Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect, Antivir Pro, Antimalware Doctor


  • This topic is locked This topic is locked
9 replies to this topic

#1 CSC1836

CSC1836

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 31 July 2010 - 02:48 AM

I am getting a horrible redirect upon Google searches. Yahoo and others seem to be ok. This seems to have stemmed from my comp being infiltrated by Antivir, Antimalware Doctor, and a few other malware programs all attacking at once. I believe I have gotten rid of most of the fake antivirus protection programs but I am still getting this Google redirect. I have a feeling that there is something more sinister going on than this redirect. I have run MBAM, Spybot, and Avast. Any help will be greatly appreciated. Here is my HJT log.

For some reason I cannot post the DDS log. Hmmm. Keeps Saying the connection was reset.

Edited by CSC1836, 31 July 2010 - 02:57 AM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 31 July 2010 - 07:27 AM

Hello and welcome to Bleeping Computer

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT
  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 CSC1836

CSC1836
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 01 August 2010 - 02:28 AM

Thank you very much for your help etavares. Please bear with me through this. I tried to post the OTL log from the infected computer but it would only post certain parts and not the whole log. My browser kept saying that the internect connection had been reset. The following couple of posts were mishaps from the infected computer. I had to e-mail the file to a different computer and then was able to post the entire log.

Edited by CSC1836, 01 August 2010 - 02:47 AM.


#4 CSC1836

CSC1836
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 01 August 2010 - 02:30 AM

fix

Edited by CSC1836, 01 August 2010 - 02:43 AM.


#5 CSC1836

CSC1836
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 01 August 2010 - 02:34 AM

fix

Edited by CSC1836, 01 August 2010 - 02:43 AM.


#6 CSC1836

CSC1836
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 01 August 2010 - 02:42 AM

OTL logfile created on: 8/1/2010 1:46:00 AM - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner.YOUR-84964ECD5B\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.68 Gb Total Space | 23.45 Gb Free Space | 34.65% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 4.95 Gb Free Space | 72.53% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-84964ECD5B
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/31 22:24:16 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Desktop\Defogger.exe
PRC - [2010/07/31 03:15:25 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Desktop\OTL.exe
PRC - [2010/07/30 22:06:36 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/07/22 17:02:16 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/03/30 00:46:14 | 000,303,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/03/30 00:46:12 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/11/24 17:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 17:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 17:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 17:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 17:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/10/06 21:29:47 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2008/12/12 13:41:02 | 000,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2008/07/16 14:20:51 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/18 21:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/05/28 16:19:19 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2005/08/24 07:51:18 | 000,442,455 | ---- | M] (Motive, Inc.) -- C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
PRC - [2004/08/30 15:43:32 | 000,293,888 | ---- | M] (KsL Software) -- C:\Program Files\RFA\rfagent.exe
PRC - [2004/06/03 03:50:07 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe


========== Modules (SafeList) ==========

MOD - [2010/07/31 03:15:25 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Desktop\OTL.exe
MOD - [2009/11/24 17:50:32 | 000,139,264 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/06/03 09:23:28 | 000,122,880 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SBC Self Support Tool\SmartBridge\SBHook.dll
MOD - [2004/08/30 15:43:32 | 000,018,944 | ---- | M] (KsL Software) -- C:\Program Files\RFA\agenth.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/30 00:46:14 | 000,303,952 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/24 17:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 17:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 17:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 17:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/12/12 13:41:18 | 005,117,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/12/12 13:41:08 | 000,243,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2008/12/12 13:41:02 | 000,060,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2008/07/16 14:20:51 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2007/03/18 04:35:23 | 000,077,312 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\LxrSG20s.exe -- (LxrSG20s)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/05/28 16:19:19 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)


========== Driver Services (SafeList) ==========

DRV - [2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/11/24 17:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 17:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 17:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/10/27 14:50:20 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2009/09/15 05:56:14 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/09/15 05:55:30 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/09/15 05:55:19 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/11/10 13:09:32 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2008/07/08 23:51:42 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/01/20 02:07:58 | 000,033,292 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/03/18 04:35:23 | 000,068,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LxrSG20d.sys -- (LxrSG20d)
DRV - [2007/01/31 06:45:00 | 001,050,784 | ---- | M] (D-Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5416.sys -- (AR5416)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/07/20 07:00:10 | 000,054,432 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2005/10/28 11:38:18 | 000,402,432 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(Hawking)) Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking)
DRV - [2005/09/21 02:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/07/28 08:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2005/04/28 08:37:50 | 001,132,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/04/20 05:46:42 | 000,350,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/04/20 05:45:48 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/04/17 18:26:00 | 000,230,912 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/02/11 07:46:22 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/02/01 13:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2005/01/25 17:27:14 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/01/25 17:26:32 | 000,200,576 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/01/25 17:26:28 | 000,703,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/10 19:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/11/10 19:27:34 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/11/05 09:47:00 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/10/25 13:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004/08/10 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/05/07 20:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/28 21:23:24 | 000,039,048 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IcdUsb2.sys -- (ICDUSB2) Sony IC Recorder (P)
DRV - [2001/08/18 00:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 00:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 00:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 00:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 00:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 23:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 23:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 23:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 23:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 23:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 23:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 23:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 23:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 23:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 23:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 14:10:58 | 000,069,692 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el575ND5.sys -- (el575nd5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6441
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6441
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6441
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6441
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



IE - HKU\S-1-5-21-4104996263-281836309-753266111-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
IE - HKU\S-1-5-21-4104996263-281836309-753266111-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-4104996263-281836309-753266111-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-4104996263-281836309-753266111-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-4104996263-281836309-753266111-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4104996263-281836309-753266111-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://bing.zugo.com/?cfg=2-80-0-1t8w4
IE - HKU\S-1-5-21-4104996263-281836309-753266111-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-4104996263-281836309-753266111-1006\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Search Toolbar\tbhelper.dll ()
IE - HKU\S-1-5-21-4104996263-281836309-753266111-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4104996263-281836309-753266111-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-4104996263-281836309-753266111-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..extensions.enabledItems: {1CE11043-9A15-4207-A565-0C94C42D590D}:11.3.7.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 5555
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/31 01:00:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/31 22:28:32 | 000,000,000 | ---D | M]

[2010/07/31 01:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\Mozilla\Extensions
[2010/08/01 01:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\Mozilla\Firefox\Profiles\aajm9cfn.default\extensions
[2010/07/31 01:02:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\Mozilla\Firefox\Profiles\aajm9cfn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/01 01:22:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/26 17:41:27 | 000,000,000 | ---D | M] (Adobe Flash Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}
[2010/07/31 03:04:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/09/03 19:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/07/31 03:03:44 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/06/30 23:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2008/07/19 00:07:01 | 000,253,037 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8814 more lines...
O2 - BHO: (adShotHlpr Object) - {1B659070-8C71-4CBF-8B27-77BE94851BC4} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {C2BA40A2-75F1-51BD-F413-04B15A2C8950} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (PeoplePal Toolbar) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - Reg Error: Value error. File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-4104996263-281836309-753266111-1006\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MChk] C:\WINDOWS\system32\utaep.exe ()
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe (Motive, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [rfagent] C:\Program Files\RFA\rfagent.exe (KsL Software)
O4 - HKLM..\Run: [sta] File not found
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Power2GoExpress] File not found
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [Power2GoExpress] File not found
O4 - HKU\S-1-5-21-4104996263-281836309-753266111-1006..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-4104996263-281836309-753266111-1006..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-4104996263-281836309-753266111-1006..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - HKU\S-1-5-21-4104996263-281836309-753266111-1006..\Run: [Yahoo! Pager] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4104996263-281836309-753266111-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1153335068400 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O22 - SharedTaskScheduler: {C2BA40A2-75F1-51BD-F413-04B15A2C8950} - jkzoiefu9s3huishf87efushdjkfgyuisfiud - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.YOUR-84964ECD5B\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.YOUR-84964ECD5B\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/23 04:00:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 13:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{f7ca894c-464c-11dd-a39f-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{f7ca894c-464c-11dd-a39f-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "MpfService"
MsConfig - Services: "McProxy"
MsConfig - Services: "McODS"
MsConfig - Services: "McAfee SiteAdvisor Service"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hawking Wireless Utility.lnk - C:\Program Files\Hawking\HWU8DD\HWU8DD.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe - (Motive Communications, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^Owner.YOUR-84964ECD5B^Start Menu^Programs^Startup^Antimalware Doctor.lnk - C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\48094F9DEB8484A822EAE6F65F023D4B\releaseversion70700.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Owner.YOUR-84964ECD5B^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: PWRISOVM.EXE - hkey= - key= - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 90 Days ==========

[2010/07/31 03:16:10 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Desktop\OTL.exe
[2010/07/31 03:15:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2010/07/31 03:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/31 03:13:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/07/31 03:13:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/31 03:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2010/07/31 03:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/07/31 03:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/07/31 03:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/07/31 03:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/31 01:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/30 22:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Local Settings\Application Data\Temp
[2010/07/29 22:42:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Recent
[2010/07/27 19:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\RFA
[2010/07/27 18:53:32 | 000,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/07/27 18:53:31 | 000,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/07/27 18:53:30 | 000,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/07/27 18:53:29 | 000,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2010/07/27 18:53:27 | 000,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/07/27 18:53:27 | 000,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/07/27 18:53:27 | 000,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/07/27 18:53:27 | 000,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/07/27 18:53:03 | 001,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/07/27 18:52:58 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/07/26 17:54:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/26 17:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/26 17:44:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\Street-Ads
[2010/07/26 17:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Local Settings\Application Data\{20F6C565-4FB9-4970-81E8-52C44585D34A}
[2010/07/26 17:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\Sky-Banners
[2010/07/26 17:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Local Settings\Application Data\jtffleyol
[2010/07/26 17:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/07/26 17:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\48094F9DEB8484A822EAE6F65F023D4B
[2010/06/30 02:22:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Toolbar4
[2010/06/30 02:22:30 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
[2010/05/18 00:05:20 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2010/05/17 22:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/01 01:41:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\Updater.job
[2010/08/01 01:38:36 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/01 01:38:34 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4104996263-281836309-753266111-1006.job
[2010/08/01 01:38:00 | 008,405,015 | ---- | M] () -- C:\WINDOWS\TempFile
[2010/08/01 01:37:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/01 01:37:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/01 01:37:37 | 2078,593,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/01 01:11:21 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4104996263-281836309-753266111-1006UA.job
[2010/07/31 22:33:33 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Desktop\gmer.zip
[2010/07/31 22:26:50 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\NTUSER.DAT
[2010/07/31 22:26:26 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\ntuser.ini
[2010/07/31 22:25:58 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\defogger_reenable
[2010/07/31 22:24:16 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Desktop\Defogger.exe
[2010/07/31 03:15:25 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Desktop\OTL.exe
[2010/07/31 03:13:20 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010/07/31 03:13:20 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/07/31 02:45:15 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Desktop\HiJackThis.lnk
[2010/07/31 01:00:19 | 000,001,630 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/31 01:00:19 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/31 00:54:18 | 000,000,651 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/31 00:54:18 | 000,000,301 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/31 00:54:18 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2010/07/30 22:21:06 | 000,002,412 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Desktop\Google Chrome.lnk
[2010/07/30 22:21:06 | 000,002,390 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/30 22:11:03 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4104996263-281836309-753266111-1006Core.job
[2010/07/29 03:10:29 | 000,002,683 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/27 19:55:13 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry First Aid.lnk
[2010/07/27 19:43:12 | 000,000,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/27 18:53:33 | 000,001,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2010/07/26 18:10:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\gdebkte.sys
[2010/07/26 17:44:02 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Hmahepovax.dat
[2010/07/26 17:44:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Rpimanofowaceh.bin
[2010/07/26 17:43:33 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
[2010/07/13 19:43:22 | 000,040,581 | ---- | M] () -- C:\WINDOWS\System32\utaep.exe
[2010/07/12 20:50:33 | 004,660,816 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\My Documents\rectangle.loom.pdf
[2010/06/30 10:38:03 | 000,098,304 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/29 01:09:47 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4104996263-281836309-753266111-1006.job
[2010/06/29 01:07:31 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/06/23 22:32:10 | 000,503,510 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 22:32:10 | 000,442,568 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 22:32:10 | 000,071,980 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/17 01:42:54 | 000,188,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/08 22:27:33 | 000,976,747 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\My Documents\Campus%20Map%20v2.pdf
[2010/05/24 15:54:16 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/18 08:57:06 | 000,073,196 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\My Documents\ABILIFY® (aripiprazole) Maj...tif
[2010/05/17 22:11:49 | 000,001,614 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/05/17 13:41:16 | 001,129,820 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\My Documents\calendar_2007-03.pdf
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/31 22:33:37 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Desktop\gmer.zip
[2010/07/31 22:25:52 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\defogger_reenable
[2010/07/31 22:24:18 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Desktop\Defogger.exe
[2010/07/31 03:13:20 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010/07/31 03:13:20 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/07/31 01:23:43 | 000,002,479 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Desktop\HiJackThis.lnk
[2010/07/31 01:00:19 | 000,001,630 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/31 01:00:19 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/31 00:47:42 | 2078,593,024 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/30 22:21:06 | 000,002,390 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/30 22:21:05 | 000,002,412 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Desktop\Google Chrome.lnk
[2010/07/30 22:06:47 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4104996263-281836309-753266111-1006UA.job
[2010/07/30 22:06:45 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4104996263-281836309-753266111-1006Core.job
[2010/07/27 19:55:13 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry First Aid.lnk
[2010/07/27 18:53:33 | 000,001,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2010/07/27 18:53:03 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2010/07/26 17:44:02 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Hmahepovax.dat
[2010/07/26 17:44:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Rpimanofowaceh.bin
[2010/07/26 17:42:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\gdebkte.sys
[2010/07/26 17:41:59 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\Updater.job
[2010/07/26 17:41:36 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
[2010/07/13 19:43:22 | 000,040,581 | ---- | C] () -- C:\WINDOWS\System32\utaep.exe
[2010/07/12 20:50:33 | 004,660,816 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\My Documents\rectangle.loom.pdf
[2010/06/29 01:08:49 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4104996263-281836309-753266111-1006.job
[2010/06/29 01:08:48 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4104996263-281836309-753266111-1006.job
[2010/06/08 22:27:33 | 000,976,747 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\My Documents\Campus%20Map%20v2.pdf
[2010/05/18 08:57:05 | 000,073,196 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\My Documents\ABILIFY® (aripiprazole) Maj...tif
[2010/05/17 22:11:49 | 000,001,614 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/05/17 13:41:16 | 001,129,820 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\My Documents\calendar_2007-03.pdf
[2009/10/27 14:50:20 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2009/02/23 01:19:07 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009/01/05 01:43:51 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/10/15 15:04:16 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/08/08 21:17:03 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2008/08/08 21:17:03 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2008/07/30 02:21:12 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/07/30 02:21:12 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/07/30 02:19:54 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\swk.ini
[2008/07/30 02:05:22 | 000,004,111 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/19 23:31:36 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\zonzhx.dll
[2008/07/19 00:26:43 | 000,000,311 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/07/15 21:12:53 | 000,700,995 | -HS- | C] () -- C:\WINDOWS\System32\gkatsjaw.ini
[2008/07/15 18:29:26 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2008/07/15 18:29:26 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2008/07/09 21:49:13 | 000,000,045 | ---- | C] () -- C:\WINDOWS\INSTALL.INI
[2008/07/09 00:09:57 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/09 00:09:57 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/09/06 18:16:08 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LxrSG20.dll
[2006/09/06 18:16:08 | 000,068,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrSG20d.sys
[2006/08/02 19:55:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI
[2006/07/30 20:09:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LxrConfig.INI
[2006/07/20 14:03:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure20.INI
[2006/05/28 16:21:37 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2006/05/28 16:07:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/23 06:14:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/23 02:13:49 | 000,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/11/23 02:13:49 | 000,000,522 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/10 14:00:00 | 000,000,009 | ---- | C] () -- C:\WINDOWS\System32\comsats.sys
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2006/05/28 16:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2006/07/22 12:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2009/05/17 20:46:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/01/02 00:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/01/02 00:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MIDI Patch Names
[2008/09/10 20:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2009/01/02 00:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2008/08/24 17:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/01/26 23:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/30 02:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Toolbar4
[2009/01/02 00:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/07/27 17:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update
[2008/07/31 21:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/05/28 16:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2006/07/19 18:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2009/10/05 13:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/07/27 17:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\48094F9DEB8484A822EAE6F65F023D4B
[2009/03/22 07:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\Any Video Converter
[2006/08/07 16:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\AVG7
[2010/07/29 10:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\BitTorrent
[2008/07/09 02:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\BitZipper
[2008/07/08 23:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\DAEMON Tools
[2010/08/01 01:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\DNA
[2009/04/07 09:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\Folding@home-x86
[2009/01/02 00:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\Nikon
[2009/10/24 00:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\PokerCreations
[2010/03/23 21:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\Research In Motion
[2006/05/28 16:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\SampleView
[2010/07/26 17:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\Sky-Banners
[2008/10/12 18:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\SPORE Creature Creator
[2010/07/26 17:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\Street-Ads
[2006/07/19 14:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\Template
[2009/10/24 00:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\UFC Poker
[2008/12/11 22:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\Unity
[2008/07/31 21:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\Viewpoint
[2008/08/15 00:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\Vso
[2008/12/26 04:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-84964ECD5B\Application Data\Xilisoft Corporation
[2010/08/01 01:41:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\Updater.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/11/22 19:48:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/11/22 19:48:04 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/11/22 19:48:04 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2006/05/28 16:10:20 | 000,000,002 | ---- | M] () -- C:\AUDIT_INSTALL_IN_PROGRESS
[2005/11/23 04:00:29 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/05/28 16:23:35 | 000,000,167 | ---- | M] () -- C:\bcmwl5.log
[2010/07/31 00:54:18 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2005/11/23 04:00:29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/03/22 08:53:35 | 000,627,712 | -HS- | M] () -- C:\ehthumbs.db
[2010/08/01 01:37:37 | 2078,593,024 | -HS- | M] () -- C:\hiberfil.sys
[2005/11/23 04:00:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/08/10 20:59:54 | 000,002,173 | -H-- | M] () -- C:\IPH.PH
[2010/07/31 03:08:01 | 000,000,165 | ---- | M] () -- C:\JavaRa.log
[2005/11/23 04:00:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/10 19:52:14 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/01 01:37:34 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys
[2010/07/31 03:35:18 | 000,000,450 | ---- | M] () -- C:\rkill.log
[2006/05/28 16:11:14 | 000,000,191 | ---- | M] () -- C:\touchpad.log
[2008/07/20 00:58:20 | 000,000,137 | ---- | M] () -- C:\VundoFix.txt
[2010/07/26 17:43:33 | 000,000,150 | ---- | M] () -- C:\zrpt.xml

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/10 19:44:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/09/10 19:44:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 09:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/10 19:44:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/09/10 19:44:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USER32.DLL >
[2005/03/02 13:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007/03/08 10:48:36 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=7AA4F6C00405DFC4B70ED4214E7D687B -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[2007/03/08 10:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005/03/02 13:09:30 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=DE2DB164BBB35DB061AF0997E4499054 -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll

< MD5 for: WS2_32.DLL >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/10 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15C56B30
< End of report >


#7 CSC1836

CSC1836
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 01 August 2010 - 03:49 AM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-01 03:36:09
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\kfqdrpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAF5FE6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAF5FE574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAF5FEA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAF5FE14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAF5FE64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAF5FE08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAF5FE0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAF5FE76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAF5FE72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAF5FE8AE]

INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) B81D316D
INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) B81D2FC2

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2470 80501CA8 4 Bytes JMP E4B4AF5F
.text ntkrnlpa.exe!ZwCallbackReturn + 2748 80501F80 4 Bytes CALL 94C8CEE4
.rsrc C:\WINDOWS\system32\drivers\compbatt.sys entry point in ".rsrc" section [0xBA4BE214]
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xB8976EBF]
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xA5279400, 0x7960C, 0xE8000020]
.protect’’’’hardlockentry point in ".protect’’’’hardlockentry point in ".protect’’’’hardlockentry point in ".p" section [0xA531B420] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect’’’’hardlockentry point in ".protect’’’’hardlockentry point in ".p" section [0xA531B420]
.protect’’’’hardlockunknown last code section [0xA531B200, 0x5049, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xA531B200, 0x5049, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1216] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A
.text C:\WINDOWS\System32\svchost.exe[1216] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1216] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1216] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C
.text C:\WINDOWS\System32\svchost.exe[1216] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0087000A
.text C:\WINDOWS\System32\svchost.exe[1216] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00D3000A
.text C:\WINDOWS\Explorer.EXE[2204] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[2204] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[2204] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8A803EC5

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7E 0x79 0x90 0x4A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7E 0x79 0x90 0x4A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7E 0x79 0x90 0x4A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7E 0x79 0x90 0x4A ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\compbatt.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 01 August 2010 - 06:29 AM

Hello, CSC1836.
Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.
P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case BitTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.






Viewpoint (foistware) Warning"

I see Viewpoint is installed on your machine. Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to the Control Panel, then Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.






You also have "Search Toolbar" installed which is adware/spyware. I suggest you remove it via Add/Remove Programs.



Step 1

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.



Step 2

Download and run HAMeb_check.exe
Post the contents of the resulting log.



Step 3

Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares

EDIT: typo

Edited by etavares, 01 August 2010 - 06:29 AM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 07 August 2010 - 05:57 AM

still with me?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 12 August 2010 - 06:00 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users