Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

backdoor.tdss.565


  • This topic is locked This topic is locked
18 replies to this topic

#1 Sivvi

Sivvi

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 28 June 2011 - 02:35 PM

First, thank you in advance for your time and attention to help me solve this issue.

So, my old roommate took over my old desktop for the past couple years, and now I've returned to it to find it riddled with viruses, but one that seems to be impossible for me to shake on my own.

Whatever it is (Dr Web called it backdoor.tdss.565) I figure it's running under an svchost. The svchost in question will sometimes be using over 3GB of system memory (often over 100 times the next closest process) which makes it pretty obvious. It also uses about 50% of my CPU, which is far beyond anything I've ever seen before.

I've run avast, SBS&D, MWBAM, ad-aware, drweb cureit, kaspersky (only the virus removal tool, as the main program fails to load telling me to run the virus removal tool again), spyware terminator, and I've went through my HJT log several times googling every process. So, long story short, I hope you can help :)

Symptoms: Very slow system speed. New tabs open up randomly while web browsing directing me to ads. Sometimes the internet is completely unavailable via either of my browsers (Opera and IE). When searching for specific things via google, like windows updates, or answers to questions about viruses, instead of going to my chosen link I'm redirected to some scam sites that are set up to look like a microsoft site, or an antivirus site. Some are cheesy and obvious, some are good enough that it's shocking. Windows Update is completely crippled. Clicking on it does nothing, and trying to even see a cached page of anything close to a real microsoft webpage is blocked by whatever virus this is. I can kill the svchost process in question from the task manager, but it starts right back up using similar system resources as other processes, but eventually ramps up to at least a few hundred mbs of memory in use. Every antivirus program I've run claims to have found and fixed the problem, but the only real result I had was with DrWeb, after running a complete scan, but before rebooting, windows update kicked on finally and showed me scores of updates before crashing and the svchost process starting up again.

I noticed that a lot of programs and logs are saying I have AVG 2011 installed, but it has been uninstalled for a couple months now.

When using gmer, it did not give me the option to change the file extension or enter my own, the only option was to save it as a .log. I'm not sure if that indicates I missed something somewhere or not.

Following is the DDS log requested in the preparation guide:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Travis at 4:12:10 on 2011-06-28
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.3062.2194 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera 9\opera.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig
mStart Page = www.google.ca
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [cdloader] "c:\documents and settings\travis.prime-c0912bdd6\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SW20] c:\windows\system32\sw20.exe
mRun: [SW24] c:\windows\system32\sw24.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [avp6_post_install] msiexec.exe /i"c:\documents and settings\travis.prime-c0912bdd6\desktop\av\kavkis.msi" SKIPPRODUCTCHECK=1 REINSTALL="ALL" REINSTALLMODE="voums"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10p_ActiveX.exe -update activex
uPolicies-explorer: ExSearchOptions = 170970 (0x29bda)
uPolicies-explorer: SpecifyDefaultButtons = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266108105562
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266107960812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7BEC5A5F-E23D-4D2B-9E0C-B033B072BC87} : DhcpNameServer = 192.168.0.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 95406822;95406822 Boot Guard Driver;c:\windows\system32\drivers\95406822.sys [2011-6-27 37392]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-6-17 64512]
R1 95406821;95406821;c:\windows\system32\drivers\95406821.sys [2011-6-27 128016]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-8 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-8 307928]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-6-20 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-8 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-8 42184]
R4 setup_9.0.0.722_28.06.2011_01-11drv;setup_9.0.0.722_28.06.2011_01-11drv;c:\windows\system32\drivers\9540682.sys --> c:\windows\system32\drivers\9540682.sys [?]
RUnknown DwProt;DwProt; [x]
S1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys --> c:\windows\system32\drivers\klif.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2008-7-8 347648]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-6-17 2151128]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-6-17 15232]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AVGIDSDriver;AVGIDSDriver; [x]
S4 AVGIDSEH;AVGIDSEH; [x]
S4 AVGIDSFilter;AVGIDSFilter; [x]
S4 AVGIDSShim;AVGIDSShim; [x]
S4 Avgrkx86;AVG Anti-Rootkit Driver; [x]
S4 Avgtdix;AVG TDI Driver; [x]
.
=============== Created Last 30 ================
.
2011-06-28 05:07:03 -------- d-sha-r- C:\cmdcons
2011-06-28 04:10:25 208896 ----a-w- c:\windows\MBR.exe
2011-06-28 04:10:24 98816 ----a-w- c:\windows\sed.exe
2011-06-28 04:10:24 518144 ----a-w- c:\windows\SWREG.exe
2011-06-28 04:10:24 256512 ----a-w- c:\windows\PEV.exe
2011-06-27 21:42:17 37392 ----a-w- c:\windows\system32\drivers\95406822.sys
2011-06-27 21:42:17 128016 ----a-w- c:\windows\system32\drivers\95406821.sys
2011-06-27 19:55:12 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-06-27 19:10:03 -------- d-----w- c:\documents and settings\all users.windows\application data\Kaspersky Lab Setup Files
2011-06-27 08:07:56 -------- d-----w- c:\documents and settings\travis.prime-c0912bdd6\DoctorWeb
2011-06-27 06:56:17 388096 ----a-r- c:\documents and settings\travis.prime-c0912bdd6\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-27 06:56:17 -------- d-----w- c:\program files\Trend Micro
2011-06-23 20:03:23 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-06-23 16:24:13 -------- d-----w- c:\documents and settings\travis.prime-c0912bdd6\local settings\application data\Sunbelt Software
2011-06-20 20:51:03 -------- d-----w- c:\program files\WinClamAVShield
2011-06-20 20:48:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-20 20:48:08 -------- d-----w- c:\documents and settings\all users.windows\application data\Spybot - Search & Destroy
2011-06-20 20:45:31 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-06-20 20:45:31 -------- d-----w- c:\documents and settings\travis.prime-c0912bdd6\application data\Spyware Terminator
2011-06-20 20:45:29 -------- d-----w- c:\documents and settings\all users.windows\application data\Spyware Terminator
2011-06-20 20:45:28 -------- d-----w- c:\program files\Spyware Terminator
2011-06-17 18:24:24 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-17 18:21:08 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-06-11 20:03:31 -------- d-----w- c:\documents and settings\travis.prime-c0912bdd6\application data\Malwarebytes
2011-06-11 20:02:29 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-11 20:02:28 -------- d-----w- c:\documents and settings\all users.windows\application data\Malwarebytes
2011-06-11 20:02:23 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-11 20:02:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-09 00:12:38 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-09 00:12:27 40112 ----a-w- c:\windows\avastSS.scr
2011-06-09 00:12:20 -------- d-----w- c:\program files\AVAST Software
2011-06-09 00:12:20 -------- d-----w- c:\documents and settings\all users.windows\application data\AVAST Software
2011-05-30 11:14:29 -------- d-----w- c:\documents and settings\travis.prime-c0912bdd6\application data\Stardock
2011-05-30 09:26:40 -------- d-----w- c:\documents and settings\all users.windows\application data\Gibraltar
2011-05-30 05:58:41 -------- d-----w- c:\program files\common files\DivX Shared
2011-05-30 05:49:56 -------- d-----w- c:\documents and settings\all users.windows\application data\DivX
.
==================== Find3M ====================
.
2011-06-24 18:23:48 26112 ----a-w- c:\windows\system32\userinit.exe
2011-05-04 10:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 08:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3320620AS rev.3.AAJ -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-19
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AA09730]<<
c:\docume~1\travis~1.pri\locals~1\temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8aa0fa10]; MOV EAX, [0x8aa0fa8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AACBAB8]
3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000074[0x8AA88948]
5 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8AA4DB00]
\Driver\atapi[0x8AAF3288] -> IRP_MJ_CREATE -> 0x8AA09730
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8AA0957B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 4:17:14.82 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:46 PM

Posted 02 July 2011 - 11:52 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Sivvi

Sivvi
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 02 July 2011 - 03:04 PM

Hi ST, thank you for your time and effort, I hope we can beat this thing. Since posting I've left the computer (and situation) completely untouched. Regardless of the outcome, I will maintain communication and not waste your time, I appreciate the volunteer nature of your work here.

To begin with, I must semi-regularly end the scvhost process while completing these steps, otherwise the computer freezes. Usually general activities like opening folders becomes impossible at around 2gb of system memory being used by the process.

As follows are the reports requested:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB5E70000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10604544 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 258.96 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6344704 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 258.96 )
0xABB9F000 C:\WINDOWS\system32\DRIVERS\95406821.sys 5373952 bytes (Kaspersky Lab, Kaspersky Unified Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB22E8000 C:\WINDOWS\system32\drivers\sthda.sys 1216512 bytes (IDT, Inc., IDT PC Audio)
0xB7E5B000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAC0BF000 C:\WINDOWS\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0xAC1B5000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xAC2E3000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAACB7000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xAC36F000 C:\WINDOWS\system32\DRIVERS\9540682.sys 331776 bytes
0xAC12F000 C:\WINDOWS\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xAA316000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xAC179000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xB5E23000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 233472 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.2 deserialized driver)
0xAA0CF000 C:\DOCUME~1\TRAVIS~1.PRI\LOCALS~1\Temp\lo4vZ33y.sys 208896 bytes
0xB7F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB7E2E000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA9B60000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAC225000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB5DD7000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAC295000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAC2BD000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xABB7B000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB22C4000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB5DFF000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB5DB4000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAC250000 C:\WINDOWS\system32\drivers\sp_rsdrv2.sys 143360 bytes (-, -)
0xAC273000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xAA12D000 C:\WINDOWS\system32\drivers\dwprot.sys 131072 bytes
0xB7F11000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB7F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB7E14000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xA9CCE000 C:\DOCUME~1\TRAVIS~1.PRI\LOCALS~1\Temp\kfxyrpow.sys 102400 bytes
0xB7F31000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xABB63000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xAB04D000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xB7EE8000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB5D89000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAAC7A000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB5DA0000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB5E5C000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAC33C000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB7EFF000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB7F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB5D78000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xAF6C4000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB82C8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB80A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB82F8000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB8268000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB8118000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xB82D8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xAEBAD000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB11F6000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xB8228000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB80B8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xB8138000 95406822.sys 53248 bytes (Kaspersky Lab, Kaspersky Lab Boot Guard Driver)
0xB8108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB82E8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB8308000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB80E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB784E000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xB8158000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB29F1000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB82A8000 C:\WINDOWS\system32\DRIVERS\HECI.sys 45056 bytes (Intel Corporation, Intel® Management Engine Interface)
0xB82B8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xB80D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB8318000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB6971000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xB80C8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB6951000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB786E000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xA9DF7000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xB80F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB77DE000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB8298000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB8168000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB2A01000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB8128000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB2A11000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB8450000 C:\DOCUME~1\TRAVIS~1.PRI\LOCALS~1\Temp\catchme.sys 32768 bytes
0xB8388000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB8440000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB6A75000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB6A65000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xB8408000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB68AD000 C:\DOCUME~1\TRAVIS~1.PRI\LOCALS~1\Temp\mbr.sys 28672 bytes
0xB8328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB8480000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xAFF0F000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xB6A5D000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB68D5000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB6A7D000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB8438000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB8390000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xB83A0000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xB6A6D000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 20480 bytes (GEAR Software Inc., CD DVD Filter)
0xB8448000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB6A4D000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB6A45000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xB6A55000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xAF181000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB6ADE000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB6AEE000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xAFEB7000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xB84BC000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB69F7000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xAC7AB000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8A9C0000 C:\WINDOWS\system32\KDCOM.DLL 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xAC579000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB6AEA000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xACA34000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB85F2000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB85B0000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xB85F0000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB85F4000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB8640000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xB85DA000 C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 8192 bytes
0xB85F6000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB85EC000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB8626000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB85A8000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB8715000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB8727000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB86F1000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x882CE008 unknown_irp_handler 4088 bytes
0x882B31C0 unknown_irp_handler 3648 bytes
0x88280258 unknown_irp_handler 3496 bytes
0x88282488 unknown_irp_handler 2936 bytes
!!!!!!!!!!!Hidden driver: 0x8AA0957B ?_empty_? 2693 bytes
0x88379770 unknown_irp_handler 2192 bytes
0x884B47C8 unknown_irp_handler 2104 bytes
0x876969E8 unknown_irp_handler 1560 bytes
0x876C8A68 unknown_irp_handler 1432 bytes
0x883AAAC8 unknown_irp_handler 1336 bytes
0x88A6FAF0 unknown_irp_handler 1296 bytes
0x884DFB08 unknown_irp_handler 1272 bytes
0x88A9AB80 unknown_irp_handler 1152 bytes
0x8838ECE8 unknown_irp_handler 792 bytes
0x875A1E08 unknown_irp_handler 504 bytes
==============================================
>Stealth
==============================================
0xB7F31000 WARNING: suspicious driver modification [atapi.sys::0x8AA0957B]


OTL logfile created on: 02/07/2011 12:49:22 PM - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\AV
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 62.33% Memory free
7.32 Gb Paging File | 6.21 Gb Available in Paging File | 84.85% Paging File free
Paging file location(s): C:\pagefile.sys 4591 4591 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 173.53 Gb Free Space | 58.21% Space Free | Partition Type: NTFS
Drive H: | 1.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 17.59 Mb Total Space | 17.32 Mb Free Space | 98.44% Space Free | Partition Type: FAT

Computer Name: PRIME-C0912BDD6 | User Name: Travis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/02 12:41:11 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\AV\OTL.exe
PRC - [2011/06/24 03:23:35 | 000,941,936 | ---- | M] (Opera Software) -- C:\Program Files\Opera 9\opera.exe
PRC - [2011/05/10 06:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/07/02 12:41:11 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\AV\OTL.exe
MOD - [2011/05/10 06:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/06/20 14:45:31 | 000,496,128 | ---- | M] (Crawler.com) [On_Demand | Stopped] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2011/06/17 02:00:28 | 002,151,128 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/05/10 06:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/08/29 15:20:56 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Disabled | Running] -- -- (setup_9.0.0.722_28.06.2011_01-11drv)
DRV - File not found [File_System | Unknown | Running] -- -- (DwProt)
DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/06/20 14:45:31 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2011/06/17 02:00:30 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/06/17 02:00:28 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/05/10 06:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 06:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 06:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 06:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 05:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 05:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 05:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/12/08 05:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\95406822.sys -- (95406822)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\95406821.sys -- (95406821)
DRV - [2008/04/10 20:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/03/18 02:54:29 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007/09/26 11:43:15 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2007/09/26 11:43:13 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/07/09 10:40:20 | 000,044,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2006/07/05 16:35:54 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/05/08 05:10:44 | 000,347,648 | R--- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A5AGU.sys -- (A5AGU)
DRV - [2005/12/02 03:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1708537768-1677128483-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKU\S-1-5-21-1708537768-1677128483-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1708537768-1677128483-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\


Hosts file not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SW20] C:\WINDOWS\system32\sw20.exe ()
O4 - HKLM..\Run: [SW24] C:\WINDOWS\system32\sw24.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Baeb\Start Menu\Programs\Startup\Impulse Now.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe (Stardock Corporation)
O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Start Menu\Programs\Startup\Launch WhiteSmoke.lnk.disabled ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1708537768-1677128483-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1708537768-1677128483-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1708537768-1677128483-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ExSearchOptions = 170970
O7 - HKU\S-1-5-21-1708537768-1677128483-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 0
O7 - HKU\S-1-5-21-1708537768-1677128483-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 1
O7 - HKU\S-1-5-21-1708537768-1677128483-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1708537768-1677128483-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266108105562 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266107960812 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Travis.PRIME-C0912BDD6\My Documents\My Pictures\darchigh.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Travis.PRIME-C0912BDD6\My Documents\My Pictures\darchigh.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/15 17:58:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/02/29 07:13:53 | 000,575,080 | R--- | M] (magicJack L.P.) - H:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/02/29 07:13:53 | 000,016,158 | R--- | M] () - H:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2008/02/29 07:13:53 | 000,000,308 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/01/04 18:17:30 | 000,000,270 | ---- | M] () - I:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/28 12:46:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/27 23:07:03 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/27 22:10:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/27 22:10:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/27 22:10:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/27 22:10:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/27 22:06:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/27 22:02:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/27 15:42:17 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\95406821.sys
[2011/06/27 15:42:17 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\95406822.sys
[2011/06/27 15:26:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Recent
[2011/06/27 13:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\AV
[2011/06/27 13:55:12 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/06/27 13:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
[2011/06/27 02:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\DoctorWeb
[2011/06/27 00:56:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/27 00:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Start Menu\Programs\HiJackThis
[2011/06/23 10:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Local Settings\Application Data\Sunbelt Software
[2011/06/20 14:51:03 | 000,000,000 | ---D | C] -- C:\Program Files\WinClamAVShield
[2011/06/20 14:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/20 14:48:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2011/06/20 14:45:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\Spyware Terminator
[2011/06/20 14:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spyware Terminator
[2011/06/20 14:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2011/06/20 14:42:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AntiVirus
[2011/06/20 14:41:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Start Menu\Programs\AntiVirus
[2011/06/17 12:30:45 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/17 12:30:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/17 12:30:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/17 12:24:24 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/06/17 12:21:08 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/06/11 14:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\Malwarebytes
[2011/06/11 14:02:29 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/11 14:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2011/06/11 14:02:23 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/11 14:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/08 18:12:41 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/06/08 18:12:41 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/06/08 18:12:39 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/06/08 18:12:39 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/06/08 18:12:38 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/06/08 18:12:38 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/06/08 18:12:38 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/06/08 18:12:37 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/06/08 18:12:27 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/06/08 18:12:26 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/06/08 18:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/06/08 18:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[7 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[49 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/02 12:50:04 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/28 08:39:00 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\WebReg HP Deskjet F4400 series.job
[2011/06/28 04:10:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\defogger_reenable
[2011/06/28 03:20:08 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\HiJackThis.lnk
[2011/06/28 02:15:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/27 23:07:11 | 000,000,471 | RHS- | M] () -- C:\boot.ini
[2011/06/27 22:07:06 | 000,000,053 | ---- | M] () -- C:\biosinfo
[2011/06/27 22:05:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/27 13:55:11 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/06/27 13:23:16 | 000,001,077 | ---- | M] () -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\magicJack.lnk
[2011/06/27 12:24:44 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/27 12:24:20 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/27 12:24:20 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/06/24 03:23:37 | 000,001,532 | ---- | M] () -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/06/24 03:23:37 | 000,001,514 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Opera.lnk
[2011/06/20 14:45:31 | 000,142,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011/06/17 12:24:24 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/06/17 12:24:23 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/06/17 02:00:30 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/06/13 01:55:22 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/13 01:40:56 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2011/06/08 18:12:38 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[7 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[49 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/28 04:10:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\defogger_reenable
[2011/06/27 23:07:07 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/27 22:10:25 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/27 22:10:24 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/27 22:10:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/27 22:10:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/27 22:10:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/27 00:56:17 | 000,002,481 | ---- | C] () -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\HiJackThis.lnk
[2011/06/24 03:23:37 | 000,001,532 | ---- | C] () -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/06/24 03:23:37 | 000,001,520 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Opera.lnk
[2011/06/24 03:23:37 | 000,001,514 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Opera.lnk
[2011/06/23 14:03:23 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/06/20 14:45:31 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011/06/20 14:40:35 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/20 14:40:35 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/06/17 12:22:04 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/13 01:40:56 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2010/11/23 20:36:05 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/11/23 20:36:01 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/11/23 20:36:01 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/31 01:10:53 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/07/10 06:38:00 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/02/04 09:27:49 | 000,148,185 | ---- | C] () -- C:\WINDOWS\hpoins37.dat
[2010/02/04 09:27:49 | 000,000,504 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat
[2009/12/16 21:28:34 | 000,000,181 | ---- | C] () -- C:\WINDOWS\civ.ini
[2009/05/05 08:40:32 | 000,000,044 | ---- | C] () -- C:\WINDOWS\lgcenter.ini
[2009/03/05 17:12:56 | 000,002,389 | -H-- | C] () -- C:\WINDOWS\ts.ini
[2008/11/11 12:00:24 | 000,353,792 | ---- | C] () -- C:\WINDOWS\System32\pythoncom26.dll
[2008/11/11 12:00:24 | 000,107,520 | ---- | C] () -- C:\WINDOWS\System32\pywintypes26.dll
[2008/10/08 03:26:40 | 000,004,757 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/23 16:06:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/09/19 15:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/11 22:45:08 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/08/01 14:52:06 | 000,002,004 | ---- | C] () -- C:\WINDOWS\IMM02A.ini
[2008/07/08 17:37:26 | 000,149,544 | R--- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2008/05/10 01:36:43 | 000,000,204 | ---- | C] () -- C:\WINDOWS\CS_MD_T.ini
[2008/04/24 00:32:44 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/06 00:06:40 | 000,035,902 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2008/03/21 14:05:03 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2008/02/14 22:10:33 | 000,000,740 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2008/01/09 07:37:43 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Local Settings\Application Data\fusioncache.dat
[2008/01/08 21:44:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2008/01/08 21:26:14 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\smdll.dll
[2008/01/08 21:26:12 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\HookMAp.dll
[2008/01/08 21:26:12 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Auxiliary.dll
[2008/01/08 21:26:11 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\HookShield.dll
[2008/01/08 21:26:11 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys
[2008/01/08 21:26:11 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\sysinfo.sys
[2008/01/08 21:26:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\sw20.exe
[2008/01/08 21:26:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\sw24.exe
[2008/01/08 14:26:43 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/01/08 14:26:09 | 000,102,400 | ---- | C] () -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/08 11:09:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/01/08 09:45:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/01/08 09:41:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/01/08 02:33:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/01/08 02:30:59 | 002,019,776 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/11/29 17:50:20 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2007/11/29 17:50:20 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2007/03/15 15:50:41 | 000,062,304 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2006/08/11 07:45:20 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/11 07:43:10 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(6).dll
[2006/08/11 07:43:10 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(5).dll
[2006/08/11 07:43:10 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(4).dll
[2006/08/11 07:43:10 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(3).dll
[2006/08/11 07:43:10 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(2).dll
[2006/08/11 07:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/28 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 06:00:00 | 000,503,308 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 06:00:00 | 000,088,514 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 06:00:00 | 000,047,564 | ---- | C] () -- C:\WINDOWS\NTDETECT.COM
[2006/02/28 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/12/26 02:45:02 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll

< End of report >


OTL Extras logfile created on: 02/07/2011 12:49:22 PM - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\AV
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 62.33% Memory free
7.32 Gb Paging File | 6.21 Gb Available in Paging File | 84.85% Paging File free
Paging file location(s): C:\pagefile.sys 4591 4591 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 173.53 Gb Free Space | 58.21% Space Free | Partition Type: NTFS
Drive H: | 1.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 17.59 Mb Total Space | 17.32 Mb Free Space | 98.44% Space Free | Partition Type: FAT

Computer Name: PRIME-C0912BDD6 | User Name: Travis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera 9\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1708537768-1677128483-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera 9\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera 9\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Starcraft\StarCraft.exe" = C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:MSI starter -- (Nero AG)
"C:\Program Files\Paradox Interactive\Elven Legacy\ElvenLegacy.exe" = C:\Program Files\Paradox Interactive\Elven Legacy\ElvenLegacy.exe:*:Enabled:Elven Legacy -- (1C:Ino-Co)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\steamapps\common\king's bounty - the legend\kb.exe" = C:\Program Files\Steam\steamapps\common\king's bounty - the legend\kb.exe:*:Enabled:King's Bounty: The Legend -- ()
"C:\Program Files\Steam\steamapps\common\king's bounty - the legend\save_fixer.exe" = C:\Program Files\Steam\steamapps\common\king's bounty - the legend\save_fixer.exe:*:Enabled:King's Bounty: The Legend -- ()
"C:\Program Files\Steam\steamapps\common\kings bounty armored princess\kb.exe" = C:\Program Files\Steam\steamapps\common\kings bounty armored princess\kb.exe:*:Enabled:King's Bounty: Armored Princess -- ()
"C:\Program Files\Steam\steamapps\common\puzzle quest\Puzzle Quest.exe" = C:\Program Files\Steam\steamapps\common\puzzle quest\Puzzle Quest.exe:*:Enabled:Puzzle Quest -- ()
"C:\Program Files\Steam\steamapps\common\the witcher enhanced edition\System\witcher.exe" = C:\Program Files\Steam\steamapps\common\the witcher enhanced edition\System\witcher.exe:*:Enabled:The Witcher: Enhanced Edition -- (CD Projekt Red)
"C:\Program Files\Steam\steamapps\common\the witcher enhanced edition\System\djinni!.exe" = C:\Program Files\Steam\steamapps\common\the witcher enhanced edition\System\djinni!.exe:*:Enabled:The Witcher: Enhanced Edition -- (CD Projekt Red)
"C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"C:\Documents and Settings\Baeb\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Baeb\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\Opera 9\opera.exe" = C:\Program Files\Opera 9\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2011 11.0.1.400\english\setup.exe" = C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2011 11.0.1.400\english\setup.exe:*:Enabled:Kaspersky Anti-Virus 2011 Setup -- (Kaspersky Lab)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0167F157-DAB9-46b0-86C4-7C66DDA85B48}" = HP Deskjet F4400 All-In-One Driver Software 12.0 Rel .5
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{0409c45d-df44-4b98-93b0-572697aa054a}" = F4400
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{111A3D14-7596-43B0-92BA-418435C90672}" = Intel® PRO Network Connections
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}" = Intel Audio Studio 2.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 26
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{40B8C652-42EE-479b-94FC-AEDE7F600D1A}_is1" = Elven Legacy: patch 1.0.9.2
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64893225-ADBA-469E-B114-F3B2C1FBBA77}" = RTKXI
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95966B8A-2B40-4233-B5D3-F838568561D5}" = Intel Audio Studio 2.0
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A1D14FC8-FF6E-4700-A501-BCAFD22B7D15}" = ActiveState ActivePython 2.6.0.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A63FF0B0-E46B-4628-ABD8-5AC532EC7309}" = Ad-Aware
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B3AEF776-7FFF-4C50-A402-9119E3849EE0}" = AVG 2011
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BABA6734-23CF-42AC-9E4C-EA2C7C80AA4E}" = AVG 2011
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{d281ba0e-1617-4a62-bb37-b73671035e36}" = DJ_AIO_05_F4400_Software_Min
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}" = NVIDIA PhysX v8.10.17
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{fd61b663-a436-40f6-bb62-4cfd98c18c12}" = Nero 9
"0000RetrofitMod_is1" = Medieval II - Retrofit Mod version 1.0
"7-Zip" = 7-Zip 4.57
"AC3Filter" = AC3Filter (remove only)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast" = avast! Free Antivirus
"Beyond Divinity" = Beyond Divinity
"BitTorrent" = BitTorrent
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Divine Divinity" = Divine Divinity
"DivX Setup.divx.com" = DivX Setup
"G-Force" = G-Force
"GOM Player" = GOM Player
"HeavyMetal Plus1.0" = HeavyMetal Plus
"HECI" = Intel® Management Engine Interface
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"ie8" = Windows Internet Explorer 8
"Impulse" = Impulse
"InfoView" = InfoView
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"i-Speeder" = i-Speeder
"Matroska Pack" = Matroska Pack (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"mIRC" = mIRC
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI Live Update 3" = MSI Live Update 3
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"Opera 11.11.2109" = Opera 11.11
"Orion2DeinstKey" = Master of Orion II
"RealAlt_is1" = Real Alternative 1.7.5 Lite
"Spyware Terminator_is1" = Spyware Terminator
"Starcraft" = Starcraft
"Steam App 12500" = Puzzle Quest
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 25900" = King's Bounty: The Legend
"Steam App 3170" = King's Bounty: Armored Princess
"Steam App 400" = Portal
"Steam App 550" = Left 4 Dead 2
"Steam App 63910" = King's Bounty: Crossworlds
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD" = XviD MPEG-4 Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1708537768-1677128483-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"InstallShield_{64893225-ADBA-469E-B114-F3B2C1FBBA77}" = RTKXI
"magicJack" = magicJack
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/06/2011 5:32:27 AM | Computer Name = PRIME-C0912BDD6 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 24/06/2011 5:32:27 AM | Computer Name = PRIME-C0912BDD6 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 24/06/2011 5:32:27 AM | Computer Name = PRIME-C0912BDD6 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 27/06/2011 3:14:29 PM | Computer Name = PRIME-C0912BDD6 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 27/06/2011 3:14:29 PM | Computer Name = PRIME-C0912BDD6 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 27/06/2011 5:24:38 PM | Computer Name = PRIME-C0912BDD6 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\AV\kavkis.msi
is not permitted due to an error in software restriction policy processing. The
object cannot be trusted.

Error - 27/06/2011 5:31:09 PM | Computer Name = PRIME-C0912BDD6 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 27/06/2011 5:31:09 PM | Computer Name = PRIME-C0912BDD6 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Documents and Settings\All Users.WINDOWS\Application
Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2011 11.0.1.400\english\kavkis.msi
is not permitted due to an error in software restriction policy processing. The
object cannot be trusted.

Error - 27/06/2011 5:34:43 PM | Computer Name = PRIME-C0912BDD6 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Documents and Settings\All Users.WINDOWS\Application
Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2011 11.0.1.400\english\kavkis.msi
is not permitted due to an error in software restriction policy processing. The
object cannot be trusted.

Error - 28/06/2011 12:02:13 AM | Computer Name = PRIME-C0912BDD6 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Documents and Settings\All Users.WINDOWS\Application
Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2011 11.0.1.400\english\kavkis.msi
is not permitted due to an error in software restriction policy processing. The
object cannot be trusted.

[ System Events ]
Error - 27/06/2011 5:41:56 PM | Computer Name = PRIME-C0912BDD6 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 28/06/2011 12:03:20 AM | Computer Name = PRIME-C0912BDD6 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 28/06/2011 12:04:25 AM | Computer Name = PRIME-C0912BDD6 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 28/06/2011 12:05:38 AM | Computer Name = PRIME-C0912BDD6 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 28/06/2011 12:05:42 AM | Computer Name = PRIME-C0912BDD6 | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 28/06/2011 12:05:42 AM | Computer Name = PRIME-C0912BDD6 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 28/06/2011 12:05:43 AM | Computer Name = PRIME-C0912BDD6 | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Generic Flash
Disk USB Device.

Error - 28/06/2011 12:05:52 AM | Computer Name = PRIME-C0912BDD6 | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Generic Flash
Disk USB Device.

Error - 28/06/2011 4:15:46 AM | Computer Name = PRIME-C0912BDD6 | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 28/06/2011 5:31:45 AM | Computer Name = PRIME-C0912BDD6 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.


< End of report >


At this point, there's been no change to the performance of my computer besides this forum no longer being accessible. I must bounce between computers now.

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:46 PM

Posted 02 July 2011 - 04:52 PM

Hi!

Okay, thanks for that information!

Looks like we are dealing with a rootkit infection here.


Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    DRV - File not found [File_System | Disabled | Running] -- -- (setup_9.0.0.722_28.06.2011_01-11drv)
    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2010/12/08 05:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
    [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [7 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [49 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    
    :Reg
    
    :Files
    type "C:\ComboFix.txt" /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



VirusTotal File Scan
Please go to: VirusTotal
  • Posted Image
  • Click the Choose File button and search for the following file: C:\WINDOWS\system32\sw20.exe
  • Click Open
  • Then click Send File
If it says already scanned -- click "reanalyze now"

  • Please be patient while the file is scanned.
  • Once the scan results appear, please click on the Compact button.
  • A new window should appear with a bunch of tabs at the top. Please click on the BBCode tab.
  • Copy and Paste the contents of the text in the BBCode into your next reply for me to review.

Please repeat the above process for the following file below:

C:\WINDOWS\system32\sw24.exe

Please post the results in your next reply



NEXT:



Remove Program
We need to remove a program. To do this please do the following:
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):
  • Java™ 6 Update 3
  • Java™ 6 Update 5
  • Java™ 6 Update 7
  • AVG 2011


NEXT:


AVG Removal Tool

Download and save AVG Removal Tool to your desktop

Run it to remove AVG. After this, please restart your computer.


NEXT:


What issues are you currently experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 Sivvi

Sivvi
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 02 July 2011 - 06:31 PM

A few questions before I go on:

VirusTotal is not working, I'm getting an error page when I try to upload the files. Is it safe to put those files on a flash drive, move them to my laptop, and try to upload them from there? I do have an nVidia MSI graphics card, and those files appear to be associated with it.

Windows update is finally alive again, I haven't installed any of the updates, but should I? (Opera is also now asking to install updates)

I noticed the OTL fix deleted a legit program that I've had on all my computers for many years (Utopia Angel), that was just a false positive, right?

#6 Sivvi

Sivvi
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 02 July 2011 - 10:47 PM

Ok, I was able to submit the files.

The 3 Java updates were removed. There was no AVG on the list, but I did run the remover (it didn't produce any sort of output or log though).

Following are the requested reports:

2011/07/02 16:08:36.0828 3900 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/07/02 16:08:37.0484 3900 ================================================================================
2011/07/02 16:08:37.0484 3900 SystemInfo:
2011/07/02 16:08:37.0484 3900
2011/07/02 16:08:37.0484 3900 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/02 16:08:37.0484 3900 Product type: Workstation
2011/07/02 16:08:37.0484 3900 ComputerName: PRIME-C0912BDD6
2011/07/02 16:08:37.0484 3900 UserName: Travis
2011/07/02 16:08:37.0484 3900 Windows directory: C:\WINDOWS
2011/07/02 16:08:37.0484 3900 System windows directory: C:\WINDOWS
2011/07/02 16:08:37.0484 3900 Processor architecture: Intel x86
2011/07/02 16:08:37.0484 3900 Number of processors: 2
2011/07/02 16:08:37.0484 3900 Page size: 0x1000
2011/07/02 16:08:37.0484 3900 Boot type: Normal boot
2011/07/02 16:08:37.0484 3900 ================================================================================
2011/07/02 16:08:38.0843 3900 Initialize success
2011/07/02 16:08:47.0921 1436 ================================================================================
2011/07/02 16:08:47.0921 1436 Scan started
2011/07/02 16:08:47.0921 1436 Mode: Manual;
2011/07/02 16:08:47.0921 1436 ================================================================================
2011/07/02 16:08:48.0343 1436 95406821 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\95406821.sys
2011/07/02 16:08:48.0421 1436 95406822 (a305fad3719c5db0c13d1c2bfd08a04d) C:\WINDOWS\system32\DRIVERS\95406822.sys
2011/07/02 16:08:48.0515 1436 A5AGU (7cd94733f81127159c974f6a963580f2) C:\WINDOWS\system32\DRIVERS\A5AGU.sys
2011/07/02 16:08:48.0578 1436 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/07/02 16:08:48.0671 1436 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/02 16:08:48.0750 1436 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/02 16:08:48.0812 1436 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/02 16:08:48.0890 1436 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/07/02 16:08:49.0046 1436 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/07/02 16:08:49.0171 1436 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/07/02 16:08:49.0250 1436 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/07/02 16:08:49.0296 1436 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/07/02 16:08:49.0390 1436 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/07/02 16:08:49.0500 1436 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys
2011/07/02 16:08:49.0531 1436 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/07/02 16:08:49.0593 1436 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/02 16:08:49.0656 1436 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/02 16:08:49.0687 1436 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/02 16:08:49.0765 1436 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/02 16:08:49.0937 1436 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/07/02 16:08:50.0015 1436 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/07/02 16:08:50.0093 1436 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/02 16:08:50.0343 1436 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/02 16:08:50.0390 1436 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/02 16:08:50.0437 1436 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/02 16:08:50.0546 1436 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/02 16:08:50.0750 1436 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/02 16:08:50.0859 1436 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/02 16:08:50.0906 1436 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/02 16:08:50.0937 1436 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/02 16:08:50.0984 1436 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/02 16:08:51.0046 1436 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/02 16:08:51.0109 1436 e1express (c477f783ed345ec9d739d58eff63a224) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/07/02 16:08:51.0156 1436 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/02 16:08:51.0203 1436 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/02 16:08:51.0281 1436 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/02 16:08:51.0328 1436 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/02 16:08:51.0421 1436 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/02 16:08:51.0640 1436 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/02 16:08:51.0703 1436 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/02 16:08:51.0750 1436 GEARAspiWDM (df6e37b27a9a1a498c6d9f29995b7a03) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/07/02 16:08:51.0812 1436 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/02 16:08:51.0875 1436 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/02 16:08:51.0921 1436 HECI (9c1a84cb7d209cbecb1909de4875e9d6) C:\WINDOWS\system32\DRIVERS\HECI.sys
2011/07/02 16:08:51.0968 1436 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/02 16:08:52.0078 1436 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/07/02 16:08:52.0125 1436 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/07/02 16:08:52.0203 1436 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/07/02 16:08:52.0281 1436 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/02 16:08:52.0375 1436 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/02 16:08:52.0406 1436 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/02 16:08:52.0515 1436 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/02 16:08:52.0593 1436 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/02 16:08:52.0640 1436 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/02 16:08:52.0687 1436 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/02 16:08:52.0734 1436 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/02 16:08:52.0796 1436 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/02 16:08:52.0843 1436 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/02 16:08:52.0875 1436 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/02 16:08:52.0937 1436 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/02 16:08:52.0984 1436 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/02 16:08:53.0046 1436 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/02 16:08:53.0187 1436 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/07/02 16:08:53.0312 1436 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/07/02 16:08:53.0390 1436 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/02 16:08:53.0484 1436 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/02 16:08:53.0531 1436 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/02 16:08:53.0578 1436 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/02 16:08:53.0625 1436 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/02 16:08:53.0750 1436 MREMP50 (80b2ec735495823ae5771a5f603e73bd) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/07/02 16:08:53.0812 1436 MRESP50 (37d7c22f7e26da90e2d2d260e5d27846) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/07/02 16:08:53.0890 1436 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/02 16:08:54.0015 1436 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/02 16:08:54.0093 1436 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/02 16:08:54.0156 1436 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/02 16:08:54.0187 1436 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/02 16:08:54.0203 1436 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/02 16:08:54.0234 1436 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/02 16:08:54.0296 1436 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/02 16:08:54.0343 1436 NAL (16ea7d22102b952621ef4d4f87e3463b) C:\WINDOWS\system32\Drivers\iqvw32.sys
2011/07/02 16:08:54.0437 1436 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/02 16:08:54.0468 1436 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/02 16:08:54.0515 1436 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/02 16:08:54.0562 1436 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/02 16:08:54.0593 1436 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/02 16:08:54.0656 1436 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/02 16:08:54.0734 1436 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/02 16:08:54.0812 1436 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/07/02 16:08:54.0875 1436 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/02 16:08:54.0937 1436 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/02 16:08:55.0031 1436 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/02 16:08:55.0109 1436 nv (8d43a34dacd260bf70fcc95e45b69456) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/07/02 16:08:55.0343 1436 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\nv4_mini.sys. Real md5: 8d43a34dacd260bf70fcc95e45b69456, Fake md5: ed9816dbaf6689542ea7d022631906a1
2011/07/02 16:08:55.0359 1436 nv - detected ForgedFile.Multi.Generic (1)
2011/07/02 16:08:55.0406 1436 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/02 16:08:55.0468 1436 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/02 16:08:55.0546 1436 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/07/02 16:08:55.0609 1436 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/02 16:08:55.0671 1436 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/02 16:08:55.0687 1436 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/02 16:08:55.0765 1436 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/02 16:08:55.0812 1436 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/02 16:08:55.0875 1436 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/02 16:08:56.0093 1436 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/02 16:08:56.0156 1436 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/02 16:08:56.0218 1436 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/02 16:08:56.0265 1436 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/02 16:08:56.0359 1436 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/02 16:08:56.0406 1436 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/02 16:08:56.0421 1436 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/02 16:08:56.0468 1436 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/02 16:08:56.0531 1436 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/02 16:08:56.0578 1436 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/02 16:08:56.0609 1436 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/02 16:08:56.0656 1436 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/02 16:08:56.0765 1436 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/02 16:08:56.0828 1436 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/02 16:08:56.0890 1436 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/02 16:08:56.0984 1436 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/02 16:08:57.0031 1436 sfng32 (5fe18fff6fbcf218290042009eab023d) C:\WINDOWS\system32\drivers\sfng32.sys
2011/07/02 16:08:57.0093 1436 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/02 16:08:57.0187 1436 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2011/07/02 16:08:57.0265 1436 sp_rsdrv2 (8831252bcf05fcfb5abd116a22e552d8) C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2011/07/02 16:08:57.0312 1436 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/02 16:08:57.0375 1436 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/02 16:08:57.0484 1436 STHDA (6ad7569cc5e40b94932ec56097c5dccd) C:\WINDOWS\system32\drivers\sthda.sys
2011/07/02 16:08:57.0578 1436 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/02 16:08:57.0609 1436 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/02 16:08:57.0718 1436 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/02 16:08:57.0796 1436 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/02 16:08:57.0828 1436 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/02 16:08:57.0859 1436 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/02 16:08:57.0921 1436 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/02 16:08:57.0984 1436 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/02 16:08:58.0109 1436 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/07/02 16:08:58.0171 1436 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/02 16:08:58.0218 1436 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/02 16:08:58.0250 1436 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/02 16:08:58.0296 1436 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/02 16:08:58.0359 1436 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/02 16:08:58.0375 1436 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/02 16:08:58.0390 1436 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/02 16:08:58.0437 1436 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/02 16:08:58.0546 1436 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/02 16:08:58.0625 1436 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/02 16:08:58.0687 1436 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/07/02 16:08:58.0750 1436 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/02 16:08:58.0875 1436 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/02 16:08:58.0937 1436 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/02 16:08:59.0000 1436 xusb21 (a640c90b007762939507c28a021be3b3) C:\WINDOWS\system32\DRIVERS\xusb21.sys
2011/07/02 16:08:59.0046 1436 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0
2011/07/02 16:08:59.0046 1436 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/07/02 16:08:59.0046 1436 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR12
2011/07/02 16:08:59.0078 1436 MBR (0x1B8) (9bc89d5a111de3295637af167c2d3010) \Device\Harddisk2\DR4
2011/07/02 16:08:59.0125 1436 Boot (0x1200) (f9b01c7a8ab4ea12b3d711f302484501) \Device\Harddisk0\DR0\Partition0
2011/07/02 16:08:59.0125 1436 Boot (0x1200) (ec0333f6bcbe191e19d711b98a7fb402) \Device\Harddisk1\DR12\Partition0
2011/07/02 16:08:59.0125 1436 ================================================================================
2011/07/02 16:08:59.0125 1436 Scan finished
2011/07/02 16:08:59.0125 1436 ================================================================================
2011/07/02 16:08:59.0140 3340 Detected object count: 2
2011/07/02 16:08:59.0140 3340 Actual detected object count: 2
2011/07/02 16:09:18.0234 3340 ForgedFile.Multi.Generic(nv) - User select action: Skip
2011/07/02 16:09:18.0281 3340 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/07/02 16:09:18.0281 3340 \Device\Harddisk0\DR0 - ok
2011/07/02 16:09:18.0281 3340 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/07/02 16:10:39.0218 4020 Deinitialize success


========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
Error: No service named setup_9.0.0.722_28.06.2011_01-11drv was found to stop!
Service\Driver key setup_9.0.0.722_28.06.2011_01-11drv not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
Service Avgldx86 stopped successfully!
Service Avgldx86 deleted successfully!
C:\WINDOWS\system32\drivers\avgldx86.sys moved successfully.
Service Avgmfx86 stopped successfully!
Service Avgmfx86 deleted successfully!
C:\WINDOWS\system32\drivers\avgmfx86.sys moved successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\NV1152440.TMP\nv3d.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nv3dara.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nv3dchs.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nv3dcht.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nv3dcsy.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nv3ddan.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nv3ddeu.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nv3dell.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nv3deng.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nv3desm.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nv3desn.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nv3dfin.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nv3dfra.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nv3dheb.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nv3dhun.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nv3dita.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nv3djpn.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nv3dkor.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nv3dnld.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nv3dnor.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nv3dplk.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nv3dptb.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nv3dptg.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nv3drus.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nv3dsky.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nv3dslv.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nv3dsve.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nv3dtha.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nv3dtrk.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvcpl.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvcplara.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvcplchs.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvcplcht.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvcplcsy.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvcpldan.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvcpldeu.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvcplell.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvcpleng.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvcplesm.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvcplesn.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvcplfin.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvcplfra.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvcplheb.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvcplhun.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvcplita.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvcpljpn.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvcplkor.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvcplnld.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvcplnor.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvcplplk.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvcplptb.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvcplptg.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvcplrus.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvcplsky.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvcplslv.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvcplsve.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvcpltha.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvcpltrk.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvdsp.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvdspara.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvdspchs.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvdspcht.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvdspcsy.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvdspdan.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvdspdeu.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvdspell.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvdspeng.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvdspesm.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvdspesn.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvdspfin.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvdspfra.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvdspheb.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvdsphun.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvdspita.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvdspjpn.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvdspkor.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvdspnld.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvdspnor.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvdspplk.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvdspptb.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvdspptg.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvdsprus.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvdspsky.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvdspslv.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvdspsve.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvdsptha.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvdsptrk.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvmob.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvmobara.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvmobchs.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvmobcht.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvmobcsy.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvmobdan.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvmobdeu.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvmobell.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvmobeng.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvmobesm.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvmobesn.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvmobfin.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvmobfra.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvmobheb.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvmobhun.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvmobita.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvmobjpn.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvmobkor.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvmobnld.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvmobnor.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvmobplk.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvmobptb.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvmobptg.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvmobrus.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvmobsky.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvmobslv.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvmobsve.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvmobtha.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP\nvmobtrk.chm deleted successfully.
C:\WINDOWS\NV1152440.TMP folder deleted successfully.
C:\WINDOWS\NV2868700.TMP\default.tvp deleted successfully.
C:\WINDOWS\NV2868700.TMP\keystone.exe deleted successfully.
C:\WINDOWS\NV2868700.TMP\nv3d.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nv3dara.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nv3dchs.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nv3dcht.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nv3dcsy.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nv3ddan.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nv3ddeu.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nv3dell.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nv3deng.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nv3desm.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nv3desn.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nv3dfin.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nv3dfra.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nv3dheb.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nv3dhun.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nv3dita.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nv3djpn.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nv3dkor.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nv3dnld.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nv3dnor.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nv3dplk.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nv3dptb.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nv3dptg.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nv3drus.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nv3dsky.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nv3dslv.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nv3dsve.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nv3dtha.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nv3dtrk.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvappbar.exe deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvapps.nvb deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcolor.exe deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpar.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpcs.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpda.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpde.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpel.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpeng.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpes.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpesm.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpfi.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpfr.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcphe.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcphu.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpit.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpja.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpko.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpl.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpl.cpl deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcplara.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcplchs.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcplcht.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcplcsy.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpldan.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpldeu.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcplell.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpleng.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcplesm.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcplesn.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcplfin.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcplfra.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcplheb.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcplhun.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcplita.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpljpn.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcplkor.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcplnld.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcplnor.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcplplk.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcplptb.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcplptg.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcplrus.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcplsky.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcplslv.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcplsve.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpltha.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpltrk.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcplui.exe deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpluir.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpnl.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpno.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcppl.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcppt.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpptb.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpru.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpsk.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpsl.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpsv.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpth.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcptr.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpzhc.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvcpzht.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvdsp.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvdspara.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvdspchs.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvdspcht.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvdspcsy.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvdspdan.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvdspdeu.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvdspell.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvdspeng.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvdspesm.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvdspesn.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvdspfin.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvdspfra.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvdspheb.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvdsphun.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvdspita.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvdspjpn.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvdspkor.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvdspnld.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvdspnor.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvdspplk.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvdspptb.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvdspptg.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvdsprus.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvdspsch.exe deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvdspsky.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvdspslv.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvdspsve.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvdsptha.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvdsptrk.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nview.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvmccsrs.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvmob.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvmobara.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvmobchs.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvmobcht.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvmobcsy.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvmobdan.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvmobdeu.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvmobell.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvmobeng.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvmobesm.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvmobesn.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvmobfin.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvmobfra.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvmobheb.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvmobhun.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvmobita.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvmobjpn.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvmobkor.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvmobnld.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvmobnor.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvmobplk.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvmobptb.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvmobptg.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvmobrus.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvmobsky.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvmobslv.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvmobsve.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvmobtha.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvmobtrk.chm deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvrsar.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvrscs.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvrsda.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvrsde.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvrsel.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvrseng.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvrses.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvrsesm.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvrsfi.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvrsfr.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvrshe.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvrshu.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvrsit.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvrsja.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvrsko.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvrsnl.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvrsno.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvrspl.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvrspt.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvrsptb.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvrsru.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvrssk.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvrssl.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvrssv.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvrstr.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvrszhc.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvrszht.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvshell.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvtuicpl.cpl deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwcpar.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwcpcs.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwcpda.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwcpde.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwcpel.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwcpeng.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwcpes.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwcpesm.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwcpfi.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwcpfr.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwcphe.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwcphu.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwcpit.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwcpja.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwcpko.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwcpnl.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwcpno.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwcppl.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwcppt.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwcpptb.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwcpru.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwcpsk.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwcpsl.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwcpsv.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwcpth.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwcptr.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwcpzhc.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwcpzht.hlp deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwdmcpl.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwimg.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwrsar.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwrscs.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwrsda.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwrsde.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwrsel.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwrseng.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwrses.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwrsesm.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwrsfi.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwrsfr.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwrshe.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwrshu.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwrsit.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwrsja.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwrsko.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwrsnl.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwrsno.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwrspl.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwrspt.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwrsptb.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwrsru.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwrssk.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwrssl.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwrssv.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwrstr.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwrszhc.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nvwrszht.dll deleted successfully.
C:\WINDOWS\NV2868700.TMP\nwiz.exe deleted successfully.
C:\WINDOWS\NV2868700.TMP folder deleted successfully.
C:\WINDOWS\NV38003212.TMP\nv3d.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nv3dara.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nv3dchs.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nv3dcht.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nv3dcsy.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nv3ddan.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nv3ddeu.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nv3dell.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nv3deng.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nv3desm.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nv3desn.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nv3dfin.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nv3dfra.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nv3dheb.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nv3dhun.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nv3dita.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nv3djpn.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nv3dkor.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nv3dnld.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nv3dnor.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nv3dplk.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nv3dptb.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nv3dptg.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nv3drus.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nv3dsky.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nv3dslv.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nv3dsve.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nv3dtha.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nv3dtrk.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvcpl.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvcplara.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvcplchs.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvcplcht.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvcplcsy.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvcpldan.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvcpldeu.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvcplell.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvcpleng.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvcplesm.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvcplesn.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvcplfin.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvcplfra.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvcplheb.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvcplhun.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvcplita.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvcpljpn.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvcplkor.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvcplnld.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvcplnor.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvcplplk.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvcplptb.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvcplptg.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvcplrus.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvcplsky.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvcplslv.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvcplsve.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvcpltha.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvcpltrk.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvdsp.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvdspara.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvdspchs.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvdspcht.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvdspcsy.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvdspdan.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvdspdeu.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvdspell.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvdspeng.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvdspesm.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvdspesn.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvdspfin.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvdspfra.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvdspheb.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvdsphun.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvdspita.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvdspjpn.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvdspkor.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvdspnld.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvdspnor.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvdspplk.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvdspptb.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvdspptg.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvdsprus.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvdspsky.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvdspslv.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvdspsve.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvdsptha.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvdsptrk.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvmob.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvmobara.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvmobchs.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvmobcht.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvmobcsy.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvmobdan.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvmobdeu.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvmobell.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvmobeng.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvmobesm.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvmobesn.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvmobfin.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvmobfra.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvmobheb.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvmobhun.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvmobita.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvmobjpn.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvmobkor.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvmobnld.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvmobnor.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvmobplk.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvmobptb.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvmobptg.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvmobrus.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvmobsky.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvmobslv.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvmobsve.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvmobtha.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP\nvmobtrk.chm deleted successfully.
C:\WINDOWS\NV38003212.TMP folder deleted successfully.
C:\WINDOWS\SET25.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET106.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET10A.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET10E.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET117.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET118.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET11B.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETFD.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET13F.tmp deleted successfully.
C:\WINDOWS\System32\SET140.tmp deleted successfully.
C:\WINDOWS\System32\SET142.tmp deleted successfully.
C:\WINDOWS\System32\SET143.tmp deleted successfully.
C:\WINDOWS\System32\SET144.tmp deleted successfully.
C:\WINDOWS\System32\SET145.tmp deleted successfully.
C:\WINDOWS\System32\SET147.tmp deleted successfully.
C:\WINDOWS\System32\SET14A.tmp deleted successfully.
C:\WINDOWS\System32\SET14B.tmp deleted successfully.
C:\WINDOWS\System32\SET14C.tmp deleted successfully.
C:\WINDOWS\System32\SET14F.tmp deleted successfully.
C:\WINDOWS\System32\SET153.tmp deleted successfully.
C:\WINDOWS\System32\SET154.tmp deleted successfully.
C:\WINDOWS\System32\SET156.tmp deleted successfully.
C:\WINDOWS\System32\SET158.tmp deleted successfully.
C:\WINDOWS\System32\SET159.tmp deleted successfully.
C:\WINDOWS\System32\SET15A.tmp deleted successfully.
C:\WINDOWS\System32\SET15B.tmp deleted successfully.
C:\WINDOWS\System32\SET15C.tmp deleted successfully.
C:\WINDOWS\System32\SET15D.tmp deleted successfully.
C:\WINDOWS\System32\SET15E.tmp deleted successfully.
C:\WINDOWS\System32\SET162.tmp deleted successfully.
C:\WINDOWS\System32\SET164.tmp deleted successfully.
C:\WINDOWS\System32\SET165.tmp deleted successfully.
C:\WINDOWS\System32\SET166.tmp deleted successfully.
C:\WINDOWS\System32\SET167.tmp deleted successfully.
C:\WINDOWS\System32\SET168.tmp deleted successfully.
C:\WINDOWS\System32\SET169.tmp deleted successfully.
C:\WINDOWS\System32\SET16B.tmp deleted successfully.
C:\WINDOWS\System32\SET16C.tmp deleted successfully.
C:\WINDOWS\System32\SET16D.tmp deleted successfully.
C:\WINDOWS\System32\SET16E.tmp deleted successfully.
C:\WINDOWS\System32\SET170.tmp deleted successfully.
C:\WINDOWS\System32\SET171.tmp deleted successfully.
C:\WINDOWS\System32\SET172.tmp deleted successfully.
C:\WINDOWS\System32\SET173.tmp deleted successfully.
C:\WINDOWS\System32\SET175.tmp deleted successfully.
C:\WINDOWS\System32\SET33.tmp deleted successfully.
C:\WINDOWS\System32\SET39.tmp deleted successfully.
C:\WINDOWS\System32\SET68.tmp deleted successfully.
C:\WINDOWS\System32\SET7F.tmp deleted successfully.
C:\WINDOWS\System32\SET91.tmp deleted successfully.
C:\WINDOWS\System32\SET9D.tmp deleted successfully.
C:\WINDOWS\System32\SET9F.tmp deleted successfully.
C:\WINDOWS\System32\SETC5.tmp deleted successfully.
C:\WINDOWS\System32\SETD7.tmp deleted successfully.
C:\WINDOWS\System32\SETDC.tmp deleted successfully.
C:\WINDOWS\System32\SETE2.tmp deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< type "C:\ComboFix.txt" /c >
ComboFix 11-06-27.03 - Travis 28/06/2011 2:22.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.3062.2519 [GMT -6:00]
Running from: F:\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Travis.PRIME-C0912BDD6\WINDOWS
c:\program files\outlook
c:\utopia\Angel\Angel.exe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000023_.tmp.dll
c:\windows\system32\_000024_.tmp.dll
c:\windows\system32\_000025_.tmp.dll
c:\windows\system32\_000026_.tmp.dll
c:\windows\unin0411.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-28 )))))))))))))))))))))))))))))))
.
.
2011-06-27 21:42 . 2009-10-22 19:54 37392 ----a-w- c:\windows\system32\drivers\95406822.sys
2011-06-27 21:42 . 2009-10-10 05:31 315408 ----a-w- c:\windows\system32\drivers\9540682.sys
2011-06-27 21:42 . 2009-09-25 23:59 128016 ----a-w- c:\windows\system32\drivers\95406821.sys
2011-06-27 21:26 . 2011-06-27 21:27 -------- d-----w- c:\documents and settings\Administrator
2011-06-27 19:55 . 2011-06-27 19:55 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-06-27 19:10 . 2011-06-27 19:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2011-06-27 08:07 . 2011-06-27 08:40 -------- d-----w- c:\documents and settings\Travis.PRIME-C0912BDD6\DoctorWeb
2011-06-27 06:56 . 2011-06-27 06:56 388096 ----a-r- c:\documents and settings\Travis.PRIME-C0912BDD6\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-27 06:56 . 2011-06-27 06:56 -------- d-----w- c:\program files\Trend Micro
2011-06-24 09:54 . 2011-06-24 09:54 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-06-23 20:03 . 2011-06-17 18:24 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-06-23 16:24 . 2011-06-23 16:24 -------- d-----w- c:\documents and settings\Travis.PRIME-C0912BDD6\Local Settings\Application Data\Sunbelt Software
2011-06-20 20:51 . 2011-06-27 19:08 -------- d-----w- c:\program files\WinClamAVShield
2011-06-20 20:48 . 2011-06-23 04:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2011-06-20 20:48 . 2011-06-20 20:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-20 20:45 . 2011-06-23 08:22 -------- d-----w- c:\documents and settings\Travis.PRIME-C0912BDD6\Application Data\Spyware Terminator
2011-06-20 20:45 . 2011-06-20 20:45 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-06-20 20:45 . 2011-06-27 19:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spyware Terminator
2011-06-20 20:45 . 2011-06-23 16:23 -------- d-----w- c:\program files\Spyware Terminator
2011-06-17 18:24 . 2011-06-17 18:24 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-17 18:21 . 2011-06-17 08:00 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-06-13 08:51 . 2011-06-13 08:51 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2011-06-11 20:03 . 2011-06-11 20:03 -------- d-----w- c:\documents and settings\Travis.PRIME-C0912BDD6\Application Data\Malwarebytes
2011-06-11 20:02 . 2011-05-29 15:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-11 20:02 . 2011-06-11 20:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2011-06-11 20:02 . 2011-06-11 20:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-11 20:02 . 2011-05-29 15:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-09 00:12 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-06-09 00:12 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-09 00:12 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-06-09 00:12 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-06-09 00:12 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-09 00:12 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-06-09 00:12 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-06-09 00:12 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-06-09 00:12 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-06-09 00:12 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-09 00:12 . 2011-06-09 00:12 -------- d-----w- c:\program files\AVAST Software
2011-06-09 00:12 . 2011-06-09 00:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVAST Software
2011-06-04 06:54 . 2011-06-04 06:54 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Adobe
2011-06-03 13:14 . 2011-06-03 13:14 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY.000\PrivacIE
2011-06-03 13:14 . 2011-06-03 13:14 -------- d-----w- c:\documents and settings\Default User.WINDOWS\Tracing
2011-05-30 11:14 . 2011-05-30 11:21 -------- d-----w- c:\documents and settings\Travis.PRIME-C0912BDD6\Application Data\Stardock
2011-05-30 09:26 . 2011-05-30 09:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Gibraltar
2011-05-30 05:58 . 2011-05-30 05:59 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-05-30 05:49 . 2011-05-30 05:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX
2011-05-30 05:49 . 2011-05-30 05:49 -------- d-----w- c:\documents and settings\Baeb\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-24 18:23 . 2008-09-03 23:29 26112 ----a-w- c:\windows\system32\userinit.exe
2011-05-04 10:52 . 2010-07-13 02:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 08:25 . 2008-01-24 09:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Travis.PRIME-C0912BDD6\Application Data\mjusbsp\cdloader2.exe" [2011-05-16 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"SW20"="c:\windows\system32\sw20.exe" [2006-09-08 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-09-08 69632]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe" [2011-04-28 235168]
.
c:\documents and settings\Baeb\Start Menu\Programs\Startup\
Impulse Now.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2010-10-13 476448]
.
c:\documents and settings\NetworkService.NT AUTHORITY.000\Start Menu\Programs\Startup\
Launch WhiteSmoke.lnk.disabled [2011-6-3 1630]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ExSearchOptions"= 170970 (0x29bda)
"SpecifyDefaultButtons"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2011-06-17 08:00 1191216 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-09-04 02:12 111936 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-13 02:56 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-02-07 00:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 23:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"idsvc"=3 (0x3)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Paradox Interactive\\Elven Legacy\\ElvenLegacy.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\king's bounty - the legend\\kb.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\king's bounty - the legend\\save_fixer.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\kings bounty armored princess\\kb.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\puzzle quest\\Puzzle Quest.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\the witcher enhanced edition\\System\\witcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\the witcher enhanced edition\\System\\djinni!.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Documents and Settings\\Baeb\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Opera 9\\opera.exe"=
"c:\\Documents and Settings\\Travis.PRIME-C0912BDD6\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2011 11.0.1.400\\english\\setup.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 95406822;95406822 Boot Guard Driver;c:\windows\system32\drivers\95406822.sys [27/06/2011 3:42 PM 37392]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [17/06/2011 12:21 PM 64512]
R1 95406821;95406821;c:\windows\system32\drivers\95406821.sys [27/06/2011 3:42 PM 128016]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [08/06/2011 6:12 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [08/06/2011 6:12 PM 307928]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [08/12/2010 5:12 AM 251728]
R1 setup_9.0.0.722_28.06.2011_01-11drv;setup_9.0.0.722_28.06.2011_01-11drv;c:\windows\system32\drivers\9540682.sys [27/06/2011 3:42 PM 315408]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [20/06/2011 2:45 PM 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [08/06/2011 6:12 PM 19544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [08/07/2008 5:37 PM 347648]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [17/06/2011 2:00 AM 2151128]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [17/06/2011 2:00 AM 15232]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28/02/2006 6:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
S4 AVGIDSDriver;AVGIDSDriver; [x]
S4 AVGIDSEH;AVGIDSEH; [x]
S4 AVGIDSFilter;AVGIDSFilter; [x]
S4 AVGIDSShim;AVGIDSShim; [x]
S4 Avgrkx86;AVG Anti-Rootkit Driver; [x]
S4 Avgtdix;AVG TDI Driver; [x]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/03/2008 8:22 AM 717296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-17 08:00]
.
2011-06-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]
.
2011-03-06 c:\windows\Tasks\jucheck.job
- c:\program files\Java\jre1.6.0_07\bin\jucheck.exe [2008-09-04 10:27]
.
2011-06-24 c:\windows\Tasks\WebReg HP Deskjet F4400 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2008-10-17 02:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
mStart Page = www.google.ca
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
Trusted Zone: bmtorrents.net
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Utopia Angel - c:\utopia\Angel\Angel.exe
MSConfigStartUp-BitTorrent DNA - c:\program files\DNA\btdna.exe
AddRemove-True Internet Color - c:\program files\E-Color\E-Color Indicator\Uninst.isu
AddRemove-Stainless Steel 5.0 - c:\program files\SEGA\Medieval II Total War\Uninstal.exe
AddRemove-Stainless Steel 5.1 Patch - c:\program files\SEGA\Medieval II Total War\Uninstal.exe
AddRemove-{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA} - c:\documents and settings\Travis.PRIME-C0912BDD6\Local Settings\Application Data\{861CC130-D2E3-49B2-91FB-3237C7FA9DCE}\setup_blazemp.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-28 02:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3320620AS rev.3.AAJ -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-19
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8AA0957B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1000)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(1076)
c:\windows\system32\WININET.dll
.
Completion time: 2011-06-28 03:00:26
ComboFix-quarantined-files.txt 2011-06-28 09:00
.
Pre-Run: 180,315,406,336 bytes free
Post-Run: 186,485,682,176 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /NOEXECUTE=OPTIN /FASTDETECT
.
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - D43A6162A76DA99FF2EC2141D28B9423
C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYFLASH]

User: Administrator

User: All Users

User: All Users.WINDOWS

User: Baeb
->Flash cache emptied: 55660 bytes

User: Default User

User: Default User.WINDOWS
->Flash cache emptied: 456 bytes

User: Guest
->Flash cache emptied: 1533 bytes

User: K-Diggity
->Flash cache emptied: 3716 bytes

User: LocalService

User: LocalService.NT AUTHORITY

User: LocalService.NT AUTHORITY.000
->Flash cache emptied: 48119 bytes

User: moms
->Flash cache emptied: 11493 bytes

User: NetworkService

User: NetworkService.NT AUTHORITY

User: NetworkService.NT AUTHORITY.000
->Flash cache emptied: 19432 bytes

User: TmpUser

User: Travis
->Flash cache emptied: 29130 bytes

User: Travis.PRIME-C0912BDD6
->Flash cache emptied: 796 bytes

User: TRAVIS~1~PRI

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.25.0 log created on 07022011_164211

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



Antivirus results



AhnLab-V3 - 2011.07.03.00 - 2011.07.02 - -



AntiVir - 7.11.10.199 - 2011.07.02 - -



Antiy-AVL - 2.0.3.7 - 2011.07.02 - -



Avast - 4.8.1351.0 - 2011.07.02 - -



Avast5 - 5.0.677.0 - 2011.07.03 - -



AVG - 10.0.0.1190 - 2011.07.02 - -



BitDefender - 7.2 - 2011.07.03 - -



CAT-QuickHeal - 11.00 - 2011.07.02 - -



ClamAV - 0.97.0.0 - 2011.07.03 - -



Commtouch - 5.3.2.6 - 2011.07.02 - -



Comodo - 9257 - 2011.07.03 - -



DrWeb - 5.0.2.03300 - 2011.07.03 - -



eSafe - 7.0.17.0 - 2011.06.29 - -



eTrust-Vet - 36.1.8421 - 2011.07.01 - -



F-Prot - 4.6.2.117 - 2011.07.02 - -



F-Secure - 9.0.16440.0 - 2011.07.03 - -



Fortinet - 4.2.257.0 - 2011.07.02 - -



GData - 22 - 2011.07.03 - -



Ikarus - T3.1.1.104.0 - 2011.07.02 - -



Jiangmin - 13.0.900 - 2011.07.02 - -



K7AntiVirus - 9.107.4863 - 2011.07.01 - -



Kaspersky - 9.0.0.837 - 2011.07.03 - -



McAfee - 5.400.0.1158 - 2011.07.03 - -



McAfee-GW-Edition - 2010.1D - 2011.07.03 - -



Microsoft - 1.7000 - 2011.07.02 - -



NOD32 - 6260 - 2011.07.03 - -



Norman - 6.07.10 - 2011.07.02 - -



nProtect - 2011-07-02.01 - 2011.07.02 - -



Panda - 10.0.3.5 - 2011.07.02 - -



PCTools - 8.0.0.5 - 2011.07.01 - -



Prevx - 3.0 - 2011.07.03 - -



Rising - 23.64.04.03 - 2011.07.01 - -



Sophos - 4.67.0 - 2011.07.03 - -



SUPERAntiSpyware - 4.40.0.1006 - 2011.07.03 - -



TheHacker - 6.7.0.1.247 - 2011.07.03 - -



TrendMicro - 9.200.0.1012 - 2011.07.02 - -



TrendMicro-HouseCall - 9.200.0.1012 - 2011.07.03 - -



VBA32 - 3.12.16.4 - 2011.07.01 - -



VIPRE - 9755 - 2011.07.03 - -



ViRobot - 2011.7.2.4546 - 2011.07.02 - -



VirusBuster - 14.0.106.1 - 2011.07.02 - -



File info:



MD5: 0a1df392a051340048daadc928856b0a



SHA1: 14608284be67fd62b99b724709126ad9570e7afc



SHA256: f2108433f05b5c18877507ec3f86845b7cc0b22b600a9aea1e5769dc36852e9a



File size: 208896 bytes



Scan date: 2011-07-03 03:23:20 (UTC)



Antivirus results



AhnLab-V3 - 2011.07.03.00 - 2011.07.02 - -



AntiVir - 7.11.10.199 - 2011.07.02 - -



Antiy-AVL - 2.0.3.7 - 2011.07.02 - -



Avast - 4.8.1351.0 - 2011.07.02 - -



Avast5 - 5.0.677.0 - 2011.07.03 - -



AVG - 10.0.0.1190 - 2011.07.02 - -



BitDefender - 7.2 - 2011.07.03 - -



CAT-QuickHeal - 11.00 - 2011.07.02 - -



ClamAV - 0.97.0.0 - 2011.07.03 - -



Comodo - 9257 - 2011.07.03 - -



DrWeb - 5.0.2.03300 - 2011.07.03 - -



eSafe - 7.0.17.0 - 2011.06.29 - -



eTrust-Vet - 36.1.8421 - 2011.07.01 - -



F-Prot - 4.6.2.117 - 2011.07.02 - -



F-Secure - 9.0.16440.0 - 2011.07.03 - -



Fortinet - 4.2.257.0 - 2011.07.02 - -



GData - 22 - 2011.07.03 - -



Ikarus - T3.1.1.104.0 - 2011.07.02 - -



Jiangmin - 13.0.900 - 2011.07.02 - -



K7AntiVirus - 9.107.4863 - 2011.07.01 - -



Kaspersky - 9.0.0.837 - 2011.07.03 - -



McAfee - 5.400.0.1158 - 2011.07.03 - -



McAfee-GW-Edition - 2010.1D - 2011.07.03 - -



Microsoft - 1.7000 - 2011.07.02 - -



NOD32 - 6260 - 2011.07.03 - -



Norman - 6.07.10 - 2011.07.02 - -



nProtect - 2011-07-02.01 - 2011.07.02 - -



Panda - 10.0.3.5 - 2011.07.02 - -



PCTools - 8.0.0.5 - 2011.07.01 - -



Prevx - 3.0 - 2011.07.03 - -



Rising - 23.64.04.03 - 2011.07.01 - -



Sophos - 4.67.0 - 2011.07.03 - -



SUPERAntiSpyware - 4.40.0.1006 - 2011.07.03 - -



Symantec - 20111.1.0.186 - 2011.07.03 - -



TheHacker - 6.7.0.1.247 - 2011.07.03 - -



TrendMicro - 9.200.0.1012 - 2011.07.02 - -



TrendMicro-HouseCall - 9.200.0.1012 - 2011.07.03 - -



VBA32 - 3.12.16.4 - 2011.07.01 - -



VIPRE - 9755 - 2011.07.03 - -



ViRobot - 2011.7.2.4546 - 2011.07.02 - -



VirusBuster - 14.0.106.1 - 2011.07.02 - -



File info:



MD5: a6309d3ff5c253738b14e4abf0930ec4



SHA1: 06f29b3e8cc4375c097ce76be09a07dad4625f2b



SHA256: 54347459ee59e9e415f66c30426440592e869feb3a86c131597e08ba8efa52f6



File size: 69632 bytes



Scan date: 2011-07-03 03:25:55 (UTC)

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:46 PM

Posted 03 July 2011 - 10:28 AM

Hi!

Looks like TDSSKiller found the main culprit!

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



The main infection that you were infected with is called TDL4.

See the snippet of text below:

2011/07/02 16:08:59.0140 3340 Detected object count: 2
2011/07/02 16:08:59.0140 3340 Actual detected object count: 2
2011/07/02 16:09:18.0234 3340 ForgedFile.Multi.Generic(nv) - User select action: Skip
2011/07/02 16:09:18.0281 3340 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/07/02 16:09:18.0281 3340 \Device\Harddisk0\DR0 - ok
2011/07/02 16:09:18.0281 3340 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/07/02 16:10:39.0218 4020 Deinitialize success


You can read more about this infection here:

Special thanks to quietman7 for providing the above links.



NEXT:



Windows update is finally alive again, I haven't installed any of the updates, but should I? (Opera is also now asking to install updates)

Hold up on doing those now.

I noticed the OTL fix deleted a legit program that I've had on all my computers for many years (Utopia Angel), that was just a false positive, right?

Utopia Angel? I didn't see anything in my OTL fix that should have touched that program.


NEXT:


Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:46 PM

Posted 06 July 2011 - 09:47 PM

Hi!

It's been several days since I last posted instructions for you to complete. Do you still require assistance in getting your computer cleaned up?

Please Note: Unless notified in advance, threads with no response in 3 days get closed.

If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.


Thanks,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 Sivvi

Sivvi
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 07 July 2011 - 11:26 PM

Sorry, I've been working 12 hour days this week. I'll be completing your instructions presently :)

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:46 PM

Posted 08 July 2011 - 11:13 PM

Okay. :thumbsup:

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 Sivvi

Sivvi
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 11 July 2011 - 02:23 AM

Sorry for the delay, I've only been knocking down one scan per day. I've got a couple days off and the time to finish seeing this through now. Thanks so much for all your time and patience :)

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7045

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07/07/2011 10:44:55 PM
mbam-log-2011-07-07 (22-44-55).txt

Scan type: Quick scan
Objects scanned: 338030
Time elapsed: 16 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



ESET:

C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\419AZXAL\forum[1].htm JS/Kryptik.AX trojan
C:\Documents and Settings\moms\Application Data\Sun\Java\Deployment\cache\6.0\21\115bbe55-45531b2b Java/Agent.U trojan
C:\Documents and Settings\moms\Application Data\Sun\Java\Deployment\cache\6.0\46\23109c6e-495dc078 multiple threats
C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\PS\mIRC.v6.34.Incl.KeyGen.and.Server.Patch-F4CG\f4123501.zip probably a variant of Win32/Agent.HGSAQMS trojan


Results of screen317's Security Check version 0.99.17
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
AVG 2011
ESET Online Scanner v3
King's Bounty: Armored Princess
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Spyware Terminator
Spybot - Search & Destroy
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
Malwarebytes' Anti-Malware mbam.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:46 PM

Posted 11 July 2011 - 11:46 AM

Hi!

No worries.

These threat(s) below will be removed very shortly:

C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\419AZXAL\forum[1].htm JS/Kryptik.AX trojan
C:\Documents and Settings\moms\Application Data\Sun\Java\Deployment\cache\6.0\21\115bbe55-45531b2b Java/Agent.U trojan
C:\Documents and Settings\moms\Application Data\Sun\Java\Deployment\cache\6.0\46\23109c6e-495dc078 multiple threats
C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\PS\mIRC.v6.34.Incl.KeyGen.and.Server.Patch-F4CG\f4123501.zip probably a variant of Win32/Agent.HGSAQMS trojan


____________________________________________________

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
File::
Folder::
SecCenter::
{17DDD097-36FF-435F-9E1B-52D74245D6BF}
Registry::
Driver::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    
    :Files
    C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\419AZXAL\forum[1].htm
    C:\Documents and Settings\moms\Application Data\Sun\Java\Deployment\cache\6.0\21\115bbe55-45531b2b
    C:\Documents and Settings\moms\Application Data\Sun\Java\Deployment\cache\6.0\46\23109c6e-495dc078
    C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\PS\mIRC.v6.34.Incl.KeyGen.and.Server.Patch-F4CG\
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 Sivvi

Sivvi
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 11 July 2011 - 11:43 PM

I had quite a few issues this time around. On the plus side, the computer is much faster, and I haven't been redirected to anything in quite awhile, and no svchost is going rampant on me :)

First off, I followed the combofix instructions, and combofix first said it had an error locating a certain file, I had it typed in to post here, but combofix reset the computer and I lost it.

It also said AVG was still running... that thing is worse than a virus....

Then, I had the combofix log pasted in here to post it, and of course OTL reboots the comp without giving me a chance to save anything. Is that combofix log saved somewhere, or what action should I take?

The OTL logs follow:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\419AZXAL\forum[1].htm not found.
C:\Documents and Settings\moms\Application Data\Sun\Java\Deployment\cache\6.0\21\115bbe55-45531b2b moved successfully.
C:\Documents and Settings\moms\Application Data\Sun\Java\Deployment\cache\6.0\46\23109c6e-495dc078 moved successfully.
C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\PS\mIRC.v6.34.Incl.KeyGen.and.Server.Patch-F4CG folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator

User: All Users

User: All Users.WINDOWS

User: Baeb
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 1171496 bytes
->Flash cache emptied: 0 bytes

User: K-Diggity
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 9404483 bytes
->Java cache emptied: 10290 bytes
->Flash cache emptied: 0 bytes

User: moms
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Java cache emptied: 1061 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 9257027 bytes
->Flash cache emptied: 0 bytes

User: TmpUser
->Temp folder emptied: 10232420 bytes
->Temporary Internet Files folder emptied: 5652152 bytes

User: Travis
->Temp folder emptied: 121965773 bytes
->Temporary Internet Files folder emptied: 900009 bytes
->Java cache emptied: 78901 bytes
->Flash cache emptied: 0 bytes

User: Travis.PRIME-C0912BDD6
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 180291 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: TRAVIS~1~PRI

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1081182 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 153.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: All Users.WINDOWS

User: Baeb
->Flash cache emptied: 0 bytes

User: Default User

User: Default User.WINDOWS
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: K-Diggity
->Flash cache emptied: 0 bytes

User: LocalService

User: LocalService.NT AUTHORITY

User: LocalService.NT AUTHORITY.000
->Flash cache emptied: 0 bytes

User: moms
->Flash cache emptied: 0 bytes

User: NetworkService

User: NetworkService.NT AUTHORITY

User: NetworkService.NT AUTHORITY.000
->Flash cache emptied: 0 bytes

User: TmpUser

User: Travis
->Flash cache emptied: 0 bytes

User: Travis.PRIME-C0912BDD6
->Flash cache emptied: 0 bytes

User: TRAVIS~1~PRI

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.25.0 log created on 07112011_222405

Files\Folders moved on Reboot...
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{E4DC81EC-8D1D-4800-9A9C-EFED3FFA34EA}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\Apr2006_d3dx9_30_x64.cab scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{E4DC81EC-8D1D-4800-9A9C-EFED3FFA34EA}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\Apr2006_d3dx9_30_x86.cab scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{E4DC81EC-8D1D-4800-9A9C-EFED3FFA34EA}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\Apr2006_MDX1_x86.cab scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{E4DC81EC-8D1D-4800-9A9C-EFED3FFA34EA}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\DirectX.cab scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{E4DC81EC-8D1D-4800-9A9C-EFED3FFA34EA}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\DSETUP.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{E4DC81EC-8D1D-4800-9A9C-EFED3FFA34EA}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\dsetup32.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{E4DC81EC-8D1D-4800-9A9C-EFED3FFA34EA}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\dxdllreg_x86.cab scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{E4DC81EC-8D1D-4800-9A9C-EFED3FFA34EA}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\dxnt.cab scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{E4DC81EC-8D1D-4800-9A9C-EFED3FFA34EA}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\DXSETUP.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{E4DC81EC-8D1D-4800-9A9C-EFED3FFA34EA}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\dxupdate.cab scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{D34842A2-FB2B-442B-845B-13A9C0E26B9B}\ISSetup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{D34842A2-FB2B-442B-845B-13A9C0E26B9B}\_Setup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{B63165DB-CF32-4657-B1D9-3661E71E0E98}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\Apr2006_d3dx9_30_x64.cab scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{B63165DB-CF32-4657-B1D9-3661E71E0E98}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\Apr2006_d3dx9_30_x86.cab scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{B63165DB-CF32-4657-B1D9-3661E71E0E98}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\Apr2006_MDX1_x86.cab scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{B63165DB-CF32-4657-B1D9-3661E71E0E98}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\DirectX.cab scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{B63165DB-CF32-4657-B1D9-3661E71E0E98}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\DSETUP.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{B63165DB-CF32-4657-B1D9-3661E71E0E98}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\dsetup32.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{B63165DB-CF32-4657-B1D9-3661E71E0E98}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\dxdllreg_x86.cab scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{B63165DB-CF32-4657-B1D9-3661E71E0E98}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\dxnt.cab scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{B63165DB-CF32-4657-B1D9-3661E71E0E98}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\DXSETUP.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{B63165DB-CF32-4657-B1D9-3661E71E0E98}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\dxupdate.cab scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{B4B4C42C-B402-4FEC-AF97-724E923040DA}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD}\default.pal scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{B4B4C42C-B402-4FEC-AF97-724E923040DA}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD}\isrt.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{B4B4C42C-B402-4FEC-AF97-724E923040DA}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD}\_IsRes.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{B4B4C42C-B402-4FEC-AF97-724E923040DA}\corecomp.ini scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{92E2A19A-8FE9-41CA-B0B6-5D27CBCC4593}\ISSetup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{92E2A19A-8FE9-41CA-B0B6-5D27CBCC4593}\_Setup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{8AD930B0-05F7-4F27-9453-621D67EFF16C}\ISSetup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{8AD930B0-05F7-4F27-9453-621D67EFF16C}\_Setup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{8356FFA0-5318-421A-B563-E4273E490299}\ISSetup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{8356FFA0-5318-421A-B563-E4273E490299}\_Setup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{59CA1D7B-2678-4882-8584-5755DBE663DB}\ISSetup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{59CA1D7B-2678-4882-8584-5755DBE663DB}\_Setup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{4FAE41F5-0074-4817-9C18-F224F3584EF3}\ISSetup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{4FAE41F5-0074-4817-9C18-F224F3584EF3}\_Setup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{2DE10478-5C5F-4CAE-9927-F287B8FE3BD6}\ISSetup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{2DE10478-5C5F-4CAE-9927-F287B8FE3BD6}\_Setup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{2CB0D3FE-5B39-4001-9990-CD8E3C4CFFB8}\ISSetup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{2CB0D3FE-5B39-4001-9990-CD8E3C4CFFB8}\_Setup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\IEC50.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\IEC51.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\IECE.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\nerodeltmp.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\set1.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\set13.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\set17.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\Set3.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\set4.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\set7F.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\set9A.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\setA0.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\SetC.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\_is120.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\_is20C.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\_is20D.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\_is20E.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\_is20F.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\_is210.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\_is211.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\_is29.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\_is3A.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\_is3B.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\_is43.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\_isB1.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


OTL logfile created on: 11/07/2011 10:33:21 PM - Run 2
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 80.01% Memory free
7.32 Gb Paging File | 6.97 Gb Available in Paging File | 95.30% Paging File free
Paging file location(s): C:\pagefile.sys 4591 4591 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 173.10 Gb Free Space | 58.07% Space Free | Partition Type: NTFS
Drive H: | 1.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 17.59 Mb Total Space | 17.32 Mb Free Space | 98.44% Space Free | Partition Type: FAT

Computer Name: PRIME-C0912BDD6 | User Name: Travis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/04 05:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 05:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/07/02 12:41:11 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\OTL.exe
PRC - [2011/06/28 05:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/06/24 03:23:35 | 000,941,936 | ---- | M] (Opera Software) -- C:\Program Files\Opera 9\opera.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/07/04 05:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2011/07/02 12:41:11 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/04 05:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/28 05:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/06/20 14:45:31 | 000,496,128 | ---- | M] (Crawler.com) [On_Demand | Stopped] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2008/08/29 15:20:56 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 05:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 05:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 05:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 05:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 05:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 05:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 05:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/06/20 14:45:31 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2011/06/17 02:00:30 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/06/17 02:00:28 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\95406822.sys -- (95406822)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\95406821.sys -- (95406821)
DRV - [2008/04/10 20:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/03/18 02:54:29 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007/09/26 11:43:15 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2007/09/26 11:43:13 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/07/09 10:40:20 | 000,044,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2006/07/05 16:35:54 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/05/08 05:10:44 | 000,347,648 | R--- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A5AGU.sys -- (A5AGU)
DRV - [2005/12/02 03:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\


O1 HOSTS File: ([2011/07/11 22:24:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SW20] C:\WINDOWS\system32\sw20.exe ()
O4 - HKLM..\Run: [SW24] C:\WINDOWS\system32\sw24.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ExSearchOptions = 170970
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266108105562 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266107960812 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Travis.PRIME-C0912BDD6\My Documents\My Pictures\darchigh.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Travis.PRIME-C0912BDD6\My Documents\My Pictures\darchigh.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/15 17:58:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/02/29 07:13:53 | 000,575,080 | R--- | M] (magicJack L.P.) - H:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/02/29 07:13:53 | 000,016,158 | R--- | M] () - H:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2008/02/29 07:13:53 | 000,000,308 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/01/04 18:17:30 | 000,000,270 | ---- | M] () - I:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imc32 - C:\WINDOWS\System32\imc32.acm (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvid.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011/07/11 22:24:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/11 20:24:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/07/11 19:57:02 | 004,148,094 | R--- | C] (Swearware) -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\ComboFix.exe
[2011/07/08 19:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/02 16:42:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/02 16:10:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Recent
[2011/07/02 12:41:11 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\OTL.exe
[2011/06/27 23:07:03 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/27 22:10:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/27 22:10:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/27 22:10:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/27 22:10:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/27 22:06:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/27 22:02:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/27 15:42:17 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\95406821.sys
[2011/06/27 15:42:17 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\95406822.sys
[2011/06/27 13:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\AV
[2011/06/27 13:55:12 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/06/27 13:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
[2011/06/27 02:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\DoctorWeb
[2011/06/27 00:56:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/27 00:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Start Menu\Programs\HiJackThis
[2011/06/23 10:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Local Settings\Application Data\Sunbelt Software
[2011/06/20 14:51:03 | 000,000,000 | ---D | C] -- C:\Program Files\WinClamAVShield
[2011/06/20 14:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/20 14:48:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2011/06/20 14:45:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\Spyware Terminator
[2011/06/20 14:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spyware Terminator
[2011/06/20 14:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2011/06/20 14:42:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AntiVirus
[2011/06/20 14:41:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Start Menu\Programs\AntiVirus
[2011/06/17 12:24:24 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/06/17 12:21:08 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

========== Files - Modified Within 30 Days ==========

[2011/07/11 22:27:05 | 000,000,040 | ---- | M] () -- C:\biosinfo
[2011/07/11 22:26:50 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/07/11 22:26:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/11 22:24:19 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/11 20:29:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/11 19:57:21 | 004,148,094 | R--- | M] (Swearware) -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\ComboFix.exe
[2011/07/11 12:24:05 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/07/11 12:24:05 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/07/11 08:39:00 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\WebReg HP Deskjet F4400 series.job
[2011/07/11 01:19:51 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/08 19:02:25 | 000,879,223 | ---- | M] () -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\SecurityCheck.exe
[2011/07/05 08:04:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/04 12:25:18 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/07/04 05:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 05:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 05:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 05:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 05:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 05:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 05:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 05:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 05:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 05:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/02 16:06:34 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/02 12:41:11 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\OTL.exe
[2011/06/28 04:10:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\defogger_reenable
[2011/06/28 03:20:08 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\HiJackThis.lnk
[2011/06/27 23:07:11 | 000,000,471 | RHS- | M] () -- C:\boot.ini
[2011/06/27 13:55:11 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/06/27 13:23:16 | 000,001,077 | ---- | M] () -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\magicJack.lnk
[2011/06/26 00:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/24 03:23:37 | 000,001,532 | ---- | M] () -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/06/24 03:23:37 | 000,001,514 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Opera.lnk
[2011/06/20 14:45:31 | 000,142,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011/06/17 12:24:23 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/06/17 02:00:30 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/06/13 01:55:22 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/13 01:40:56 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk

========== Files Created - No Company Name ==========

[2011/07/08 19:02:23 | 000,879,223 | ---- | C] () -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\SecurityCheck.exe
[2011/06/28 04:10:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\defogger_reenable
[2011/06/27 23:07:07 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/27 22:10:25 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/27 22:10:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/27 22:10:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/27 22:10:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/27 22:10:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/27 00:56:17 | 000,002,481 | ---- | C] () -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\HiJackThis.lnk
[2011/06/24 03:23:37 | 000,001,532 | ---- | C] () -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/06/24 03:23:37 | 000,001,520 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Opera.lnk
[2011/06/24 03:23:37 | 000,001,514 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Opera.lnk
[2011/06/23 14:03:23 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/06/20 14:45:31 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011/06/20 14:40:35 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/20 14:40:35 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/06/17 12:22:04 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/13 01:40:56 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2010/11/23 20:36:05 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/11/23 20:36:01 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/11/23 20:36:01 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/31 01:10:53 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/07/10 06:38:00 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/02/04 09:27:49 | 000,148,185 | ---- | C] () -- C:\WINDOWS\hpoins37.dat
[2010/02/04 09:27:49 | 000,000,504 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat
[2009/12/16 21:28:34 | 000,000,181 | ---- | C] () -- C:\WINDOWS\civ.ini
[2009/05/05 08:40:32 | 000,000,044 | ---- | C] () -- C:\WINDOWS\lgcenter.ini
[2009/03/05 17:12:56 | 000,002,389 | -H-- | C] () -- C:\WINDOWS\ts.ini
[2008/11/11 12:00:24 | 000,353,792 | ---- | C] () -- C:\WINDOWS\System32\pythoncom26.dll
[2008/11/11 12:00:24 | 000,107,520 | ---- | C] () -- C:\WINDOWS\System32\pywintypes26.dll
[2008/10/08 03:26:40 | 000,004,757 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/23 16:06:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/09/19 15:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/11 22:45:08 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/08/01 14:52:06 | 000,002,004 | ---- | C] () -- C:\WINDOWS\IMM02A.ini
[2008/07/08 17:37:26 | 000,149,544 | R--- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2008/05/10 01:36:43 | 000,000,204 | ---- | C] () -- C:\WINDOWS\CS_MD_T.ini
[2008/04/24 00:32:44 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/06 00:06:40 | 000,035,902 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2008/03/21 14:05:03 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2008/02/14 22:10:33 | 000,000,740 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2008/01/09 07:37:43 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Local Settings\Application Data\fusioncache.dat
[2008/01/08 21:44:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2008/01/08 21:26:14 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\smdll.dll
[2008/01/08 21:26:12 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\HookMAp.dll
[2008/01/08 21:26:12 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Auxiliary.dll
[2008/01/08 21:26:11 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\HookShield.dll
[2008/01/08 21:26:11 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys
[2008/01/08 21:26:11 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\sysinfo.sys
[2008/01/08 21:26:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\sw20.exe
[2008/01/08 21:26:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\sw24.exe
[2008/01/08 14:26:43 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/01/08 14:26:09 | 000,102,400 | ---- | C] () -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/08 11:09:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/01/08 09:45:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/01/08 09:41:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/01/08 02:33:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/01/08 02:30:59 | 002,019,776 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/11/29 17:50:20 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2007/11/29 17:50:20 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2007/03/15 15:50:41 | 000,062,304 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2006/08/11 07:45:20 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/11 07:43:10 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(6).dll
[2006/08/11 07:43:10 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(5).dll
[2006/08/11 07:43:10 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(4).dll
[2006/08/11 07:43:10 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(3).dll
[2006/08/11 07:43:10 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(2).dll
[2006/08/11 07:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/28 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 06:00:00 | 000,503,308 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 06:00:00 | 000,088,514 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 06:00:00 | 000,047,564 | ---- | C] () -- C:\WINDOWS\NTDETECT.COM
[2006/02/28 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/12/26 02:45:02 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll

========== LOP Check ==========

[2010/12/20 10:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Academagia
[2011/06/08 18:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2010/10/28 19:26:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2011/05/30 03:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Gibraltar
[2010/12/26 23:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HMH Interactive
[2010/08/24 11:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\magicJack
[2011/04/29 14:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2010/11/03 23:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Paradox Interactive
[2011/06/27 13:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spyware Terminator
[2010/11/27 23:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Stardock
[2008/08/08 23:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TELUS
[2008/05/27 21:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/03/27 10:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/10/31 00:27:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{1338EDEE-1DCB-4AA7-9B0F-956BE76B0A4A}
[2008/05/27 21:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{861CC130-D2E3-49B2-91FB-3237C7FA9DCE}
[2011/05/30 05:46:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\~0
[2008/11/14 02:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\2K Sports
[2009/01/13 22:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\Auslogics
[2011/03/09 23:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\AVG10
[2011/05/30 05:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\BitTorrent
[2008/03/11 08:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\DAEMON Tools
[2008/11/16 11:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\GetRightToGo
[2008/05/27 22:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\gtk-2.0
[2008/01/08 10:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\InterTrust
[2009/01/27 08:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\LimeWire
[2011/06/27 22:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\mjusbsp
[2008/04/21 02:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\Opera
[2008/02/04 09:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\SoundSpectrum
[2011/06/23 02:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\Spyware Terminator
[2011/05/30 05:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\Stardock
[2008/08/08 23:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\TELUS
[2009/01/07 19:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\uTorrent
[2011/07/11 22:26:50 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/08/26 06:22:20 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/08/26 06:22:20 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/08/26 06:22:20 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera 9\Opera.exe" /ShowIconsCommand [2011/06/24 03:23:35 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera 9\Opera.exe" /HideIconsCommand [2011/06/24 03:23:35 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera 9\Opera.exe" /ReInstallBrowser [2011/06/24 03:23:35 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera 9\Opera.exe" [2011/06/24 03:23:35 | 000,941,936 | ---- | M] (Opera Software)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2008-01-09 10:11:46

< End of report >

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:46 PM

Posted 12 July 2011 - 09:32 AM

Hi!

Please look in your C:\ drive for the ComboFix.txt log.

Your logs also seem to indicate that your version of Windows is severely lacking Windows Updates. I suggest you update your version of Windows to the latest version.

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\95406822.sys -- (95406822)
    DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\95406821.sys -- (95406821)
    FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
    [2011/06/27 15:42:17 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\95406821.sys
    [2011/06/27 15:42:17 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\95406822.sys
    [2011/05/30 05:46:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\~0
    [2011/03/09 23:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\AVG10
    
    :Reg
    
    :Files
    C:\Program Files\AVG
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 Sivvi

Sivvi
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 13 July 2011 - 01:26 AM

ComboFix 11-07-11.02 - Travis 11/07/2011 20:10:30.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.3062.2226 [GMT -6:00]
Running from: c:\documents and settings\Travis.PRIME-C0912BDD6\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Travis.PRIME-C0912BDD6\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Travis.PRIME-C0912BDD6\Application Data\Sun\ddee.dat
c:\documents and settings\Travis.PRIME-C0912BDD6\Application Data\Sun\mnj.dat
c:\documents and settings\Travis.PRIME-C0912BDD6\Application Data\Sun\mxd1.txt
c:\documents and settings\Travis.PRIME-C0912BDD6\Application Data\Sun\ppkk.dat
c:\documents and settings\Travis.PRIME-C0912BDD6\Application Data\Sun\uuoo.dat
c:\windows\system32\SysInfo.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-06-12 to 2011-07-12 )))))))))))))))))))))))))))))))
.
.
2011-07-09 01:01 . 2011-07-09 01:01 -------- d-----w- c:\program files\ESET
2011-07-02 22:42 . 2011-07-02 22:42 -------- d-----w- C:\_OTL
2011-06-27 21:42 . 2009-10-22 19:54 37392 ----a-w- c:\windows\system32\drivers\95406822.sys
2011-06-27 21:42 . 2009-09-25 23:59 128016 ----a-w- c:\windows\system32\drivers\95406821.sys
2011-06-27 21:26 . 2011-06-27 21:27 -------- d-----w- c:\documents and settings\Administrator
2011-06-27 19:55 . 2011-06-27 19:55 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-06-27 19:10 . 2011-06-27 19:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2011-06-27 08:07 . 2011-06-27 08:40 -------- d-----w- c:\documents and settings\Travis.PRIME-C0912BDD6\DoctorWeb
2011-06-27 06:56 . 2011-06-27 06:56 388096 ----a-r- c:\documents and settings\Travis.PRIME-C0912BDD6\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-27 06:56 . 2011-06-27 06:56 -------- d-----w- c:\program files\Trend Micro
2011-06-24 09:54 . 2011-06-24 09:54 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-06-23 20:03 . 2011-06-17 18:24 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-06-23 16:24 . 2011-06-23 16:24 -------- d-----w- c:\documents and settings\Travis.PRIME-C0912BDD6\Local Settings\Application Data\Sunbelt Software
2011-06-20 20:51 . 2011-06-27 19:08 -------- d-----w- c:\program files\WinClamAVShield
2011-06-20 20:48 . 2011-06-23 04:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2011-06-20 20:48 . 2011-06-20 20:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-20 20:45 . 2011-06-23 08:22 -------- d-----w- c:\documents and settings\Travis.PRIME-C0912BDD6\Application Data\Spyware Terminator
2011-06-20 20:45 . 2011-06-20 20:45 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-06-20 20:45 . 2011-06-27 19:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spyware Terminator
2011-06-20 20:45 . 2011-06-23 16:23 -------- d-----w- c:\program files\Spyware Terminator
2011-06-17 18:24 . 2011-07-04 18:25 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-17 18:21 . 2011-06-17 08:00 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-06-13 08:51 . 2011-06-13 08:51 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2011-06-09 00:12 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-06-09 00:12 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-06-09 00:12 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-06-09 00:12 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-06-09 00:12 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2011-06-09 00:12 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2011-06-09 00:12 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2011-06-09 00:12 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-06-09 00:12 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2011-06-09 00:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-24 18:23 . 2008-09-03 23:29 26112 ----a-w- c:\windows\system32\userinit.exe
2011-05-29 15:11 . 2011-06-11 20:02 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 15:11 . 2011-06-11 20:02 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-04 10:52 . 2010-07-13 02:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 08:25 . 2008-01-24 09:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-28_08.52.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-12 02:29 . 2011-07-12 02:29 16384 c:\windows\temp\Perflib_Perfdata_77c.dat
- 2011-06-13 08:51 . 2011-06-28 02:12 32768 c:\windows\system32\config\systemprofile\PrivacIE\index.dat
+ 2011-06-13 08:51 . 2011-07-02 21:21 32768 c:\windows\system32\config\systemprofile\PrivacIE\index.dat
- 2008-01-08 15:47 . 2011-06-28 02:12 65536 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-08 15:47 . 2011-06-29 03:33 65536 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-08 15:47 . 2011-06-29 03:34 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-06-29 03:34 . 2011-06-29 03:34 10752 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AA92CEC4-A200-11E0-A31C-0019D1245D11}.dat
+ 2011-06-29 03:33 . 2011-06-29 03:33 10752 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{970B2B8B-A200-11E0-A31C-0019D1245D11}.dat
+ 2011-06-24 09:54 . 2011-06-29 03:33 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2011-06-24 09:54 . 2011-06-28 02:12 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2008-01-08 15:47 . 2011-06-28 02:12 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-06-28 13:40 . 2011-06-29 03:33 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-06-28 13:40 . 2011-07-02 21:21 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{22EEDC10-A18C-11E0-A31C-0019D1245D11}.dat
+ 2011-06-28 19:48 . 2011-06-28 19:49 8192 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A71A72CE-A1BF-11E0-A31C-0019D1245D11}.dat
+ 2011-07-02 21:21 . 2011-07-02 21:21 8192 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{469A054C-A4F1-11E0-A31C-0019D1245D11}.dat
+ 2011-06-28 18:40 . 2011-06-28 18:41 8192 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{24DE4583-A1B6-11E0-A31C-0019D1245D11}.dat
+ 2011-06-28 13:40 . 2011-06-28 13:40 8192 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{22EEDC11-A18C-11E0-A31C-0019D1245D11}.dat
+ 2011-06-28 18:40 . 2011-06-28 18:40 8192 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{08931D77-A1B6-11E0-A31C-0019D1245D11}.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Travis.PRIME-C0912BDD6\Application Data\mjusbsp\cdloader2.exe" [2011-05-16 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"SW20"="c:\windows\system32\sw20.exe" [2006-09-08 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-09-08 69632]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe" [2011-04-28 235168]
.
c:\documents and settings\Baeb\Start Menu\Programs\Startup\
Impulse Now.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2010-10-13 476448]
.
c:\documents and settings\NetworkService.NT AUTHORITY.000\Start Menu\Programs\Startup\
Launch WhiteSmoke.lnk.disabled [2011-6-3 1630]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ExSearchOptions"= 170970 (0x29bda)
"SpecifyDefaultButtons"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2011-06-28 11:19 1191216 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-09-04 02:12 111936 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-13 02:56 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-02-07 00:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 23:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"idsvc"=3 (0x3)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Paradox Interactive\\Elven Legacy\\ElvenLegacy.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\king's bounty - the legend\\kb.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\king's bounty - the legend\\save_fixer.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\kings bounty armored princess\\kb.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\puzzle quest\\Puzzle Quest.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\the witcher enhanced edition\\System\\witcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\the witcher enhanced edition\\System\\djinni!.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Documents and Settings\\Baeb\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Opera 9\\opera.exe"=
"c:\\Documents and Settings\\Travis.PRIME-C0912BDD6\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2011 11.0.1.400\\english\\setup.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 95406822;95406822 Boot Guard Driver;c:\windows\system32\drivers\95406822.sys [27/06/2011 3:42 PM 37392]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [17/06/2011 12:21 PM 64512]
R1 95406821;95406821;c:\windows\system32\drivers\95406821.sys [27/06/2011 3:42 PM 128016]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [08/06/2011 6:12 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [08/06/2011 6:12 PM 309848]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [20/06/2011 2:45 PM 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [08/06/2011 6:12 PM 19544]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [17/06/2011 2:00 AM 2151640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [08/07/2008 5:37 PM 347648]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [17/06/2011 2:00 AM 15232]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28/02/2006 6:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
S4 AVGIDSDriver;AVGIDSDriver; [x]
S4 AVGIDSEH;AVGIDSEH; [x]
S4 AVGIDSFilter;AVGIDSFilter; [x]
S4 AVGIDSShim;AVGIDSShim; [x]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/03/2008 8:22 AM 717296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-17 11:19]
.
2011-07-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]
.
2011-07-11 c:\windows\Tasks\WebReg HP Deskjet F4400 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2008-10-17 02:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
mStart Page = www.google.ca
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-11 22:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(912)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2011-07-11 22:17:19 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-12 04:17
ComboFix2.txt 2011-06-28 09:00
.
Pre-Run: 185,022,574,592 bytes free
Post-Run: 185,801,404,416 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 156A0471040658879EF38492E966AE1C


All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Error: Unable to stop service 95406822!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\95406822 deleted successfully.
C:\WINDOWS\system32\drivers\95406822.sys moved successfully.
Error: Unable to stop service 95406821!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\95406821 deleted successfully.
C:\WINDOWS\system32\drivers\95406821.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\ not found.
File C:\Program Files\AVG\AVG10\Firefox4 not found.
File C:\WINDOWS\System32\drivers\95406821.sys not found.
File C:\WINDOWS\System32\drivers\95406822.sys not found.
C:\Documents and Settings\All Users.WINDOWS\Application Data\~0 folder moved successfully.
C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\AVG10\cfgall folder moved successfully.
C:\Documents and Settings\Travis.PRIME-C0912BDD6\Application Data\AVG10 folder moved successfully.
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\AVG\AVG10 folder moved successfully.
C:\Program Files\AVG folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Travis.PRIME-C0912BDD6\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator

User: All Users

User: All Users.WINDOWS

User: Baeb
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: K-Diggity
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: moms
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: TmpUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Travis
->Temp folder emptied: 89114134 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Travis.PRIME-C0912BDD6
->Temp folder emptied: 38898919 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: TRAVIS~1~PRI

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 31708800 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 152.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: All Users.WINDOWS

User: Baeb
->Flash cache emptied: 0 bytes

User: Default User

User: Default User.WINDOWS
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: K-Diggity
->Flash cache emptied: 0 bytes

User: LocalService

User: LocalService.NT AUTHORITY

User: LocalService.NT AUTHORITY.000
->Flash cache emptied: 0 bytes

User: moms
->Flash cache emptied: 0 bytes

User: NetworkService

User: NetworkService.NT AUTHORITY

User: NetworkService.NT AUTHORITY.000
->Flash cache emptied: 0 bytes

User: TmpUser

User: Travis
->Flash cache emptied: 0 bytes

User: Travis.PRIME-C0912BDD6
->Flash cache emptied: 0 bytes

User: TRAVIS~1~PRI

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.25.0 log created on 07122011_090559

Files\Folders moved on Reboot...
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{E4DC81EC-8D1D-4800-9A9C-EFED3FFA34EA}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\Apr2006_d3dx9_30_x64.cab scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{E4DC81EC-8D1D-4800-9A9C-EFED3FFA34EA}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\Apr2006_d3dx9_30_x86.cab scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{E4DC81EC-8D1D-4800-9A9C-EFED3FFA34EA}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\Apr2006_MDX1_x86.cab scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{E4DC81EC-8D1D-4800-9A9C-EFED3FFA34EA}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\DirectX.cab scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{E4DC81EC-8D1D-4800-9A9C-EFED3FFA34EA}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\DSETUP.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{E4DC81EC-8D1D-4800-9A9C-EFED3FFA34EA}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\dsetup32.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{E4DC81EC-8D1D-4800-9A9C-EFED3FFA34EA}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\dxdllreg_x86.cab scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{E4DC81EC-8D1D-4800-9A9C-EFED3FFA34EA}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\dxnt.cab scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{E4DC81EC-8D1D-4800-9A9C-EFED3FFA34EA}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\DXSETUP.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{E4DC81EC-8D1D-4800-9A9C-EFED3FFA34EA}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\dxupdate.cab scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{D34842A2-FB2B-442B-845B-13A9C0E26B9B}\ISSetup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{D34842A2-FB2B-442B-845B-13A9C0E26B9B}\_Setup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{B63165DB-CF32-4657-B1D9-3661E71E0E98}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\Apr2006_d3dx9_30_x64.cab scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{B63165DB-CF32-4657-B1D9-3661E71E0E98}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\Apr2006_d3dx9_30_x86.cab scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{B63165DB-CF32-4657-B1D9-3661E71E0E98}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\Apr2006_MDX1_x86.cab scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{B63165DB-CF32-4657-B1D9-3661E71E0E98}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\DirectX.cab scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{B63165DB-CF32-4657-B1D9-3661E71E0E98}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\DSETUP.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{B63165DB-CF32-4657-B1D9-3661E71E0E98}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\dsetup32.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{B63165DB-CF32-4657-B1D9-3661E71E0E98}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\dxdllreg_x86.cab scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{B63165DB-CF32-4657-B1D9-3661E71E0E98}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\dxnt.cab scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{B63165DB-CF32-4657-B1D9-3661E71E0E98}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\DXSETUP.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{B63165DB-CF32-4657-B1D9-3661E71E0E98}\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\directx9\dxupdate.cab scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{B4B4C42C-B402-4FEC-AF97-724E923040DA}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD}\default.pal scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{B4B4C42C-B402-4FEC-AF97-724E923040DA}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD}\isrt.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{B4B4C42C-B402-4FEC-AF97-724E923040DA}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD}\_IsRes.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{B4B4C42C-B402-4FEC-AF97-724E923040DA}\corecomp.ini scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{92E2A19A-8FE9-41CA-B0B6-5D27CBCC4593}\ISSetup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{92E2A19A-8FE9-41CA-B0B6-5D27CBCC4593}\_Setup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{8AD930B0-05F7-4F27-9453-621D67EFF16C}\ISSetup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{8AD930B0-05F7-4F27-9453-621D67EFF16C}\_Setup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{8356FFA0-5318-421A-B563-E4273E490299}\ISSetup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{8356FFA0-5318-421A-B563-E4273E490299}\_Setup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{59CA1D7B-2678-4882-8584-5755DBE663DB}\ISSetup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{59CA1D7B-2678-4882-8584-5755DBE663DB}\_Setup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{4FAE41F5-0074-4817-9C18-F224F3584EF3}\ISSetup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{4FAE41F5-0074-4817-9C18-F224F3584EF3}\_Setup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{2DE10478-5C5F-4CAE-9927-F287B8FE3BD6}\ISSetup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{2DE10478-5C5F-4CAE-9927-F287B8FE3BD6}\_Setup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{2CB0D3FE-5B39-4001-9990-CD8E3C4CFFB8}\ISSetup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\{2CB0D3FE-5B39-4001-9990-CD8E3C4CFFB8}\_Setup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\IEC50.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\IEC51.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\IECE.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\nerodeltmp.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\set1.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\set13.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\set17.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\Set3.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\set4.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\set7F.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\set9A.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\setA0.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\SetC.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\_is120.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\_is20C.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\_is20D.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\_is20E.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\_is20F.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\_is210.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\_is211.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\_is29.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\_is3A.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\_is3B.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\_is43.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Travis\Local Settings\Temp\_isB1.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users