6265A
@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A14D0C2
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE9AC1B5
@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D251621C
@Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5200349E
@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D4486E16
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD086960
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:377CCC31
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAFA2B66
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD7C3EFB
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85F3AC32
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C1FD1FC6
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3D0CDFE
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A71BB9C
@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94087FB2
@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:887C125E
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9046031
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:600A385A
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8761CC9
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:708561A8
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C340A64
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C580FF00
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD1485FF
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DAC3B29
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7715B65F
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6719B11A
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FEE4959
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53ABB239
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:39F1E9F9
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2702B06F
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FFB3DBB6
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71392222
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B211CA64
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:299868C8
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF9418F3
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CC0A3F3
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D5D340C5
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A77B9B55
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5867D280
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:410921CB
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:701AFF06
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB960BFC
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66B97B94
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D7E3061
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6B84C30
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF2C9E8E
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FC5F43A
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A3B105A
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:669764DD
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68FB0053
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A24629A
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AFE59F2
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1E7CA3C
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CBCF563D
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:472FDF93
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96FAC731
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F38450C8
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE524528
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:567D3254
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8CE1FE5
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E6276EE
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:837546C7
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23B59626
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:904251FD
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E4FBF8BD
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2C903BC
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:521B9AFB
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFD2D4A7
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:39B8AFB6
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:351CE410
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04B9B70F
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAA01E60
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E650B916
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8A0F20CD
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B12FF3F2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DB8926F
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:285C9104
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04A2BA27
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9371B810
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31BF83C
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67ED88CE
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AA8E0FE
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5307D463
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D34CFF71
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02A78DF6
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:015DC393
< End of report >
File not found -- C:\WINDOWS\System32\4DW4R3PiyKkQInan.dll
[2099/01/01 12:00:00 | 00,071,168 | -HS- | M] () -- C:\WINDOWS\System32\tegavipo.dll
[2099/01/01 12:00:00 | 00,070,656 | -HS- | M] () -- C:\WINDOWS\System32\reforola.dll
[2099/01/01 12:00:00 | 00,070,656 | -HS- | M] () -- C:\WINDOWS\System32\melunule.dll
[2099/01/01 12:00:00 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\nipiluti.dll
[2099/01/01 12:00:00 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\neniweja.dll
[2099/01/01 12:00:00 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\dotuluje.dll
[2010/02/28 15:43:42 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\kivajisa
[2010/02/28 15:33:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/28 15:31:17 | 00,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\eoipvhmx.sys
[2010/02/27 16:54:27 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/02/27 16:54:26 | 01,310,720 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/02/27 16:48:33 | 00,017,548 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/26 20:16:30 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\8ixnvmc5.exe
[2010/02/26 20:16:04 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/02/26 20:15:24 | 00,050,477 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2010/02/26 19:57:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\U3
[2010/02/26 19:57:28 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/26 19:43:17 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/02/26 19:41:52 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/26 19:41:51 | 00,010,752 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll
[2010/02/26 19:39:56 | 00,001,555 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\_VOIDkrl32mainweq.dll
[2010/02/24 13:27:09 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/24 13:27:09 | 00,001,100 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/02/24 12:53:46 | 00,164,856 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/24 12:51:46 | 00,043,520 | ---- | M] (Rox) -- C:\WINDOWS\System32\cfxfbnhad4.dll
[2010/02/24 12:51:46 | 00,003,566 | ---- | M] () -- C:\WINDOWS\System32\kafenc
[2010/02/24 12:44:16 | 02,723,264 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\vcredist_x86.exe
[2010/02/24 12:30:28 | 00,000,851 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to renamed start file.lnk
[2010/02/24 12:30:10 | 00,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/24 12:28:05 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010/02/24 12:27:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/02/24 12:06:20 | 16,488,224 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jre-6u18-windows-i586-s.exe
[2010/02/24 11:54:24 | 02,672,312 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2010/02/24 11:53:08 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\Desktop\spybotsd162.exe
[2010/02/24 11:52:22 | 97,364,760 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Administrator\Desktop\Ad-AwareInstaller.exe
[2010/02/24 11:51:16 | 07,757,856 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2010/02/24 11:48:52 | 03,870,269 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/02/24 11:22:08 | 04,240,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/02/24 11:21:09 | 00,001,148 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to m_b_a_m_-_c_l_e_a_n.lnk
[2010/02/24 11:20:56 | 00,002,855 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to r_k_i_l_l.pif
[2010/02/24 11:14:02 | 05,061,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\MWB setup.exe
[2010/02/24 10:57:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/02/23 17:08:30 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/02/23 16:41:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\comcasttb
[2010/02/23 16:29:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CallingID
[2010/02/23 16:29:25 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files\scanner
[2010/02/23 16:15:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2010/02/23 15:48:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QuickScan
[2010/02/23 15:48:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2010/02/23 15:44:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/02/23 15:44:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2010/02/23 15:39:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2010/02/23 15:39:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2010/02/23 15:38:31 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2010/02/23 15:13:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2010/02/23 15:12:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2010/02/23 15:03:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/23 15:00:00 | 00,000,294 | ---- | M] () -- C:\WINDOWS\tasks\rqkcdeyu.job
[2010/02/23 14:47:51 | 00,000,000 | ---D | M] -- C:\Program Files\YouSendIt
[2010/02/23 14:42:52 | 00,000,715 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/23 14:42:52 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/23 14:39:46 | 00,116,003 | ---- | M] () -- C:\WINDOWS\System32\virus-list
[2010/02/23 14:39:46 | 00,088,191 | ---- | M] () -- C:\WINDOWS\System32\reg-list.reg
[2010/02/23 14:39:45 | 00,000,029 | ---- | M] () -- C:\WINDOWS\System32\cur-version
[2010/02/23 14:35:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/23 14:35:13 | 00,000,240 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/02/23 14:23:23 | 00,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/02/23 14:20:31 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/02/23 14:17:42 | 00,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2010/02/23 14:17:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/02/23 13:50:44 | 00,002,526 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/02/23 13:49:09 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/02/23 13:49:07 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/02/23 13:49:06 | 00,000,000 | ---D | M] -- C:\Program Files\palmOne
[2010/02/23 13:49:01 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live Toolbar
[2010/02/23 13:49:00 | 00,000,000 | ---D | M] -- C:\Program Files\ABC Amber Text2Image Converter
[2010/02/23 13:48:57 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/02/23 13:48:44 | 00,000,000 | ---D | M] -- C:\Program Files\AC Tool
[2010/02/23 13:48:43 | 00,000,000 | ---D | M] -- C:\Program Files\ACS
[2010/02/23 13:48:38 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/02/23 13:48:37 | 00,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/02/23 12:58:46 | 00,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/02/23 12:46:25 | 00,000,000 | ---D | M] -- C:\Program Files\Shockwave.com
[2010/02/23 12:13:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/02/23 12:04:27 | 00,000,480 | ---- | M] () -- C:\WINDOWS\Shortcut to clock.lnk
[2010/02/23 11:46:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/02/23 10:22:58 | 00,004,716 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\fiosejgfse.dll
[2010/02/23 09:58:02 | 00,049,152 | ---- | M] () -- C:\WINDOWS\System32\_VOIDpkdsmcjwku.dll
[2010/02/23 09:58:01 | 00,049,152 | ---- | M] () -- C:\WINDOWS\System32\_VOIDcrxtxyniti.dll
[2010/02/23 09:57:59 | 00,000,248 | ---- | M] () -- C:\WINDOWS\System32\_VOIDoehhjvfmot.dat
[2010/02/23 09:57:57 | 00,042,496 | ---- | M] () -- C:\WINDOWS\System32\drivers\_VOIDwqkdtrsnpm.sys
[2010/02/23 09:57:57 | 00,026,624 | ---- | M] () -- C:\WINDOWS\System32\_VOIDyepbgmxren.dll
[2010/02/23 09:56:35 | 00,153,088 | ---- | M] () -- C:\WINDOWS\msa.exe
[2010/02/23 09:56:19 | 00,020,000 | ---- | M] () -- C:\WINDOWS\System32\sjoab.dll
[2010/02/23 09:56:18 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mswintmp.dat
[2010/02/23 08:25:40 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/02/22 23:46:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/02/22 17:46:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/02/19 23:46:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/15 18:49:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2010/02/15 17:50:35 | 00,000,000 | ---D | M] -- C:\Program Files\Nancy Drew
[2010/02/15 17:25:51 | 00,000,000 | ---D | M] -- C:\Program Files\WinImage
[2010/02/15 10:30:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/02/15 10:30:03 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files\Symantec Shared
[2010/02/15 10:28:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/02/15 10:27:02 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/02/11 13:53:57 | 00,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/11 13:53:36 | 00,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/02/11 13:42:34 | 00,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/11 13:42:13 | 00,162,512 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/11 13:39:01 | 00,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/11 13:38:34 | 00,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/11 13:38:31 | 00,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/11 13:38:23 | 00,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/11 13:38:07 | 00,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/09 17:24:34 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/02/07 22:15:53 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Nancy Drew 2 Stay Tuned for Danger.INI
[2010/02/07 16:28:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/02/07 16:28:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/02/07 13:39:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/02/07 13:39:20 | 00,000,000 | ---D | M] -- C:\Program Files\McAfee
[2010/02/07 13:39:15 | 00,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2010/02/07 13:22:28 | 00,385,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/07 13:22:28 | 00,054,682 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/07 13:22:27 | 00,443,254 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/03 21:46:44 | 00,377,780 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/03 18:46:16 | 00,001,827 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger .lnk
[2010/02/02 14:19:27 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files\Adobe
[2010/01/07 01:36:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2009/12/30 00:14:00 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/12 09:39:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2009/12/12 09:38:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/12/11 15:17:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2009/07/05 17:43:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/04/21 10:39:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/04/18 19:03:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/03/20 22:25:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2008/05/23 00:21:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/10/28 12:22:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/06/21 23:34:33 | 00,006,449 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/12/06 09:38:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2005/03/18 15:30:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/03/18 07:16:44 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/03/18 07:16:44 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\4DW4R3PiyKkQInan.dll
[2099/01/01 12:00:00 | 00,071,168 | -HS- | M] () -- C:\WINDOWS\System32\tegavipo.dll
[2099/01/01 12:00:00 | 00,070,656 | -HS- | M] () -- C:\WINDOWS\System32\reforola.dll
[2099/01/01 12:00:00 | 00,070,656 | -HS- | M] () -- C:\WINDOWS\System32\melunule.dll
[2099/01/01 12:00:00 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\nipiluti.dll
[2099/01/01 12:00:00 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\neniweja.dll
[2099/01/01 12:00:00 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\dotuluje.dll
[2010/02/28 15:43:42 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\kivajisa
[2010/02/28 15:33:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/28 15:31:17 | 00,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\eoipvhmx.sys
[2010/02/27 16:54:27 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/02/27 16:54:26 | 01,310,720 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/02/27 16:48:33 | 00,017,548 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/26 20:16:30 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\8ixnvmc5.exe
[2010/02/26 20:16:04 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/02/26 20:15:24 | 00,050,477 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2010/02/26 19:41:52 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/26 19:41:51 | 00,010,752 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll
[2010/02/26 19:39:56 | 00,001,555 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\_VOIDkrl32mainweq.dll
[2010/02/24 13:27:09 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/24 13:27:09 | 00,001,100 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/02/24 12:53:46 | 00,164,856 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/24 12:51:46 | 00,043,520 | ---- | M] (Rox) -- C:\WINDOWS\System32\cfxfbnhad4.dll
[2010/02/24 12:51:46 | 00,003,566 | ---- | M] () -- C:\WINDOWS\System32\kafenc
[2010/02/24 12:44:16 | 02,723,264 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\vcredist_x86.exe
[2010/02/24 12:30:28 | 00,000,851 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to renamed start file.lnk
[2010/02/24 12:28:05 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010/02/24 12:06:20 | 16,488,224 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jre-6u18-windows-i586-s.exe
[2010/02/24 11:54:24 | 02,672,312 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2010/02/24 11:53:08 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\Desktop\spybotsd162.exe
[2010/02/24 11:52:22 | 97,364,760 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Administrator\Desktop\Ad-AwareInstaller.exe
[2010/02/24 11:51:16 | 07,757,856 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2010/02/24 11:48:52 | 03,870,269 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/02/24 11:22:08 | 04,240,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/02/24 11:21:09 | 00,001,148 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to m_b_a_m_-_c_l_e_a_n.lnk
[2010/02/24 11:20:56 | 00,002,855 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to r_k_i_l_l.pif
[2010/02/24 11:14:02 | 05,061,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\MWB setup.exe
[2010/02/23 15:03:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/23 15:00:00 | 00,000,294 | ---- | M] () -- C:\WINDOWS\tasks\rqkcdeyu.job
[2010/02/23 14:42:52 | 00,000,715 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/23 14:42:52 | 00,000,286 | RHS- | M] () -- C:\boot.ini
[2010/02/23 14:42:52 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/23 14:39:46 | 00,116,003 | ---- | M] () -- C:\WINDOWS\System32\virus-list
[2010/02/23 14:39:46 | 00,088,191 | ---- | M] () -- C:\WINDOWS\System32\reg-list.reg
[2010/02/23 14:39:45 | 00,000,029 | ---- | M] () -- C:\WINDOWS\System32\cur-version
[2010/02/23 14:35:13 | 00,000,240 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/02/23 14:23:23 | 00,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/02/23 14:20:31 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/02/23 13:50:44 | 00,002,526 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/02/23 12:04:27 | 00,000,480 | ---- | M] () -- C:\WINDOWS\Shortcut to clock.lnk
[2010/02/23 11:46:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/02/23 10:22:58 | 00,004,716 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\fiosejgfse.dll
[2010/02/23 09:58:02 | 00,049,152 | ---- | M] () -- C:\WINDOWS\System32\_VOIDpkdsmcjwku.dll
[2010/02/23 09:58:01 | 00,049,152 | ---- | M] () -- C:\WINDOWS\System32\_VOIDcrxtxyniti.dll
[2010/02/23 09:57:59 | 00,000,248 | ---- | M] () -- C:\WINDOWS\System32\_VOIDoehhjvfmot.dat
[2010/02/23 09:57:57 | 00,042,496 | ---- | M] () -- C:\WINDOWS\System32\drivers\_VOIDwqkdtrsnpm.sys
[2010/02/23 09:57:57 | 00,026,624 | ---- | M] () -- C:\WINDOWS\System32\_VOIDyepbgmxren.dll
[2010/02/23 09:56:35 | 00,153,088 | ---- | M] () -- C:\WINDOWS\msa.exe
[2010/02/23 09:56:19 | 00,020,000 | ---- | M] () -- C:\WINDOWS\System32\sjoab.dll
[2010/02/23 09:56:18 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mswintmp.dat
[2010/02/23 08:25:40 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/02/22 23:46:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/02/22 17:46:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/02/19 23:46:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/15 10:27:02 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/02/11 13:53:57 | 00,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/11 13:53:36 | 00,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/02/11 13:42:34 | 00,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/11 13:42:13 | 00,162,512 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/11 13:39:01 | 00,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/11 13:38:34 | 00,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/11 13:38:31 | 00,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/11 13:38:23 | 00,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/11 13:38:07 | 00,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/07 22:15:53 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Nancy Drew 2 Stay Tuned for Danger.INI
[2010/02/07 13:22:28 | 00,385,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/07 13:22:28 | 00,054,682 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/07 13:22:27 | 00,443,254 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/03 21:46:44 | 00,377,780 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/03 18:46:16 | 00,001,827 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger .lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B803FAA
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C82AA2E
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE36080E
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC4AD9C5
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DC301B6
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E473FF1
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C3D1E1C
@Alternate Data Stream - 250 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4829D27E
@Alternate Data Stream - 235 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C6A9B00
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC2932DB
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16A6265A
@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A14D0C2
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE9AC1B5
@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D251621C
@Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5200349E
@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D4486E16
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD086960
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:377CCC31
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAFA2B66
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD7C3EFB
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85F3AC32
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C1FD1FC6
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3D0CDFE
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A71BB9C
@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94087FB2
@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:887C125E
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9046031
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:600A385A
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8761CC9
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:708561A8
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C340A64
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C580FF00
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD1485FF
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DAC3B29
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7715B65F
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6719B11A
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FEE4959
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53ABB239
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:39F1E9F9
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2702B06F
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FFB3DBB6
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71392222
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B211CA64
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:299868C8
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF9418F3
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CC0A3F3
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D5D340C5
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A77B9B55
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5867D280
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:410921CB
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:701AFF06
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB960BFC
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66B97B94
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D7E3061
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6B84C30
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF2C9E8E
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FC5F43A
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A3B105A
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:669764DD
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68FB0053
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A24629A
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AFE59F2
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1E7CA3C
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CBCF563D
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:472FDF93
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96FAC731
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F38450C8
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE524528
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:567D3254
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8CE1FE5
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E6276EE
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:837546C7
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23B59626
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:904251FD
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E4FBF8BD
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2C903BC
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:521B9AFB
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFD2D4A7
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:39B8AFB6
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:351CE410
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04B9B70F
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAA01E60
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E650B916
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8A0F20CD
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B12FF3F2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DB8926F
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:285C9104
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04A2BA27
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9371B810
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31BF83C
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67ED88CE
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AA8E0FE
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5307D463
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D34CFF71
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02A78DF6
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:015DC393

< End of report >


Edited by garmanma, 28 February 2010 - 06:24 PM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:51 PM

Posted 03 March 2010 - 07:55 AM

Hi FerretLaw,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.

Please update me about the current condition of your computer and the options we have to clean the computer, like if you are still able to boot to Safe Mode with Networking, using a flash drive, have you been able to run another tool, etc.

Your computer is heavily infected with all kinds of malware and it take some efforts to clean it. Our first aim is to get to normal mode again.
  1. Disable Windows automatic update for now until we are done and the computer is clean.

  2. Please download MBR.EXE by GMER. Save the file in your Windows directory (C:\Windows).

    Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:


    CODE
    @echo off
    mbr.exe -t
    sc query type= driver group= "SCSI Miniport" > Log.txt
    type mbr.log >>log.txt
    Start Log.txt
    del %0

    • Go to the File menu at the top of the Notepad and select Save as.
    • Select Save in: desktop
    • Fill in File name: dirlook.bat
    • Save as type: All file types (*.*)
    • Click save.
    • Close the Notepad.
    • Locate and double-click look.bat on the desktop.
    • A notepad opens, copy and paste the content (mbr.log) to your reply.

  3. Please run OTL
    • Check the "Scan All Users" checkbox.
    • Check the "Standard Output".
    • Set Extra Registry to All.
    • Set Standard Registry to SafeList.
    • Copy and paste or type the following in the Custom Scans/Fixes:
      atapi.sys /md5
      iastor.sys /md5
    • Click Run Scan button.
    • Two reports will open, copy and paste OTL.txt and attach Extra.txt to your reply:
      • OTL.txt <-- Will be opened
      • Extra.txt <-- Will be minimized


#3 FerretLaw

FerretLaw
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:51 AM

Posted 04 March 2010 - 03:40 PM

I absolutely agree not to touch a single thing unless I've been directed to do so by this forum on this thread. The status is the same as I've turned off the computer and left it to repent while I awaited a response here. I can boot in safe mode and move things to and from with the portable drive. Have not tried any other programs during the time this has been posted so the original status should be current. Also, while I'm sure there are worse malware issues, the sexlinks things popping up are disturbing... :/

Log.txt


SERVICE_NAME: atapi
DISPLAY_NAME: Standard IDE/ESDI Hard Disk Controller
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
called modules: ntoskrnl.exe >>UNKNOWN [0x89FCC543]<<
kernel: MBR read successfully


OTL logfile created on: 3/4/2010 3:18:31 PM - Run 6
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Becky\Desktop\Utilities\antivirus
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 76.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 19.03 Gb Free Space | 27.37% Space Free | Partition Type: NTFS
Drive D: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 567.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 7.47 Gb Total Space | 7.33 Gb Free Space | 98.01% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/17 11:25:46 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Becky\Desktop\Utilities\antivirus\OTL.exe
PRC - [2009/04/25 00:27:50 | 00,636,088 | --S- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2099/01/01 12:00:00 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\system32\neniweja.dll
MOD - [2010/01/17 11:25:46 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Becky\Desktop\Utilities\antivirus\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - [2010/02/11 13:53:39 | 00,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/02/11 13:53:39 | 00,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/02/11 13:53:39 | 00,040,384 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/07/10 09:51:22 | 00,532,264 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/04/13 19:11:56 | 00,053,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\6to4v32.dll -- (6to4)
SRV - [2007/10/25 17:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 13:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/03/03 23:03:10 | 00,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/08/30 17:00:50 | 00,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/08/30 16:55:18 | 00,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/08/30 16:49:34 | 00,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/07/23 00:43:46 | 00,372,809 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2005/07/23 00:40:54 | 00,086,016 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2005/07/23 00:40:16 | 00,139,264 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2005/05/20 19:41:42 | 00,153,600 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2005/04/12 01:13:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2005/03/29 21:04:02 | 01,847,296 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2005/03/04 17:33:26 | 00,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/03/04 17:33:24 | 00,131,072 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/03/04 17:33:24 | 00,118,784 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/03/04 17:33:20 | 00,278,528 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/02/10 15:44:04 | 00,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe -- (VAIO Entertainment Task Scheduler)
SRV - [2005/02/09 08:43:58 | 00,143,360 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -- (VAIO Entertainment Aggregation and Control Service)
SRV - [2005/01/14 18:26:56 | 00,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2005/01/14 18:21:32 | 00,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2005/01/14 18:20:14 | 00,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2004/10/23 05:16:36 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/09/16 17:50:18 | 00,061,440 | ---- | M] (KYOCERA MITA CORPORATION) [Auto | Stopped] -- C:\Program Files\Kyocera\FileUtility\SFUSVC.exe -- (SFUSVC)
SRV - [2003/08/28 03:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) [Auto | Stopped] -- C:\WINDOWS\system32\BRSVC01A.EXE -- (Brother XP spl Service)
SRV - [2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/02/28 01:28:34 | 00,303,104 | ---- | M] (Lexmark International, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)


========== Driver Services (SafeList) ==========

DRV - [2010/02/11 13:42:34 | 00,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/02/11 13:42:13 | 00,162,512 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/02/11 13:39:01 | 00,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/02/11 13:38:34 | 00,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/02/11 13:38:23 | 00,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/11 13:38:07 | 00,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/11/23 08:43:30 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/23 08:43:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/23 08:43:28 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/04/15 15:25:42 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2009/02/24 18:42:14 | 00,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/06/27 10:00:10 | 00,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/04/13 19:11:56 | 00,002,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\fmfdisk.sys -- (fmfdisk)
DRV - [2008/04/13 13:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/05/23 16:26:34 | 00,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/06/02 07:16:58 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/12/24 11:03:25 | 00,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2005/10/16 07:00:00 | 00,012,928 | ---- | M] (Bo Brantén) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\filedisk.sys -- (FileDisk)
DRV - [2005/07/23 01:02:44 | 00,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/07/19 23:14:02 | 03,289,088 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/04/12 01:13:00 | 03,299,808 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/02/22 20:01:46 | 00,807,742 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/01/07 03:01:40 | 00,052,736 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifmsony.sys -- (tifmsony)
DRV - [2004/12/27 02:35:26 | 00,007,424 | ---- | M] (JuneFabrics) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pnetmdm.sys -- (pnetmdm)
DRV - [2004/11/03 21:15:00 | 02,301,568 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/09/08 14:37:10 | 00,161,024 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2004/09/08 14:36:54 | 00,685,184 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/09/08 14:36:20 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/08/19 15:25:24 | 00,154,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 07:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2004/03/17 15:04:14 | 00,013,059 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/09/29 15:31:38 | 00,094,601 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/08/13 03:27:00 | 00,002,304 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Machnm32.sys -- (Machnm32)
DRV - [2003/06/18 19:12:50 | 00,071,961 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyPI.sys -- (SPI)
DRV - [2000/12/05 19:18:02 | 00,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 22:15:08 | 00,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com/search?q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/search?q=


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-122374490-3495641759-4196105982-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-122374490-3495641759-4196105982-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-122374490-3495641759-4196105982-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-122374490-3495641759-4196105982-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-122374490-3495641759-4196105982-500\S-1-5-21-122374490-3495641759-4196105982-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.5

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/23 15:39:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/17 23:48:47 | 00,000,000 | ---D | M]

[2010/02/23 15:39:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/02/26 19:53:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z8ecd4w8.default\extensions
[2010/02/23 15:45:57 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z8ecd4w8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/02/23 15:45:59 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/03/14 23:13:50 | 00,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/08/21 22:20:14 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2008/12/01 11:50:26 | 00,004,946 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\comcast.xml

O1 HOSTS File: ([2010/02/03 21:46:44 | 00,377,780 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13044 more lines...
O2 - BHO: (C:\WINDOWS\system32\sjoab.dll) - {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - C:\WINDOWS\system32\sjoab.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-122374490-3495641759-4196105982-500\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-122374490-3495641759-4196105982-500..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Documents and Settings\Administrator\Local Settings\Temp\nvsvc32.exe ()
O4 - HKU\S-1-5-21-122374490-3495641759-4196105982-500..\Run: [Remote System Protection] C:\WINDOWS\System32\sjoab.DLL ()
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-122374490-3495641759-4196105982-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-122374490-3495641759-4196105982-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1265565561750 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1265565544421 (MUWebControl Class)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: PUFLITE http://www.kernproperty.com/ColpaControls/...rol/PUFLITE.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.18,93.188.161.35
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (neniweja.dll) - C:\WINDOWS\System32\neniweja.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O22 - SharedTaskScheduler: {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - 7whfiudhf8s7f3oifhif7syfdhsof - C:\WINDOWS\system32\sjoab.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Light Flo Wallpaper TrueColor 1280x800.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Light Flo Wallpaper TrueColor 1280x800.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/18 15:26:35 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 00,000,309 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- [2007/10/23 02:45:39 | 01,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\4DW4R3PiyKkQInan.dll
[2010/02/24 12:51:46 | 00,043,520 | ---- | C] (Rox) -- C:\WINDOWS\System32\cfxfbnhad4.dll
[2010/02/24 12:43:41 | 02,723,264 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\vcredist_x86.exe
[2010/02/24 12:27:42 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/24 12:17:59 | 16,488,224 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jre-6u18-windows-i586-s.exe
[2010/02/24 12:17:22 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\Desktop\spybotsd162.exe
[2010/02/24 12:16:56 | 97,364,760 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Administrator\Desktop\Ad-AwareInstaller.exe
[2010/02/24 11:27:08 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/24 11:27:04 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/24 11:27:04 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/24 11:26:12 | 05,061,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\MWB setup.exe
[2010/02/24 11:17:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\U3
[2010/02/24 10:57:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/02/23 17:08:30 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/02/23 16:41:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\comcasttb
[2010/02/23 16:29:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CallingID
[2010/02/23 16:29:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\scanner
[2010/02/23 16:15:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2010/02/23 16:15:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/02/23 16:08:58 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/02/23 15:48:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2010/02/23 15:46:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\QuickScan
[2010/02/23 15:44:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/02/23 15:39:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2010/02/23 15:39:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2010/02/23 15:12:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2010/02/23 15:12:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2010/02/23 15:08:51 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2010/02/23 15:08:24 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2010/02/23 15:08:24 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2010/02/23 15:08:24 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2010/02/23 15:08:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sony Corporation
[2010/02/23 15:08:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2010/02/23 15:08:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2010/02/23 15:08:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2010/02/23 15:08:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2010/02/23 15:08:23 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2010/02/23 15:08:23 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2010/02/23 15:08:23 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2010/02/23 15:08:23 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2010/02/23 15:08:23 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2010/02/23 15:08:23 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2010/02/23 15:08:23 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2010/02/23 15:08:23 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2010/02/23 15:08:23 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2010/02/23 15:08:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2010/02/23 15:08:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000}
[2010/02/23 14:47:51 | 00,000,000 | ---D | C] -- C:\Program Files\YouSendIt
[2010/02/23 14:41:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/02/23 14:20:45 | 00,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/23 14:20:44 | 00,162,512 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/23 14:20:36 | 00,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/23 14:20:34 | 00,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/23 14:20:30 | 00,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/23 14:20:30 | 00,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/23 14:20:29 | 00,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/23 14:17:56 | 00,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/02/23 14:17:56 | 00,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/23 14:17:42 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/02/23 14:17:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/02/23 13:50:08 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2010/02/23 13:50:08 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2010/02/23 13:50:08 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2010/02/23 13:50:08 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2010/02/23 13:50:08 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2010/02/23 13:50:07 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2010/02/23 13:50:07 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2010/02/23 13:50:07 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2010/02/23 13:50:07 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2010/02/23 13:50:07 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2010/02/23 13:50:07 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2010/02/23 12:58:45 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/02/23 12:13:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/02/15 17:26:11 | 00,012,928 | ---- | C] (Bo Brantén) -- C:\WINDOWS\System32\drivers\filedisk.sys
[2010/02/15 17:25:51 | 00,000,000 | ---D | C] -- C:\Program Files\WinImage
[2010/02/09 17:24:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/02/07 16:28:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/02/07 16:28:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/02/07 12:59:48 | 00,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2010/01/07 01:36:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2009/12/30 00:14:00 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/12 09:39:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2009/12/12 09:38:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/12/11 15:17:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2009/07/05 17:43:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/04/21 10:39:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/04/18 19:03:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/03/20 22:25:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2008/05/23 00:21:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/10/28 12:22:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/12/06 09:38:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2005/03/18 15:30:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\4DW4R3PiyKkQInan.dll
[2099/01/01 12:00:00 | 00,071,168 | -HS- | M] () -- C:\WINDOWS\System32\tegavipo.dll
[2099/01/01 12:00:00 | 00,070,656 | -HS- | M] () -- C:\WINDOWS\System32\reforola.dll
[2099/01/01 12:00:00 | 00,070,656 | -HS- | M] () -- C:\WINDOWS\System32\melunule.dll
[2099/01/01 12:00:00 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\nipiluti.dll
[2099/01/01 12:00:00 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\neniweja.dll
[2099/01/01 12:00:00 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\dotuluje.dll
[2010/03/04 15:23:34 | 00,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\eoipvhmx.sys
[2010/03/04 15:19:06 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\kivajisa
[2010/03/04 15:03:57 | 01,310,720 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/03/04 14:59:46 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/04 14:59:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/04 14:57:12 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/02/28 15:50:47 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/02/27 16:48:33 | 00,017,548 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/26 20:16:30 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\8ixnvmc5.exe
[2010/02/26 20:16:04 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/02/26 20:15:24 | 00,050,477 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2010/02/26 19:41:51 | 00,010,752 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll
[2010/02/26 19:39:56 | 00,001,555 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\_VOIDkrl32mainweq.dll
[2010/02/24 13:27:09 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/24 13:27:09 | 00,001,100 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/02/24 12:53:46 | 00,164,856 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/24 12:51:46 | 00,043,520 | ---- | M] (Rox) -- C:\WINDOWS\System32\cfxfbnhad4.dll
[2010/02/24 12:51:46 | 00,003,566 | ---- | M] () -- C:\WINDOWS\System32\kafenc
[2010/02/24 12:44:16 | 02,723,264 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\vcredist_x86.exe
[2010/02/24 12:30:28 | 00,000,851 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to renamed start file.lnk
[2010/02/24 12:28:05 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010/02/24 12:06:20 | 16,488,224 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\jre-6u18-windows-i586-s.exe
[2010/02/24 11:54:24 | 02,672,312 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2010/02/24 11:53:08 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\Desktop\spybotsd162.exe
[2010/02/24 11:52:22 | 97,364,760 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Administrator\Desktop\Ad-AwareInstaller.exe
[2010/02/24 11:51:16 | 07,757,856 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2010/02/24 11:48:52 | 03,870,269 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/02/24 11:22:08 | 04,240,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/02/24 11:21:09 | 00,001,148 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to m_b_a_m_-_c_l_e_a_n.lnk
[2010/02/24 11:20:56 | 00,002,855 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to r_k_i_l_l.pif
[2010/02/24 11:14:02 | 05,061,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\MWB setup.exe
[2010/02/23 15:03:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/23 15:00:00 | 00,000,294 | ---- | M] () -- C:\WINDOWS\tasks\rqkcdeyu.job
[2010/02/23 14:42:52 | 00,000,715 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/23 14:42:52 | 00,000,286 | RHS- | M] () -- C:\boot.ini
[2010/02/23 14:42:52 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/23 14:39:46 | 00,116,003 | ---- | M] () -- C:\WINDOWS\System32\virus-list
[2010/02/23 14:39:46 | 00,088,191 | ---- | M] () -- C:\WINDOWS\System32\reg-list.reg
[2010/02/23 14:39:45 | 00,000,029 | ---- | M] () -- C:\WINDOWS\System32\cur-version
[2010/02/23 14:35:13 | 00,000,240 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/02/23 14:23:23 | 00,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/02/23 14:20:31 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/02/23 13:50:44 | 00,002,526 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/02/23 12:04:27 | 00,000,480 | ---- | M] () -- C:\WINDOWS\Shortcut to clock.lnk
[2010/02/23 11:46:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/02/23 10:22:58 | 00,004,716 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\fiosejgfse.dll
[2010/02/23 09:58:02 | 00,049,152 | ---- | M] () -- C:\WINDOWS\System32\_VOIDpkdsmcjwku.dll
[2010/02/23 09:58:01 | 00,049,152 | ---- | M] () -- C:\WINDOWS\System32\_VOIDcrxtxyniti.dll
[2010/02/23 09:57:59 | 00,000,248 | ---- | M] () -- C:\WINDOWS\System32\_VOIDoehhjvfmot.dat
[2010/02/23 09:57:57 | 00,042,496 | ---- | M] () -- C:\WINDOWS\System32\drivers\_VOIDwqkdtrsnpm.sys
[2010/02/23 09:57:57 | 00,026,624 | ---- | M] () -- C:\WINDOWS\System32\_VOIDyepbgmxren.dll
[2010/02/23 09:56:35 | 00,153,088 | ---- | M] () -- C:\WINDOWS\msa.exe
[2010/02/23 09:56:19 | 00,020,000 | ---- | M] () -- C:\WINDOWS\System32\sjoab.dll
[2010/02/23 09:56:18 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mswintmp.dat
[2010/02/23 08:25:40 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/02/22 23:46:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/02/22 17:46:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/02/19 23:46:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/15 10:27:02 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/02/11 13:53:57 | 00,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/11 13:53:36 | 00,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/02/11 13:42:34 | 00,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/11 13:42:13 | 00,162,512 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/11 13:39:01 | 00,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/11 13:38:34 | 00,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/11 13:38:31 | 00,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/11 13:38:23 | 00,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/11 13:38:07 | 00,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/07 22:15:53 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Nancy Drew 2 Stay Tuned for Danger.INI
[2010/02/07 13:22:28 | 00,385,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/07 13:22:28 | 00,054,682 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/07 13:22:27 | 00,443,254 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/03 21:46:44 | 00,377,780 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/03 18:46:16 | 00,001,827 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger .lnk

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 00,071,168 | -HS- | C] () -- C:\WINDOWS\System32\tegavipo.dll
[2099/01/01 12:00:00 | 00,070,656 | -HS- | C] () -- C:\WINDOWS\System32\reforola.dll
[2099/01/01 12:00:00 | 00,070,656 | -HS- | C] () -- C:\WINDOWS\System32\melunule.dll
[2099/01/01 12:00:00 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\nipiluti.dll
[2099/01/01 12:00:00 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\neniweja.dll
[2099/01/01 12:00:00 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\dotuluje.dll
[2099/01/01 12:00:00 | 00,006,456 | -H-- | C] () -- C:\WINDOWS\System32\kivajisa
[2010/02/26 20:35:27 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\8ixnvmc5.exe
[2010/02/26 20:31:38 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/02/26 20:27:01 | 00,050,477 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2010/02/24 12:51:46 | 00,003,566 | ---- | C] () -- C:\WINDOWS\System32\kafenc
[2010/02/24 12:30:28 | 00,000,851 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to renamed start file.lnk
[2010/02/24 12:28:05 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010/02/24 12:17:59 | 02,672,312 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2010/02/24 12:17:55 | 03,870,269 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/02/24 12:17:36 | 07,757,856 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2010/02/24 11:21:09 | 00,001,148 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to m_b_a_m_-_c_l_e_a_n.lnk
[2010/02/24 11:20:56 | 00,002,855 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to r_k_i_l_l.pif
[2010/02/23 15:08:23 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/02/23 15:08:21 | 01,310,720 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/02/23 14:39:51 | 00,116,003 | ---- | C] () -- C:\WINDOWS\System32\virus-list
[2010/02/23 14:39:51 | 00,088,191 | ---- | C] () -- C:\WINDOWS\System32\reg-list.reg
[2010/02/23 14:39:51 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\cur-version
[2010/02/23 13:50:44 | 00,002,526 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/02/23 13:50:07 | 00,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2010/02/23 13:50:07 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2010/02/23 13:50:07 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2010/02/23 12:13:35 | 00,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/02/23 12:04:27 | 00,000,480 | ---- | C] () -- C:\WINDOWS\Shortcut to clock.lnk
[2010/02/23 10:05:13 | 00,004,716 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\fiosejgfse.dll
[2010/02/23 09:59:54 | 00,000,294 | ---- | C] () -- C:\WINDOWS\tasks\rqkcdeyu.job
[2010/02/23 09:59:10 | 00,001,555 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\_VOIDkrl32mainweq.dll
[2010/02/23 09:58:11 | 00,010,752 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll
[2010/02/23 09:58:00 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\_VOIDcrxtxyniti.dll
[2010/02/23 09:57:59 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\_VOIDpkdsmcjwku.dll
[2010/02/23 09:57:57 | 00,042,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\_VOIDwqkdtrsnpm.sys
[2010/02/23 09:57:57 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\_VOIDyepbgmxren.dll
[2010/02/23 09:57:57 | 00,000,248 | ---- | C] () -- C:\WINDOWS\System32\_VOIDoehhjvfmot.dat
[2010/02/23 09:57:06 | 00,153,088 | ---- | C] () -- C:\WINDOWS\msa.exe
[2010/02/23 09:56:51 | 00,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\eoipvhmx.sys
[2010/02/23 09:56:51 | 00,000,282 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/02/23 09:56:45 | 00,000,240 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/02/23 09:56:19 | 00,020,000 | ---- | C] () -- C:\WINDOWS\System32\sjoab.dll
[2010/02/23 09:56:18 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mswintmp.dat
[2010/02/07 22:15:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Nancy Drew 2 Stay Tuned for Danger.INI
[2010/02/03 18:46:16 | 00,001,827 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger .lnk
[2010/01/17 22:02:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Waverly.INI
[2009/12/31 00:55:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ResortingToDanger.INI
[2009/12/26 15:18:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2009/10/03 23:27:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Ransom.INI
[2009/01/14 01:58:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2008/08/22 11:15:53 | 00,000,172 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/07/25 12:37:17 | 00,000,064 | ---- | C] () -- C:\WINDOWS\CIV.INI
[2008/06/30 13:06:19 | 00,000,066 | ---- | C] () -- C:\WINDOWS\GDINST.INI
[2008/06/27 12:30:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Stg.INI
[2008/05/30 18:31:40 | 00,000,188 | ---- | C] () -- C:\WINDOWS\System32\lxbacoin.ini
[2008/05/30 18:28:17 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBALCNP.DLL
[2008/04/20 07:55:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2008/04/08 22:46:41 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/04/08 22:46:41 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/07/28 00:22:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/06/15 01:14:51 | 00,006,449 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/05/18 17:32:53 | 00,000,148 | ---- | C] () -- C:\WINDOWS\nscatch.ini
[2007/04/10 09:50:00 | 00,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/07/17 23:17:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/05/09 12:37:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2006/04/14 09:57:28 | 00,374,784 | ---- | C] () -- C:\WINDOWS\3dg32.dll
[2006/01/10 13:41:42 | 00,000,040 | ---- | C] () -- C:\WINDOWS\BO5140.INI
[2006/01/10 13:41:23 | 00,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/01/10 13:41:22 | 00,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/01/10 13:41:21 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2006/01/09 15:59:28 | 00,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2006/01/09 11:01:49 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
[2006/01/09 11:01:46 | 00,041,984 | ---- | C] () -- C:\WINDOWS\System32\ZFExt.dll
[2005/12/26 14:46:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/11/15 23:38:00 | 00,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2005/11/11 18:06:21 | 00,000,031 | ---- | C] () -- C:\WINDOWS\FP3D.INI
[2005/11/10 04:48:25 | 00,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/11/10 04:42:53 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/10 04:42:53 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/10 04:42:53 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/10 04:42:53 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/10 04:42:53 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/10 04:42:53 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/10 04:41:10 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/10 04:33:34 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2005/03/18 16:45:45 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/18 16:37:56 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/03/18 16:28:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2005/03/18 15:32:42 | 00,000,902 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/03/18 14:09:19 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/03/18 14:09:13 | 00,000,762 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/03/18 14:08:39 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\6to4v32.dll
[2005/03/18 14:08:39 | 00,002,304 | ---- | C] () -- C:\WINDOWS\System32\fmfdisk.sys
[2003/03/19 21:14:50 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\pagesync.dll
[2003/01/07 18:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/12 16:21:12 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2001/07/07 05:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========


< atapi.sys /md5 >

< iastor.sys /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B803FAA
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C82AA2E
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE36080E
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC4AD9C5
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DC301B6
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E473FF1
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C3D1E1C
@Alternate Data Stream - 250 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4829D27E
@Alternate Data Stream - 235 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C6A9B00
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC2932DB
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16A6265A
@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A14D0C2
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE9AC1B5
@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D251621C
@Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5200349E
@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D4486E16
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD086960
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:377CCC31
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAFA2B66
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD7C3EFB
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85F3AC32
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C1FD1FC6
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3D0CDFE
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A71BB9C
@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94087FB2
@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:887C125E
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9046031
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:600A385A
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8761CC9
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:708561A8
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C340A64
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C580FF00
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD1485FF
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DAC3B29
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7715B65F
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6719B11A
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FEE4959
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53ABB239
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:39F1E9F9
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2702B06F
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FFB3DBB6
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71392222
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B211CA64
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:299868C8
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF9418F3
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CC0A3F3
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D5D340C5
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A77B9B55
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5867D280
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:410921CB
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:701AFF06
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB960BFC
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66B97B94
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D7E3061
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6B84C30
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF2C9E8E
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FC5F43A
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A3B105A
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:669764DD
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68FB0053
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A24629A
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AFE59F2
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1E7CA3C
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CBCF563D
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:472FDF93
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96FAC731
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F38450C8
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE524528
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:567D3254
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8CE1FE5
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E6276EE
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:837546C7
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23B59626
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:904251FD
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E4FBF8BD
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2C903BC
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:521B9AFB
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFD2D4A7
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:39B8AFB6
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:351CE410
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04B9B70F
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAA01E60
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E650B916
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8A0F20CD
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B12FF3F2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DB8926F
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:285C9104
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04A2BA27
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9371B810
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31BF83C
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67ED88CE
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AA8E0FE
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5307D463
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D34CFF71
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02A78DF6
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:015DC393
< End of report >


Attached Files



#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:51 PM

Posted 04 March 2010 - 04:43 PM

This is a major step. Please rename Combofix to far.exe before saving it to your desktop.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools. (Information on A/V control HERE)
  • Double click on renamed ComboFix & follow the prompts.
  • You will get a warning about the not trusted download sites for ComboFix, click Yes.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.

#5 FerretLaw

FerretLaw
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:51 AM

Posted 04 March 2010 - 07:35 PM

I'm not sure if I'm doing something wrong but it won't work. I deleted the combofix file from the flash drive (had tried to reinstall it during earlier fix attempts) and re-downloaded it from the site you provided. I'm borrowing a mac so renamed the file to "Far.exe" before I put it on the stick. Opened laptop in safe mode (no networking since have the windows restore installed already), deleted the combofix file from the desktop (it didn't appear on the uninstall programs folder), ran rkill since I didn't see any programs open and it didn't show any were closed, then copied the far.exe file from the stick to the desktop. I clicked on the desktop red-lion head icon labeled "far" and it opened up a gray box with the word combofix and a countdown type bar, a minimized tray that contained no words but just the red lion icon came up at the bottom of the safe mode desktop screen. After a minute or so, the dialogue box closed, the desktop icons all flickered on and off then the minimized combofix tray disappeared. Nothing else. I've tried the process twice.

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:51 PM

Posted 04 March 2010 - 08:10 PM

We are going to do it differently.
  1. Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box (without the word CODE) into a new file:


    CODE
    @ECHO OFF
    copy /y c:\windows\system32\drivers\atapi.sys c:\ >log.txt
    START log.txt
    del %0

    • Go to the File menu at the top of the Notepad and select Save as.
    • Select Save in: desktop
    • Fill in File name: look.bat
    • Save as type: All file types (*.*)
    • Click save.
    • Close the Notepad.
    • Locate look.bat on the desktop. It should look like this:
    • Double-click to run it.
    • A text file (log.txt) opens. Only if "1 file(s) copied" is listed proceed with the next step.

  2. Download The Avenger by Swandog46 from here.
    • Unzip/extract it to a folder on your desktop.
    • Double click on avenger.exe to run The Avenger.
    • Click OK.
    • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
    • Copy all of the text in the below code box to the clipboard by highlighting it and then pressing Ctrl+C.
      CODE
      Comment:
      start to process
      Drivers to disable:
      6to4
      Drivers to delete:
      _VOIDwqkdtrsnpm
      _VOID
      _VOIDwqkdtrsnpm.sys
      fmfdisk
      Files to delete:
      C:\WINDOWS\system32\neniweja.dll
      C:\WINDOWS\System32\tegavipo.dll
      C:\WINDOWS\System32\reforola.dll
      C:\WINDOWS\System32\melunule.dll
      C:\WINDOWS\System32\nipiluti.dll
      C:\WINDOWS\System32\neniweja.dll
      C:\WINDOWS\System32\dotuluje.dll
      C:\WINDOWS\System32\drivers\eoipvhmx.sys
      C:\WINDOWS\System32\kivajisa
      C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll
      C:\Documents and Settings\All Users\Application Data\_VOIDkrl32mainweq.dll
      C:\WINDOWS\System32\cfxfbnhad4.dll
      C:\WINDOWS\System32\kafenc
      C:\WINDOWS\tasks\rqkcdeyu.job
      C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
      C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
      C:\WINDOWS\System32\tmp.regC:\WINDOWS\System32\_VOIDpkdsmcjwku.dll
      C:\WINDOWS\System32\_VOIDcrxtxyniti.dll
      C:\WINDOWS\System32\_VOIDoehhjvfmot.dat
      C:\WINDOWS\System32\drivers\_VOIDwqkdtrsnpm.sys
      C:\WINDOWS\System32\_VOIDyepbgmxren.dll
      C:\WINDOWS\msa.exe
      C:\WINDOWS\System32\sjoab.dll
      C:\WINDOWS\System32\4DW4R3PiyKkQInan.dll
      C:\WINDOWS\system32\fmfdisk.sys
      C:\Documents and Settings\Administrator\Local Settings\Temp\nvsvc32.exe
      C:\WINDOWS\system32\6to4v32.dll

      Registry values to delete:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters | NameServer
      Files to move:
      C:\atapi.sys | C:\WINDOWS\system32\drivers\atapi.sys
    • In the avenger window, click the Paste Script from Clipboard, button.
    • Click the Execute button.
    • You will be asked Are you sure you want to execute the current script?.
    • Click Yes.
    • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot.  Reboot now?.
    • Click Yes.
    • Your PC will now be rebooted.
    • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
    • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
    • Please post this log in your next reply.


#7 FerretLaw

FerretLaw
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:51 AM

Posted 04 March 2010 - 08:27 PM

By the time I finished typing the response a few minutes ago, I went back to shut down the laptop and found the opening dialogue screen asking for approval of the use agreement. Clicked yes. Immediately received another error message:

!!ALERT!! It is NOT SAFE to continue!

The contents of the ComboFix package has been compromised. Please download a fresh copy from: www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: You may be infected with a file patching virus 'Virut'

***

While that dialogue box was up, the blue command prompt screen appeared. I closed that and continued copying the error message to report to you.

Deleted far.exe from desktop and stick, redownloaded from one of the bleepingcomputer links you gave, renamed, reloaded onto the stick, copied to laptop & ran. Same message. However, a bit over 4 mins later a gray dialogue screen came on telling me that rootkit activity was detected and to write down the following files as "we may need them later."

sys32\drivers\4DW4R3EGeXrnXLaP.sys
sys32\4DW4R3VQyuccsYcl.dll
sys32\drivers\_VOIDwqkdtrsnpm.sys
sys32\_VOIDyepbgmxren.dll
sys32\_VOIDoehhjvfmot.dat
sys32\_VOIDpkdsmcjwku.dll
sys32\_VOIDcrxtxyniti.dll

I did so, clicked to go on and the blue command prompt screen came up with a message that the scan would take 10 mins, maybe double that and not to reboot manually. Before I'd really finished reading, the computer rebooted but not into safe mode. When it got to the desktop, the icons didn't load. Instead, the blue command prompt screen appeared, reading:

Please wait,
combofix is preparing to run
grep: fstat

Then the blue screen of death popped up and the computer rebooted itself. I let it continue through this cycle again with the same result. I've now shut it down and await further instruction.

Thank you.

#8 FerretLaw

FerretLaw
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:51 AM

Posted 04 March 2010 - 08:29 PM

It took me a bit to type the above and just got your response as soon as I hit post. Should I follow the instructions you just gave or does my latest post and information change anything?

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:51 PM

Posted 04 March 2010 - 08:53 PM

QUOTE
Then the blue screen of death popped up and the computer rebooted itself. I let it continue through this cycle again with the same result. I've now shut it down and await further instruction.


Please don't shut down computer between the posts unless it is needed. You may disconnect from internet between the fixes.

We might go to all troubles for nothing if Virut is on the computer. We will come back to it.

Update me about being able to boot or not.

#10 FerretLaw

FerretLaw
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:51 AM

Posted 05 March 2010 - 11:37 AM

Sorry, I was having to shut down to "safely remove" the flash drive because there was no option to eject it on the safe mode screen. I also had to shut down when I had to leave since I'm borrowing a friend's mac at his office building. Happy news... I followed all of the instructions for the avenger program (log posted below). When it rebooted and didn't go into safe mode I was worried the same blue screen of death would come up as when combofix rebooted. Nonetheless, the avenger file ran but combofix ran as well! I assume it was still configured to run on reboot and that the avenger program staved off the blue screen crash enough that combofix could run as it should. The combofix log is also posted below. smile.gif

L

#11 FerretLaw

FerretLaw
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:51 AM

Posted 05 March 2010 - 11:39 AM

hmmm...not showing the logs I pasted. Will try again.

ComboFix 10-03-04.02 - Becky 03/05/2010 11:01:52.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.837 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\Far.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cleanup.exe
c:\docume~1\ADMINI~1\LOCALS~1\Temp\taskmgr.exe
c:\documents and settings\All Users\Application Data\mswintmp.dat
c:\windows\system32\_VOIDcrxtxyniti.dll
c:\windows\system32\_VOIDoehhjvfmot.dat
c:\windows\system32\_VOIDpkdsmcjwku.dll
c:\windows\system32\_VOIDyepbgmxren.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\4DW4R3aaOnrRKFPN.dll
c:\windows\system32\4DW4R3BPrbuQxWnx.dll
c:\windows\system32\4DW4R3bSIuaVyrwS.dll
c:\windows\system32\4DW4R3c.dll
c:\windows\system32\4DW4R3DeKmMyfvTb.dll
c:\windows\system32\4DW4R3dLNabylWAp.dll
c:\windows\system32\4DW4R3DRddjseEQj.dll
c:\windows\system32\4DW4R3DSRqdbjWYP.dll
c:\windows\system32\4DW4R3FhauMyHkES.dll
c:\windows\system32\4DW4R3fqiQGVvNbp.dll
c:\windows\system32\4DW4R3FxmbVntXLh.dll
c:\windows\system32\4DW4R3GjsajHCFgs.dll
c:\windows\system32\4DW4R3HNPxavYuJd.dll
c:\windows\system32\4DW4R3hoTPolHXTL.dll
c:\windows\system32\4DW4R3LinmbemIkD.dll
c:\windows\system32\4DW4R3LPDDmHlNQe.dll
c:\windows\system32\4DW4R3MmYdBtLEBe.dll
c:\windows\system32\4DW4R3OvTHwoEoGv.dll
c:\windows\system32\4DW4R3oylasqeWoy.dll
c:\windows\system32\4DW4R3ptkbIIIHjF.dll
c:\windows\system32\4DW4R3pysCIcqYct.dll
c:\windows\system32\4DW4R3RLscxOOAAg.dll
c:\windows\system32\4DW4R3spxlflxRyf.dll
c:\windows\system32\4DW4R3sv.dat
c:\windows\system32\4DW4R3sVSYsMfAdd.dll
c:\windows\system32\4DW4R3UnyGaaEyMT.dll
c:\windows\system32\4DW4R3VQyuccsYcl.dll
c:\windows\system32\4DW4R3xDrMXoSlIR.dll
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\certstore.dat
c:\windows\system32\drivers\_VOIDwqkdtrsnpm.sys
c:\windows\system32\drivers\4DW4R3.sys
c:\windows\system32\drivers\4DW4R3aAtYXnEeDu.sys
c:\windows\system32\drivers\4DW4R3aNYTHPUevi.sys
c:\windows\system32\drivers\4DW4R3BWErVjpcro.sys
c:\windows\system32\drivers\4DW4R3EGeXrnXLaP.sys
c:\windows\system32\drivers\4DW4R3fAMCOcXkrE.sys
c:\windows\system32\drivers\4DW4R3hwXLiiTvtE.sys
c:\windows\system32\drivers\4DW4R3JcygcEtDYp.sys
c:\windows\system32\drivers\4DW4R3jQiXkuwpxm.sys
c:\windows\system32\drivers\4DW4R3JuxVVDuqSl.sys
c:\windows\system32\drivers\4DW4R3LOKEphMVRq.sys
c:\windows\system32\drivers\4DW4R3LoxOEbdQhS.sys
c:\windows\system32\drivers\4DW4R3MvOXMfCxMt.sys
c:\windows\system32\drivers\4DW4R3nQLpUyoPUN.sys
c:\windows\system32\drivers\4DW4R3NuOYuNvhJA.sys
c:\windows\system32\drivers\4DW4R3OiCbvCxMSJ.sys
c:\windows\system32\drivers\4DW4R3pwyaemaQGV.sys
c:\windows\system32\drivers\4DW4R3QYkMrcVxTp.sys
c:\windows\system32\drivers\4DW4R3RkLyEMxMyg.sys
c:\windows\system32\drivers\4DW4R3TSnSdltvON.sys
c:\windows\system32\drivers\4DW4R3uLoJrUWxlp.sys
c:\windows\system32\drivers\4DW4R3uORMSALKBV.sys
c:\windows\system32\drivers\4DW4R3woTLNgdAMM.sys
c:\windows\system32\drivers\4DW4R3WveVblMaWk.sys
c:\windows\system32\drivers\4DW4R3xDmawwyxFe.sys
c:\windows\system32\drivers\4DW4R3xdSouebqhq.sys
c:\windows\system32\drivers\4DW4R3XUrPWjbPjW.sys
c:\windows\system32\drivers\4DW4R3YoqgvyVIdR.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\spool\prtprocs\w32x86\00006b9e.tmp
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it tongue.gif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_4DW4R3
-------\Legacy_4DW4R3
-------\Service__VOIDd.sys
-------\Legacy__VOIDd.sys
-------\Legacy_6TO4
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2010-02-05 to 2010-03-05 )))))))))))))))))))))))))))))))
.

2010-03-05 15:57 . 2010-03-05 15:57 17446 ----a-w- C:\backup.reg
2010-03-05 15:57 . 2010-03-05 15:57 574 ----a-w- C:\cleanup.bat
2010-03-05 15:57 . 2010-03-05 15:57 135168 ----a-w- C:\zip.exe
2010-02-24 17:27 . 2010-02-24 17:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-24 16:27 . 2009-12-30 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-24 16:27 . 2010-02-27 00:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-24 16:27 . 2009-12-30 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-24 16:17 . 2010-02-28 20:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2010-02-24 15:57 . 2010-02-24 15:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-02-23 22:08 . 2010-02-23 22:08 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-23 21:41 . 2010-02-23 21:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\comcasttb
2010-02-23 21:29 . 2010-02-23 21:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\CallingID
2010-02-23 21:29 . 2010-02-23 21:29 -------- d-----w- c:\program files\Common Files\scanner
2010-02-23 20:46 . 2010-02-23 20:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\QuickScan
2010-02-23 20:45 . 2010-02-23 09:32 632544 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z8ecd4w8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-02-23 20:45 . 2010-02-23 09:32 795320 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z8ecd4w8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-02-23 20:39 . 2010-02-23 20:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-02-23 20:12 . 2010-02-23 20:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-02-23 19:51 . 2010-02-23 19:51 -------- d-----w- c:\documents and settings\Becky\Application Data\YouSendIt
2010-02-23 19:47 . 2010-02-23 19:47 -------- d-----w- c:\program files\YouSendIt
2010-02-23 19:39 . 2010-02-23 19:39 88191 ----a-w- c:\windows\system32\reg-list.reg
2010-02-23 19:20 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-23 19:20 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-23 19:20 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-23 19:20 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-23 19:20 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-23 19:20 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-23 19:20 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-23 19:17 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-23 19:17 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-23 19:17 . 2010-02-23 19:17 -------- d-----w- c:\program files\Alwil Software
2010-02-23 19:17 . 2010-02-23 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-23 17:58 . 2010-02-23 17:58 -------- d-----w- c:\program files\CCleaner
2010-02-23 17:13 . 2010-02-24 18:27 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2010-02-23 15:05 . 2010-02-23 15:22 4716 ----a-w- c:\documents and settings\All Users\Application Data\fiosejgfse.dll
2010-02-15 22:26 . 2005-10-16 12:00 12928 ----a-w- c:\windows\system32\drivers\filedisk.sys
2010-02-15 22:25 . 2010-02-15 22:25 -------- d-----w- c:\program files\WinImage
2010-02-09 22:24 . 2010-02-15 15:30 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-07 21:28 . 2010-02-15 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-02-07 21:28 . 2010-02-07 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-24 18:27 . 2007-01-29 06:36 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-24 17:53 . 2010-02-23 20:08 164856 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-24 17:27 . 2005-11-10 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-23 19:51 . 2009-11-02 16:38 -------- d-----w- c:\documents and settings\Becky\Application Data\BitTorrent
2010-02-23 19:35 . 2008-03-30 03:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-23 18:49 . 2005-11-10 09:37 -------- d-----w- c:\program files\Microsoft Works
2010-02-23 18:49 . 2006-12-10 06:05 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-23 18:49 . 2005-12-24 16:03 -------- d-----w- c:\program files\palmOne
2010-02-23 18:49 . 2008-05-24 19:55 -------- d-----w- c:\program files\Windows Live Toolbar
2010-02-23 18:49 . 2008-06-30 18:00 -------- d-----w- c:\program files\ABC Amber Text2Image Converter
2010-02-23 18:48 . 2007-04-05 17:00 -------- d-----w- c:\program files\QuickTime
2010-02-23 18:48 . 2007-12-07 16:56 -------- d-----w- c:\program files\AC Tool
2010-02-23 18:48 . 2007-04-09 02:16 -------- d-----w- c:\program files\ACS
2010-02-23 18:48 . 2009-04-19 00:02 -------- d-----w- c:\program files\DivX
2010-02-23 17:46 . 2005-11-10 16:10 -------- d-----w- c:\program files\Shockwave.com
2010-02-15 23:49 . 2009-10-09 17:36 -------- d-----w- c:\documents and settings\Becky\Application Data\Merscom
2010-02-15 23:49 . 2009-09-01 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom
2010-02-15 22:50 . 2009-12-28 00:35 -------- d-----w- c:\program files\Nancy Drew
2010-02-15 15:28 . 2008-07-22 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-02-07 21:28 . 2005-11-10 09:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-02-07 18:39 . 2006-03-27 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-07 18:39 . 2006-03-27 16:04 -------- d-----w- c:\program files\McAfee
2010-02-07 18:39 . 2005-11-11 08:37 -------- d-----w- c:\program files\McAfee.com
2010-02-04 01:22 . 2009-12-09 15:37 117760 ----a-w- c:\documents and settings\Becky\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-02 19:19 . 2005-03-18 21:30 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-01 16:04 . 2010-02-01 15:49 -------- d-----w- c:\documents and settings\Becky\Application Data\Virtual City
2010-01-25 22:23 . 2010-01-29 14:33 65536 ----a-w- c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\e8f7825k.default\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}\components\Engine.dll
2010-01-22 14:50 . 2009-12-09 15:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-20 20:33 . 2005-11-13 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Sandlot Games
2010-01-19 02:56 . 2010-01-19 02:56 -------- d-----w- c:\documents and settings\Becky\Application Data\GOA
2010-01-19 02:56 . 2010-01-19 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\GOA
2010-01-17 16:39 . 2010-01-17 16:38 -------- d-----w- c:\program files\MagicDisc
2010-01-14 16:12 . 2010-01-29 01:21 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 01:38 . 2004-08-03 22:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-12 01:48 . 2010-01-12 01:48 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\truescan-setup.exe
2010-01-10 19:11 . 2010-01-10 19:11 -------- d-----w- c:\program files\directx
2010-01-06 16:03 . 2010-01-06 16:04 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-06 16:03 . 2005-03-18 21:18 -------- d-----w- c:\program files\Java
2010-01-05 17:29 . 2009-12-27 16:02 52224 ----a-w- c:\documents and settings\Becky\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-16 19:42 . 2009-12-18 21:20 872960 ----a-w- c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\e8f7825k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-16 19:42 . 2009-12-18 21:20 43008 ----a-w- c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\e8f7825k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-16 19:42 . 2009-12-18 21:20 340480 ----a-w- c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\e8f7825k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-16 19:41 . 2009-12-18 21:20 346624 ----a-w- c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\e8f7825k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-13 20:01 . 2009-12-13 17:29 22560 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-12-13 20:01 . 2009-12-13 17:29 235552 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-23 155648]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-08 114688]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-15 184320]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-01-21 167936]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-12 5406720]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-23 126976]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 00:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 16:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\Program Files\\Kyocera\\KACT\\KACT.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kyocera\\FileUtility\\NsCatCom.exe"=
"c:\\Program Files\\A Tale in the Desert\\eclientc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\A Tale in the Desert\\eclient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/23/2010 2:20 PM 162512]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [12/27/2004 2:35 AM 7424]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [3/18/2005 2:09 PM 71961]
S0 eoipvhmx;eoipvhmx; [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 aswFsBlk;aswFsBlk;aswFsBlk.sys --> aswFsBlk.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/24/2010 11:27 AM 38224]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-03-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://igoogle.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 - c:\program files\Sony\Image Converter 2\menu.htm
Trusted Zone: aol.com\free
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: {8CB604D7-DB7D-4390-90F5-31306D3786F8} = 66.17.63.1,66.17.62.2
DPF: PUFLITE - hxxp://www.kernproperty.com/ColpaControls/Photo/Control/PUFLITE.CAB
FF - ProfilePath - c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\e8f7825k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - igoogle.com
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=58819&p=
FF - component: c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\e8f7825k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\e8f7825k.default\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}\components\Engine.dll
FF - plugin: c:\documents and settings\Becky\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
.
- - - - ORPHANS REMOVED - - - -

BHO-{2b2c5a95-5152-40e0-b95d-179408ff9795} - dotuluje.dll
HKCU-Run-Remote System Protection - c:\windows\system32\sjoab.dll
HKLM-Run-dahipozuhu - nipiluti.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Remote System Protection - c:\windows\system32\sjoab.dll
AddRemove-HijackThis - c:\documents and settings\Becky\My Documents\Downloads\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-05 11:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(980)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\VESWinlogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Kyocera\FileUtility\SFUSVC.exe
c:\program files\Kyocera\FileUtility\nsCatCom.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
.
**************************************************************************
.
Completion time: 2010-03-05 11:23:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-05 16:23
ComboFix2.txt 2010-01-25 20:59
ComboFix3.txt 2008-07-22 15:27

Pre-Run: 19,138,568,192 bytes free
Post-Run: 19,129,028,608 bytes free

- - End Of File - - 5121035B2F5E4FDC08349EAAC973717A


L

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:51 PM

Posted 05 March 2010 - 11:56 AM

Well done. thumbup2.gif

In fact Combofix got some of them before Avenger but could not finish up the job.

Please post the Avenger log.

#13 FerretLaw

FerretLaw
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:51 AM

Posted 05 March 2010 - 04:38 PM

eek. so sorry, I thought the avenger did finally post. My fault. Here it is:

L

#14 FerretLaw

FerretLaw
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:51 AM

Posted 05 March 2010 - 04:40 PM

okay, not at all sure why there is such a problem getting Avenger to post. It appears in the preview then disappears when I hit reply. Let me try to attach it as a file...

L

Attached Files



#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:51 PM

Posted 05 March 2010 - 04:52 PM

The Avenger has given ComboFix a hand to do a great job.
  1. Close any open browsers.

    Open notepad (start > All Programs > Accessories > Notepad) and copy/paste the text in the code box below into it:

    CODE
    Driver::
    eoipvhmx
    RegLockDel::
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
    DDS::
    Trusted Zone: aol.com\free
    Trusted Zone: internet
    Trusted Zone: mcafee.com


    Save this as CFScript.txt, in the same location as ComboFix.exe




    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you ( "C:\ComboFix.txt"). Please copy and paste the log to your reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall


  2. Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users