Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Originally had Anti-virus Soft. Thought I had removed it. Have removed various Trojans and malware in the last week.


  • This topic is locked This topic is locked
26 replies to this topic

#1 winster

winster

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 01 March 2010 - 05:34 PM

Got the Anti-virus soft virus more then a couple of weeks ago and was pretty sure I got it all. One of the things it did was attack my Hotmail account and send emails out to everyone in my contact list and my girlfriend got the (something) essentials 2010. I will post about that later on if I have problems. I was going to use the Hirens 10.2 boot disk and see if I could finish it off. I received an email from her with a couple of pictures of the kids. I opened one but not the other. The problem is she didnít send me the email. Anyway I have used various spy-ware and malware removal tools as suggested from this very helpful forum and have the logs if you want to see them. So I am hoping you can take a look at my logs and see if you see any discrepancies. Thinking I need to reinstall Avast but not sure.

I have used the basics and quarantined quit a bit of trojans and others. I have used Malwarebytes (Which I used first and didn't completely remove Anti-virus Soft.) SuperAntiSpyware, HyjackThis, Spybot, RootKitBuster, (I wasn't sure how interpret the log and what to do) SpyWareBuster, Combofix, a-squared Free, (Wish I could delete a2squared.exe from my start-up list) Dr.Web, (I had a warning on Combofix about a possible Varuit but it didn't find one) Norman Malware Cleaner, CCleaner, ATF Cleaner, Ran scans with Trend Micro Housecall and Avast. I think thatís it. I have the logs if you wish to see them.
-------------------------------------------


DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 2:48:57.46 on Mon 03/01/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1791.970 [GMT -8:00]

AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! antivirus 4.8.1368 [VPS 100228-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\lxdxcoms.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Documents and Settings\Owner\Desktop\gmer.exe
C:\Documents and Settings\Owner\My Documents\My Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mLocal Page = hxxp://news.google.com
mStart Page = hxxp://news.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Control Popups in Internet Explorer: {41353f8b-78ce-48a5-be44-153ed293d192} - c:\progra~1\popupp~1\PopLib.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [lxdxmon.exe] "c:\program files\lexmark 3600-4600 series\lxdxmon.exe"
mRun: [lxdxamon] "c:\program files\lexmark 3600-4600 series\lxdxamon.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\lm9qw8v9.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/nwshp?hl=en&tab=wn&q=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google updater\2.4.1739.5352\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2004-8-27 116264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-15 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-10-12 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 66632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-15 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-3-15 138680]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-11 55656]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R3 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2010-2-26 1858144]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-3-15 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-3-15 352920]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 avgio;avgio;\??\e:\funny\avira\antivir desktop\avgio.sys --> e:\funny\avira\antivir desktop\avgio.sys [?]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2009-4-9 94208]
S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\system32\drivers\asushwio.sys --> c:\windows\system32\drivers\ASUSHWIO.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 12872]
S4 AntiVirSchedulerService;Avira AntiVir Scheduler;"e:\funny\avira\antivir desktop\sched.exe" --> e:\funny\avira\antivir desktop\sched.exe [?]
S4 AntiVirService;Avira AntiVir Guard;"e:\funny\avira\antivir desktop\avguard.exe" --> e:\funny\avira\antivir desktop\avguard.exe [?]
S4 vsdatant;vsdatant; [x]

=============== Created Last 30 ================

2010-03-01 10:44:41 0 -c--a-w- c:\documents and settings\owner\defogger_reenable
2010-02-28 12:28:50 0 dc----w- c:\documents and settings\owner\DoctorWeb
2010-02-27 18:59:26 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-27 18:59:23 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-02-27 18:59:23 0 dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-27 18:18:19 7380 -c--a-w- c:\windows\system32\winspy.tlb
2010-02-27 00:05:17 0 dc----w- c:\program files\a-squared Free
2010-02-24 22:52:11 0 dc----w- c:\program files\SpywareBlaster
2010-02-24 03:59:47 0 dc----w- C:\!KillBox
2010-02-22 07:56:27 130 -c--a-w- c:\documents and settings\owner\webct_upload_applet.properties
2010-02-19 20:35:49 0 dc----w- c:\program files\JRE
2010-02-18 00:52:04 0 dcsha-r- C:\cmdcons
2010-02-18 00:51:22 98816 -c--a-w- c:\windows\sed.exe
2010-02-18 00:51:22 77312 -c--a-w- c:\windows\MBR.exe
2010-02-18 00:51:22 261632 -c--a-w- c:\windows\PEV.exe
2010-02-18 00:51:22 161792 -c--a-w- c:\windows\SWREG.exe
2010-02-18 00:16:25 25699 -c--a-w- c:\windows\system32\nvdisp.nvu
2010-02-18 00:16:25 0 dc----w- c:\windows\nview
2010-02-17 23:49:11 0 dc----w- c:\windows\NV6561000.TMP
2010-02-17 21:29:39 0 dc----w- C:\ppchjt
2010-02-17 20:27:20 0 dc----w- c:\windows\NV5601636.TMP
2010-02-17 20:05:23 0 dc----w- c:\windows\nView-nv14756
2010-02-12 02:06:21 0 dc----w- c:\docume~1\alluse~1.win\applic~1\NVIDIA Corporation
2010-02-12 01:53:40 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-02-11 02:08:09 389120 -c--a-w- c:\windows\system32\CF30762.exe
2010-02-11 02:01:17 0 dc----w- C:\SDFix
2010-02-10 04:02:51 0 dc----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-02-10 04:02:39 0 dc----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes

==================== Find3M ====================

2010-01-12 06:17:44 278120 -c--a-w- c:\windows\system32\nvmccs.dll
2010-01-12 06:17:44 154216 -c--a-w- c:\windows\system32\nvsvc32.exe
2010-01-12 06:17:44 145000 -c--a-w- c:\windows\system32\nvcolor.exe
2010-01-12 06:17:44 13666408 -c--a-w- c:\windows\system32\nvcpl.dll
2010-01-12 06:17:44 110696 -c--a-w- c:\windows\system32\nvmctray.dll
2010-01-12 06:17:40 81920 -c--a-w- c:\windows\system32\nvwddi.dll
2010-01-05 10:00:29 832512 -c----w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 -c--a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 -c--a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50:03 353792 -c--a-w- c:\windows\system32\drivers\srv.sys
2009-12-18 01:14:00 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43:27 343040 -c--a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 -c--a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27:51 2189184 -c----w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:50 2066048 -c----w- c:\windows\system32\ntkrnlpa.exe
2008-08-03 20:51:42 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080320080804\index.dat

============= FINISH: 2:49:30.75 ===============

----------------------------------------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-01 14:24:53
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB53F26B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB53F2574]
SSDT F7A8EBBC ZwCreateThread
SSDT F7A8EBCB ZwDeleteKey
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB53F2A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB53F214C]
SSDT F7A8EBDA ZwLoadKey
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB53F264E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB53F208C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB53F20F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB53F276E]
SSDT F7A8EBE4 ZwReplaceKey
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB53F272E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB53F28AE]
SSDT F7A8EBB7 ZwTerminateProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----
-------------------------------------------------

Attached Files


Edited by winster, 01 March 2010 - 05:36 PM.


BC AdBot (Login to Remove)

 


#2 winster

winster
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 03 March 2010 - 08:43 PM

Here is an updated file. Had to uninstall all antivirus and delete all entries including registry. Had many entries from past antivirus software. I then did a clean install of Avira. Sorry if that caused any problems.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 2:23:36.06 on Wed 03/03/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1791.1005 [GMT -8:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\lxdxcoms.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Documents and Settings\Owner\My Documents\My Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mLocal Page = hxxp://news.google.com
mStart Page = hxxp://news.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Control Popups in Internet Explorer: {41353f8b-78ce-48a5-be44-153ed293d192} - c:\progra~1\popupp~1\PopLib.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [lxdxmon.exe] "c:\program files\lexmark 3600-4600 series\lxdxmon.exe"
mRun: [lxdxamon] "c:\program files\lexmark 3600-4600 series\lxdxamon.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\lm9qw8v9.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/nwshp?hl=en&tab=wn&q=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\lm9qw8v9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\lm9qw8v9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google updater\2.4.1739.5352\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2004-8-27 116264]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-10-12 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 66632]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-3-2 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-3-2 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-11 56816]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-3-2 11608]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2009-4-9 94208]
S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\system32\drivers\asushwio.sys --> c:\windows\system32\drivers\ASUSHWIO.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 12872]
S4 vsdatant;vsdatant; [x]

=============== Created Last 30 ================

2010-03-03 04:29:49 0 dc----w- c:\program files\Avira
2010-03-03 04:29:49 0 dc----w- c:\docume~1\alluse~1.win\applic~1\Avira
2010-03-03 03:15:08 0 dcs---w- C:\gogo
2010-03-02 07:56:39 0 dc----w- c:\program files\VirusTotalUploader2
2010-03-02 07:35:29 0 dc----w- c:\docume~1\owner\applic~1\QuickScan
2010-03-01 10:44:41 0 -c--a-w- c:\documents and settings\owner\defogger_reenable
2010-02-28 12:28:50 0 dc----w- c:\documents and settings\owner\DoctorWeb
2010-02-27 18:59:26 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-27 18:59:23 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-02-27 18:59:23 0 dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-27 18:18:19 7380 -c--a-w- c:\windows\system32\winspy.tlb
2010-02-27 00:05:17 0 dc----w- c:\program files\a-squared Free
2010-02-24 22:52:11 0 dc----w- c:\program files\SpywareBlaster
2010-02-24 03:59:47 0 dc----w- C:\!KillBox
2010-02-22 07:56:27 130 -c--a-w- c:\documents and settings\owner\webct_upload_applet.properties
2010-02-19 20:35:49 0 dc----w- c:\program files\JRE
2010-02-18 00:52:04 0 dcsha-r- C:\cmdcons
2010-02-18 00:51:22 98816 -c--a-w- c:\windows\sed.exe
2010-02-18 00:51:22 77312 -c--a-w- c:\windows\MBR.exe
2010-02-18 00:51:22 261632 -c--a-w- c:\windows\PEV.exe
2010-02-18 00:51:22 161792 -c--a-w- c:\windows\SWREG.exe
2010-02-18 00:16:25 25699 -c--a-w- c:\windows\system32\nvdisp.nvu
2010-02-18 00:16:25 0 dc----w- c:\windows\nview
2010-02-17 23:49:11 0 dc----w- c:\windows\NV6561000.TMP
2010-02-17 21:29:39 0 dc----w- C:\ppchjt
2010-02-17 20:27:20 0 dc----w- c:\windows\NV5601636.TMP
2010-02-17 20:05:23 0 dc----w- c:\windows\nView-nv14756
2010-02-12 02:06:21 0 dc----w- c:\docume~1\alluse~1.win\applic~1\NVIDIA Corporation
2010-02-12 01:53:40 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-02-11 02:08:09 389120 -c--a-w- c:\windows\system32\CF30762.exe
2010-02-11 02:01:17 0 dc----w- C:\SDFix
2010-02-10 04:02:51 0 dc----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-02-10 04:02:39 0 dc----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes

==================== Find3M ====================

2010-03-03 04:49:59 56816 -c--a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-12 06:17:44 278120 -c--a-w- c:\windows\system32\nvmccs.dll
2010-01-12 06:17:44 154216 -c--a-w- c:\windows\system32\nvsvc32.exe
2010-01-12 06:17:44 145000 -c--a-w- c:\windows\system32\nvcolor.exe
2010-01-12 06:17:44 13666408 -c--a-w- c:\windows\system32\nvcpl.dll
2010-01-12 06:17:44 110696 -c--a-w- c:\windows\system32\nvmctray.dll
2010-01-12 06:17:40 81920 -c--a-w- c:\windows\system32\nvwddi.dll
2010-01-05 10:00:29 832512 -c----w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 -c--a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 -c--a-w- c:\windows\system32\corpol.dll
2009-12-18 01:14:00 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43:27 343040 -c--a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 -c--a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27:51 2189184 -c----w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:50 2066048 -c----w- c:\windows\system32\ntkrnlpa.exe
2008-08-03 20:51:42 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080320080804\index.dat

============= FINISH: 2:24:17.92 ===============

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-03 17:41:34
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT F7AA5316 ZwCreateKey
SSDT F7AA530C ZwCreateThread
SSDT F7AA531B ZwDeleteKey
SSDT F7AA5325 ZwDeleteValueKey
SSDT F7AA532A ZwLoadKey
SSDT F7AA52F8 ZwOpenProcess
SSDT F7AA52FD ZwOpenThread
SSDT F7AA5334 ZwReplaceKey
SSDT F7AA532F ZwRestoreKey
SSDT F7AA5320 ZwSetValueKey
SSDT F7AA5307 ZwTerminateProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc)
AttachedDevice \FileSystem\Fastfat \Fat SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 300
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----



#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:53 AM

Posted 06 March 2010 - 07:08 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#4 winster

winster
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 06 March 2010 - 09:21 PM

Thank you for your help. Included is an otl scan if needed.

Attached Files

  • Attached File  OTL2.Txt   83.12KB   0 downloads


#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:53 AM

Posted 07 March 2010 - 04:18 PM

Well, you've been through the card with the cleaning.

Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


Are you actually experiencing any problems with the PC now?
Posted Image
m0le is a proud member of UNITE

#6 winster

winster
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 07 March 2010 - 07:34 PM

QUOTE(m0le @ Mar 7 2010, 01:18 PM) View Post
Well, you've been through the card with the cleaning.

Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


Are you actually experiencing any problems with the PC now?



I notice little things but my biggest worry is something hidden in the background. When using rootkitbuster it came up with some entries I wasn't sure what to do with. I couldn't find anything online related to it so I made no deletions, but like I said I am just worried of things hiding in the background... waiting. I thought my security was pretty tight. I have never had a problem like this since the late nineties and that wasn't even this bad. I have had some minor viruses in the past and they were easily removed. I want to sure everything is kosher before tightening my security up again.

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:53 AM

Posted 07 March 2010 - 08:12 PM

It doesn't look like there's any problems at all.

If you want to check the best way is to run MBAM followed by the ESET online scanner. With a lack of obvious symptoms the only other thing that could be sitting there is adware/spyware or remnants from previous infections.

Just for your peace of mind let's give them a whirl.

First let's clear out your temps/cookies/caches

Please download ATF Cleaner by Atribune.
    Double-click ATF-Cleaner.exe to run the program.
    Under Main "Select Files to Delete" choose: Select All.
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

If you are using Firefox and this has caused page loading problems then please clear your private data. To do this go
to the Tools menu, select Clear Private Data, and then check Cache. Click Clear Private Data Now.

This could also be Clear Recent History or similar

Then close Firefox and then reopen it.


Now Java's cache

To Clear the Java Runtime Environment (JRE) cache, do this:
  • Click Start > Settings > Control Panel.
  • Double-click the Java icon.
    -The Java Control Panel appears.
  • Click "Settings" under Temporary Internet Files.
    -The Temporary Files Settings dialog box appears.
  • Click "Delete Files".
    -The Delete Temporary Files dialog box appears.
    -There are three options on this window to clear the cache.
    • Delete Files
    • View Applications
    • View Applets
  • Click "OK" on Delete Temporary Files window.
    -Note: This deletes all the Downloaded Applications and Applets from the cache.
  • Click "OK" on Temporary Files Settings window.
  • Close the Java Control Panel.
You can also view these instructions along with screenshots here.


Now run MBAM

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Then

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#8 winster

winster
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 10 March 2010 - 06:04 AM

Sorry it took so long. I had a few prior Malwarebytes installations before and wanted to make sure there were no traces of it before doing a clean install. I mentioned I noticed little things but the last couple of days there have been a lot of little things. I have Avira Antivirus free and after a reboot the guard and scheduler would be disabled and I wasn't able to enable them from the quick launch. I had to go into my services and change some settings. It continued to do it for a few more reboots ... changed a few more settings and now its ok. Also had a problem with Firefox. During that time when I rebooted there was no formatting for the Firefox pages. Tried doing some research to find out why but it seemed to work itself out... not sure if anything I did fixed it but it hasn't done it for half the day now.

I used the Revo uninstaller when I removed Malwarebytes but I first used Final Uninstaller... mistake. Picked up a couple of back-doors on Avira (log below)... deleted them and then while I was running Malwarebytes it picked up a couple more in the System Volume Information file. No more signs though. Also had a problem with my Email accounts. When I first picked up the Antivirus Soft virus it attacked my Hotmail account and sent out emails to my list. I foolishly didn't change my password and found out that it did it again on 3/3/10 and 3/9/10. I didn't know about the first one but the after the last one I changed my password. In my Outlook Express port 25 was blocked (happened around when I first was infected) I ended up changing it to different port as recommended on another site.

Followed all your instructions and came up with nothing.

Attached Files



#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:53 AM

Posted 10 March 2010 - 06:28 PM

Looks like you're good to go then, winster smile.gif


Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#10 winster

winster
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 11 March 2010 - 10:13 PM

Ok I'm screwed, before I did a sytem restore I started having problems. Cant log in safe mode or normal. I get stuck at the blue screen. I had a file that suddenly appered, it was something like ad-vant or something and there was a abc.exe file, it was on the c/drive. I deleted it with malwarebytes tool. Dont know what to do? Would making a hirons boot disk work or what???????

Edited by winster, 11 March 2010 - 10:14 PM.


#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:53 AM

Posted 12 March 2010 - 06:45 PM

What happened?

Last time I posted you looked clean so how did that suddenly become a blue screen.

We Need to Diagnose Your BlueScreen
  1. When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  2. Select "Disable Automatic Restart on System Failure", as shown here:
  3. When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:

Posted Image
m0le is a proud member of UNITE

#12 winster

winster
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 13 March 2010 - 02:31 AM

I didn't have the "Blue screen of death." I booted up to the blue login page and then wouldn't go any further. First I was in Safe mode trying to run sup.antispyware and it said I needed administrator rights. When rebooting was when it went to the login screen and would do anything else. I finally put a Hirens boot disk in and it started but the hirens boot menu didn't come on. Hasnt come up with anything on scans but has been and keeps asking about making firefox my default browser.... little things!

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:53 AM

Posted 13 March 2010 - 04:34 AM

Let's try OTLPE. This should be able to provide us with the cause of the boot problem.

ISOBurner this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. Instructions

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Use Safelist
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

Posted Image
m0le is a proud member of UNITE

#14 winster

winster
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 14 March 2010 - 08:23 AM

In the process of doing your last request but wanted to add a Dr.Web log from a scan I did earlier in case I am not done before you check this thread.


Had problems uploading log. Had problems copying and pasting log. Only posted results below.


[Scan path] F:\
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Scanned: 269129
Infected: 3
Modifications: 0
Suspicious: 1
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 2
Hacktools: 2
Cured: 0
Deleted: 2
Renamed: 0
Moved: 1
Ignored: 0
Scan speed: 78 Kb/s
Scan time: 08:55:57
-----------------------------------------------------------------------------

C:\System Volume Information\_restore{759DADF8-B7CA-44AD-9F9A-C866035769DE}\RP1\A0000402.bat - deleted
C:\System Volume Information\_restore{759DADF8-B7CA-44AD-9F9A-C866035769DE}\RP10\A0005313.exe - deleted
C:\System Volume Information\_restore{759DADF8-B7CA-44AD-9F9A-C866035769DE}\RP10\A0005315.dll - deleted
C:\System Volume Information\_restore{759DADF8-B7CA-44AD-9F9A-C866035769DE}\RP10\A0007373.exe - deleted
C:\System Volume Information\_restore{759DADF8-B7CA-44AD-9F9A-C866035769DE}\RP14\A0008290.exe - deleted

=============================================================================
Total session statistics
=============================================================================
Scanned: 281126
Infected: 3
Modifications: 0
Suspicious: 1
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 2
Hacktools: 2
Cured: 0
Deleted: 7
Renamed: 0
Moved: 1
Ignored: 0
Scan speed: 41 Kb/s
Scan time: 12:50:17
=============================================================================


Edited by winster, 14 March 2010 - 08:56 AM.


#15 winster

winster
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 15 March 2010 - 09:56 PM

I had trouble booting from the cd, not sure why. My permissions were correct in bois so not sure why??
----------------------------------------------------

OTL logfile created on: 3/15/2010 8:53:49 PM - Run
OTLPE by OldTimer - Version 3.1.35.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 10.11 Gb Free Space | 13.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (NMIndexingService)
SRV - File not found [On_Demand] -- -- (KodakCCS)
SRV - [2009/10/16 22:10:36 | 000,589,824 | ---- | M] ( ) [Auto] -- C:\WINDOWS\System32\lxdxcoms.exe -- (lxdx_device)
SRV - [2009/10/16 22:00:52 | 000,094,208 | ---- | M] () [Auto] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)
SRV - [2009/07/21 17:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 19:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/01/19 15:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot] -- -- (Lbd)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (ASUSHWIO)
DRV - [2010/03/14 09:20:00 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/03/11 07:27:52 | 000,003,968 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FRIdrv.sys -- (FRIdrv)
DRV - [2010/03/03 00:49:59 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/02/17 14:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 14:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/12 16:03:34 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/05/11 13:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 13:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 15:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/12/06 12:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/08/29 07:04:04 | 000,116,264 | ---- | M] (Silicon Image, Inc) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SI3112r.sys -- (SI3112r)
DRV - [2007/08/29 07:04:04 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007/04/26 12:23:44 | 000,988,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/04/26 12:23:08 | 000,267,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2007/04/26 12:23:04 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/05/25 18:58:04 | 000,396,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2004/05/25 18:58:02 | 000,048,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2003/06/06 18:53:16 | 000,070,656 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2003/03/19 03:51:00 | 000,018,688 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)
DRV - [2002/09/09 13:04:36 | 000,007,312 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WBHWDOCT.sys -- (WBHWDOCT)
DRV - [2002/07/25 12:01:06 | 000,005,306 | R--- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2001/08/17 16:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 10:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 09:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 09:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 09:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 09:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 09:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 09:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 09:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 09:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 09:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
DRV - [1997/04/22 13:16:00 | 000,006,272 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://news.google.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator.SCOTT_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService.NT_AUTHORITY_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService.NT_AUTHORITY_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/21 23:04:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/11 07:20:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Namoroka 3.6a1\extensions\\Components: C:\Program Files\Namoroka 3.6 Alpha 1\components [2009/10/28 10:29:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Namoroka 3.6a1\extensions\\Plugins: C:\Program Files\Namoroka 3.6 Alpha 1\plugins [2010/03/11 07:20:10 | 000,000,000 | ---D | M]

[2010/03/15 07:09:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/01/11 14:44:29 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2010/03/02 22:14:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Control Popups in Internet Explorer) - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\Program Files\PopupPopper\PopLib.dll (Bayden Systems)
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [lxdxamon] C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe ()
O4 - HKLM..\Run: [lxdxmon.exe] C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe ()
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator.SCOTT_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/04 02:28:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/15 07:11:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/03/14 09:20:00 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/03/14 09:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies
[2010/03/14 09:16:59 | 004,940,440 | ---- | C] (Macrovision Corporation) -- C:\Documents and Settings\Owner\Desktop\IsoBurner-Setup.exe
[2010/03/13 10:38:46 | 000,242,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scedll.dll
[2010/03/13 10:38:46 | 000,029,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Rshx32_5.dll
[2010/03/13 10:38:45 | 000,049,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SeCEdit.exe
[2010/03/13 10:38:44 | 000,384,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wsecedit.dll
[2010/03/13 07:34:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/03/12 03:43:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/12 00:23:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/03/12 00:13:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/12 00:13:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/12 00:13:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/12 00:13:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/12 00:11:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/11 21:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/03/11 12:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Folder
[2010/03/11 07:27:52 | 000,003,968 | ---- | C] (Beyond Logic http://www.beyondlogic.org) -- C:\WINDOWS\System32\drivers\FRIdrv.sys
[2010/03/10 00:49:09 | 000,161,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/03/09 23:29:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/09 23:29:41 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/09 23:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/09 23:28:05 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/03/09 20:19:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\CCSkeys
[2010/03/09 18:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/03/09 10:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Adobe
[2010/03/09 09:02:19 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2010/03/09 09:02:19 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2010/03/09 09:02:18 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2010/03/09 09:02:17 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2010/03/09 09:02:17 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2010/03/09 09:02:16 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2010/03/09 09:02:16 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2010/03/09 09:02:15 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2010/03/09 09:02:15 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2010/03/09 09:02:14 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2010/03/09 09:02:14 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2010/03/09 09:02:13 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2010/03/09 09:02:13 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2010/03/09 09:02:12 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2010/03/09 09:02:12 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2010/03/09 09:02:11 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2010/03/09 09:02:10 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2010/03/09 09:02:10 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2010/03/09 09:02:09 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2010/03/09 09:02:09 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2010/03/09 09:02:08 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2010/03/09 09:02:08 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2010/03/09 09:02:07 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2010/03/09 09:02:06 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2010/03/09 09:02:06 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2010/03/09 09:02:05 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2010/03/09 09:02:05 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2010/03/09 09:02:04 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2010/03/09 09:02:04 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2010/03/09 09:02:03 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2010/03/09 09:02:03 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2010/03/09 09:02:02 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2010/03/09 09:02:01 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2010/03/09 09:02:01 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2010/03/09 09:02:00 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2010/03/09 09:01:55 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2010/03/09 09:01:54 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2010/03/09 09:01:53 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2010/03/09 09:01:52 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2010/03/09 09:01:52 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2010/03/09 09:01:51 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2010/03/09 09:01:51 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2010/03/09 09:01:50 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2010/03/09 09:01:49 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2010/03/09 09:01:46 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2010/03/09 09:01:46 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2010/03/09 09:01:46 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2010/03/09 09:01:45 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2010/03/09 09:01:45 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2010/03/09 09:01:44 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2010/03/09 09:01:12 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2010/03/09 09:01:11 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2010/03/09 09:01:11 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2010/03/09 09:01:10 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2010/03/09 09:01:10 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2010/03/09 09:01:09 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2010/03/09 09:01:09 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2010/03/09 09:01:08 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2010/03/09 09:01:07 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2010/03/09 09:01:07 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2010/03/09 09:01:05 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2010/03/09 08:59:40 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2010/03/09 08:59:40 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2010/03/09 08:59:39 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2010/03/09 08:59:38 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2010/03/09 08:59:38 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2010/03/09 08:59:38 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2010/03/09 08:59:37 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2010/03/09 08:59:37 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2010/03/09 08:59:36 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2010/03/09 08:59:35 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2010/03/09 08:59:35 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2010/03/09 08:59:34 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2010/03/09 08:59:34 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2010/03/09 08:59:33 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2010/03/09 08:59:33 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2010/03/09 08:59:33 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2010/03/09 08:59:32 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2010/03/09 08:59:32 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2010/03/09 08:59:31 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2010/03/09 08:59:31 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2010/03/09 08:59:30 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2010/03/09 08:59:30 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2010/03/09 08:59:29 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2010/03/09 08:59:15 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2010/03/08 19:36:34 | 000,000,000 | ---D | C] -- C:\Program Files\FinalUninstaller
[2010/03/08 19:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\JANINE
[2010/03/08 02:27:50 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2010/03/03 23:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\win
[2010/03/03 23:20:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Revo Uninstaller
[2010/03/03 07:10:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Hiren's
[2010/03/03 02:35:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AdobeUM
[2010/03/03 00:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Adobe
[2010/03/03 00:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/03/02 17:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (2)
[2010/03/02 03:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\VirusTotalUploader2
[2010/03/02 03:35:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\QuickScan
[2010/03/01 00:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\scan logs
[2010/02/28 08:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\DoctorWeb
[2010/02/27 20:11:34 | 001,840,232 | ---- | C] (Trend Micro) -- C:\Documents and Settings\Owner\Desktop\HousecallLauncher.exe
[2010/02/27 02:46:26 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/02/27 02:46:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/02/27 02:46:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/02/24 18:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/02/24 06:20:22 | 000,518,656 | R--- | C] (Safer Networking Limited) -- C:\Documents and Settings\Owner\Desktop\sfp.exe
[2010/02/22 09:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\TMRBLog
[2010/02/22 09:04:32 | 002,457,600 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\RootkitBuster.exe
[2010/02/19 16:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/02/17 20:52:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/17 20:16:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2010/02/17 19:49:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\NV6561000.TMP
[2010/02/17 16:27:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\NV5601636.TMP
[2010/02/17 16:05:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\nView-nv14756
[2009/04/09 19:31:44 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcoin.dll
[2009/04/09 19:29:20 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDXhcp.dll
[2009/04/09 19:29:20 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxinpa.dll
[2009/04/09 19:29:19 | 001,105,920 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxserv.dll
[2009/04/09 19:29:19 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxusb1.dll
[2009/04/09 19:29:19 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxpmui.dll
[2009/04/09 19:29:19 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxiesc.dll
[2009/04/09 19:29:19 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxprox.dll
[2009/04/09 19:29:18 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxhbn3.dll
[2009/04/09 19:29:18 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxlmpm.dll
[2009/04/09 19:29:16 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomc.dll
[2009/04/09 19:29:16 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomm.dll
[2009/03/28 06:17:22 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/15 22:46:16 | 001,572,864 | -H-- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
[2010/03/15 22:46:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/15 22:45:52 | 011,796,480 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/03/15 22:45:52 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/03/15 22:43:04 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
[2010/03/15 22:38:33 | 000,000,308 | -H-- | M] () -- C:\boot.ini
[2010/03/15 22:38:33 | 000,000,138 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/15 22:38:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/15 08:19:49 | 000,267,361 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/15 07:15:43 | 000,521,444 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/15 07:15:43 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/15 07:15:43 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/15 07:11:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/14 09:20:00 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/03/14 09:17:03 | 004,940,440 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Owner\Desktop\IsoBurner-Setup.exe
[2010/03/13 19:21:45 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Administrator.SCOTT\NTUSER.DAT
[2010/03/13 19:21:42 | 000,001,131 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DrWeb.csv
[2010/03/13 10:39:26 | 000,000,511 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to Administrative Tools.lnk
[2010/03/13 00:09:10 | 033,560,392 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\vv6swc97.exe
[2010/03/12 00:05:41 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini
[2010/03/11 23:07:53 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator.SCOTT\ntuser.ini
[2010/03/11 21:25:04 | 003,712,656 | -H-- | M] () -- C:\Documents and Settings\Administrator.SCOTT\Local Settings\Application Data\IconCache.db
[2010/03/11 20:28:51 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Shortcut to Local Disk ©.lnk
[2010/03/11 20:05:30 | 000,451,584 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CKScanner.exe
[2010/03/11 15:58:40 | 000,146,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/11 07:27:52 | 000,003,968 | ---- | M] (Beyond Logic http://www.beyondlogic.org) -- C:\WINDOWS\System32\drivers\FRIdrv.sys
[2010/03/11 07:24:13 | 011,730,827 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Imager Lite 2.6.1.zip
[2010/03/10 00:49:09 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/03/08 02:27:50 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2010/03/03 07:05:57 | 188,908,908 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Hirens.BootCD.10.2.zip
[2010/03/03 00:49:59 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/03/02 22:14:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/02 21:48:38 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/02 10:30:38 | 000,909,117 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\registrycleaner_en.zip
[2010/03/02 03:56:39 | 000,001,710 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\VirusTotal Uploader 2.0.lnk
[2010/03/02 00:41:32 | 000,000,130 | ---- | M] () -- C:\Documents and Settings\Owner\webct_upload_applet.properties
[2010/02/27 20:11:34 | 001,840,232 | ---- | M] (Trend Micro) -- C:\Documents and Settings\Owner\Desktop\HousecallLauncher.exe
[2010/02/27 16:17:10 | 000,007,146 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20100219_120144.reg
[2010/02/25 18:41:33 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2010/02/24 18:52:12 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SpywareBlaster.lnk
[2010/02/22 19:07:58 | 000,152,576 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/20 23:54:07 | 000,381,555 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100224-150513.backup
[2010/02/20 23:48:17 | 000,030,168 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/17 19:43:41 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/13 19:21:42 | 000,001,131 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DrWeb.csv
[2010/03/13 10:39:26 | 000,000,511 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to Administrative Tools.lnk
[2010/03/13 00:06:56 | 033,560,392 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\vv6swc97.exe
[2010/03/12 00:13:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/12 00:13:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/12 00:13:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/11 20:28:51 | 000,000,293 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Shortcut to Local Disk ©.lnk
[2010/03/11 20:05:29 | 000,451,584 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CKScanner.exe
[2010/03/11 07:23:59 | 011,730,827 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Imager Lite 2.6.1.zip
[2010/03/09 09:01:58 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2010/03/09 09:01:58 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2010/03/09 09:01:58 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2010/03/09 09:01:57 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2010/03/09 09:01:57 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2010/03/09 09:01:56 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2010/03/09 09:01:56 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2010/03/09 09:01:55 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2010/03/09 09:01:54 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2010/03/09 09:01:48 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2010/03/08 18:24:10 | 000,000,741 | ---- | C] () -- C:\WINDOWS\KB905474_cleaner.cmd
[2010/03/03 07:03:59 | 188,908,908 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Hirens.BootCD.10.2.zip
[2010/03/02 10:30:33 | 000,909,117 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\registrycleaner_en.zip
[2010/03/02 03:56:39 | 000,001,710 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\VirusTotal Uploader 2.0.lnk
[2010/02/24 18:52:12 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SpywareBlaster.lnk
[2010/02/22 09:12:37 | 000,024,602 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\CleanUp!.log
[2010/02/22 03:56:27 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Owner\webct_upload_applet.properties
[2010/02/19 16:01:47 | 000,007,146 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20100219_120144.reg
[2010/02/17 20:52:12 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/02/17 20:52:07 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/17 20:51:22 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/17 20:51:22 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/17 20:16:25 | 000,025,699 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2009/11/12 20:28:31 | 000,327,168 | ---- | C] () -- C:\WINDOWS\System32\cutil32.dll
[2009/08/21 03:28:22 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2009/04/09 19:31:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdxvs.dll
[2009/04/09 19:30:57 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdxdrs.dll
[2009/04/09 19:30:57 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdxcaps.dll
[2009/04/09 19:30:57 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdxcnv4.dll
[2009/04/09 19:29:36 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdxrwrd.ini
[2009/04/09 19:29:20 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDXinst.dll
[2009/04/09 19:29:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdxgrd.dll
[2009/03/28 06:17:56 | 000,001,176 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
[2009/03/28 06:17:33 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.log
[2009/03/28 06:17:22 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2009/03/28 06:17:22 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2009/03/27 21:45:51 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/28 14:50:44 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/28 14:50:44 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/10/07 01:33:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/03/09 02:36:21 | 000,000,540 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\AutoGK.ini
[2008/02/04 22:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/07/09 13:26:28 | 000,242,224 | ---- | C] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
[2007/06/13 02:25:01 | 000,152,576 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/04 06:28:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/03/23 23:06:12 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Speed Video Splitter.INI
[2007/02/26 17:24:20 | 000,220,672 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2007/02/26 17:22:42 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2007/02/26 17:22:36 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2007/02/26 17:22:34 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2007/02/26 17:22:30 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2007/02/26 17:22:24 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2007/02/26 17:22:14 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2007/02/26 17:22:04 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2007/02/26 17:21:46 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2007/02/26 17:21:38 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2007/02/26 17:21:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2007/02/12 15:21:22 | 003,426,304 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/02/12 15:21:22 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007/02/12 15:21:22 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/02/12 15:21:22 | 000,399,872 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/02/12 15:21:22 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2007/02/12 15:21:22 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007/02/12 15:21:22 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/02/12 15:21:22 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007/02/12 15:21:22 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/02/12 15:21:22 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007/02/12 15:21:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007/02/12 15:21:22 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/02/12 15:21:22 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007/02/12 15:21:22 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2007/02/12 15:21:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007/02/12 15:21:22 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007/02/12 15:21:22 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/02/12 15:21:22 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/02/12 15:21:22 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/11/25 19:11:22 | 000,000,100 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/11/25 19:11:19 | 000,000,425 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2006/09/20 20:09:27 | 000,000,197 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2006/09/20 20:09:02 | 000,000,193 | ---- | C] () -- C:\WINDOWS\hpc.ini
[2006/07/07 11:51:02 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\FLT_ffdshow.dll
[2006/06/22 21:35:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/21 21:06:20 | 000,005,120 | R--- | C] () -- C:\WINDOWS\TBManage.dll
[2006/06/21 17:51:14 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2006/06/21 01:12:55 | 000,018,253 | ---- | C] () -- C:\WINDOWS\System32\ssnvfx.ini
[2006/06/21 01:11:36 | 000,003,443 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/03/29 23:59:10 | 000,029,919 | ---- | C] () -- C:\WINDOWS\System32\rtsicis.ini
[2006/01/11 02:11:06 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv5.dll
[2006/01/11 02:11:06 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv4.dll
[2003/02/12 14:20:24 | 000,006,942 | ---- | C] () -- C:\WINDOWS\cadx2.ini
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/05/17 18:18:30 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2001/01/08 06:09:20 | 000,012,285 | ---- | C] () -- C:\WINDOWS\Cadx3.ini

========== LOP Check ==========

[2010/02/03 07:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVI ReComp
[2006/11/26 02:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Costco Photo Organizer
[2006/11/26 02:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Costco Photo Viewer
[2008/03/14 06:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GlarySoft
[2009/06/21 23:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2009/06/15 06:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2009/02/18 18:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2010/01/09 16:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\JAM Software
[2006/11/20 17:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2009/04/09 20:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lexmark Productivity Studio
[2009/03/02 02:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OfficeUpdate12
[2009/09/13 05:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2010/03/06 10:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\QuickScan
[2009/10/20 03:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Schoolhouse Technologies
[2009/06/19 19:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2010/02/14 00:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2009/10/19 05:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2009/12/25 23:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wal-Mart Digital Photo Viewer
[2009/09/01 16:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinWay

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\wpa.dbl:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\My Documents\cc_20100219_120144.reg:SummaryInformation
@Alternate Data Stream - 60 bytes -> C:\Documents and Settings\Owner\Desktop\License Agreement.html:AFP_AfpInfo
< End of report >





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users