Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Just-In-Time Debugging never goes away, browser redirects google links, anti-spyware scans don't purge problem!


  • This topic is locked This topic is locked
25 replies to this topic

#1 HELP?!?!

HELP?!?!

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 29 June 2011 - 06:00 AM

Hello and thank you for reading my topic.

I always browse using firefox and recently I visited a site involving cross country workouts and same old same old, at the top, firefox notifies me that it has stopped a pop-up from activating. I've encountered websites like these before with the same notifications and usually nothing happens, however within five minutes of browsing this site, a strange message popped up on my tool bar called "Just-In-Time Debugging". I didn't trust this strange message and immediately left the site and restarted my browser, then I "X" out the "Just-In-Time Debugging" message. Within seconds the message appears again and again I "X" the message out, however after several attempts the message constantly keeps coming back!

Then, the next time I turned on my computer my avast notifies me that it has blocked a malware url site. I thought I had dodged the bullet, but I find that every time I start my computer avast notifies me again that it has blocked a malware url site even though I didn't go on the internet.

Now, every time I browse on google, when I click on a link, I am redirected to an unknown url! Also, sometimes when I am casually surfing the net a tab opens by itself being either blank or on an unknown site.

I've scanned with all my anti-spyware and anti-virus software (avast, search and destroy, spyware blaster), but every one has told me that everything on my computer is fine when it is not! I've scanned my computer with the dds tool and the gmer tool, please help me!!!

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_22
Run by Compaq_Administrator at 23:19:17 on 2011-06-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.320 [GMT -10:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe
C:\Documents and Settings\All Users\Application Data\Boxtools\Toolbox.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dleaserv.exe
C:\WINDOWS\system32\dleacoms.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.atcomet.com/m/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - c:\program files\d-link toolbar\dlinktb.dll
mURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - c:\program files\d-link toolbar\dlinktb.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - c:\program files\dell toolbar\toolband.dll
BHO: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\webhelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: eSnipsBHO Class: {b530a9a4-1722-4d16-aad6-aa85e3ad2ade} - c:\program files\logia\esnipsdownloader\eSnipsBHO.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: D-Link Toolbar Loader: {f01858c7-2a68-4d93-9e22-502eae3917c2} - c:\program files\d-link toolbar\dlinktb.dll
BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_P.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_P.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - c:\program files\dell toolbar\toolband.dll
TB: D-Link Toolbar: {61874dfa-9adf-44e5-8e61-f3913707e7d7} - c:\program files\d-link toolbar\dlinktb.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Boxoft Tools] "c:\documents and settings\all users\application data\boxtools\Boxofttoolbox.exe" -autorun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [WordPerfect Office 1115] c:\program files\common files\corel\registration\en\Registration.exe /title="WordPerfect Office 11" /date=092410 serial=WS11WBD-0500346-FPS
mRun: [TkBellExe] "realsched.exe" -osboot
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [eSnips_Downloader] "c:\program files\logia\esnipsdownloader\eSnips_Downloader.exe" -startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [dleamon.exe] "c:\program files\dell v310-v510 series\dleamon.exe"
mRun: [EzPrint] "c:\program files\dell v310-v510 series\ezprint.exe"
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\dwa-130 reve\wirelesscm.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin/module.main/favorites\ie_add_to.html
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://connect.applera.com/dwa7W.cab,DanaInfo=.aUTHRWISZ8DJl12zt7rR6yC,CT=java+
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://abi.webex.com/client/v_mywebex-t20/webex/ieatgpc.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{83B84916-1DF1-4488-BC7D-2CB83E37E177} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{AC0B01A0-7D2D-4C84-9CC1-6C483A328DEC} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\ept0356f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://eis.esnips.com/page/search_provider/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d&q=
FF - component: c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\ept0356f.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\ept0356f.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - component: c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\ept0356f.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\ept0356f.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\ept0356f.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-1 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-1-26 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-26 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-25 42184]
R2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe -service --> c:\windows\system32\dleacoms.exe -service [?]
R2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleaserv.exe [2011-3-26 193192]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-6-28 1251720]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [2011-4-9 20480]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2011-4-9 588032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 WLSVC;WLSVC;c:\program files\d-link\dwa-130 reve\WLSVC.exe [2011-4-9 167936]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-1-20 30192]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
VBSFile=%WINDIR%\System32\CScript.exe //nologo "%1" %*
.
=============== Created Last 30 ================
.
2011-06-26 17:35:25 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-06-26 17:35:25 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2011-05-26 01:00:38 1158726 ----a-w- c:\documents and settings\all users\SPLCA.tmp
2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-11 08:38:35 69270 ----a-w- c:\documents and settings\all users\SPL38.tmp
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3120213AS rev.3.AHH -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x863294D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8632f7d0]; MOV EAX, [0x8632f84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x86315AB8]
3 CLASSPNP[0xF75B0FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000070[0x86373F18]
5 ACPI[0xF7447620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x86317940]
\Driver\atapi[0x862B6448] -> IRP_MJ_CREATE -> 0x863294D0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5c; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8632931B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 23:22:36.85 ===============

Attached Files

  • Attached File  ark.txt   147.07KB   1 downloads
  • Attached File  DDS.txt   20.08KB   0 downloads

Edited by HELP?!?!, 29 June 2011 - 06:04 AM.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:59 AM

Posted 02 July 2011 - 12:10 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 HELP?!?!

HELP?!?!
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 04 July 2011 - 05:48 AM

Hello and thank you for responding to my topic.

I have attached the files you requested, but I must inform you of the developments that have occured since my intial post. On Friday, July 1, my computer would turn on, but would remain a black screen, only displaying the message along the lines of "lsass.exe failed to exectute." I restarted my computer many times and waited long intervals, but nothing would work as my computer stayed blank and black. Therefore, after I tried everything, I used my Compaq computer's system restore option to reset my computer to square one and it worked ... or so it seemed.

After the system restore process, my computer resembled how it was from the first day I turned it on. I installed all my securities back and even found all my files were still there, just moved to a location in my C Drive. However, after my first day of relief, the next day several problems arose. I noticed my browser had irregular internet speed (not due to wireless connection, I assure you) and when I tried playing videos from websites like nbc.com the video would load very slow and when loaded, the video would play with stop-go lag motion.

I used my avast and did a full boot system scan twice and found many viruses with the label "Win32", however there were others as well, but I can't recall their names. PLease help me and help me rid my computer of this PLAGUE!!



OTL logfile created on: 7/4/2011 12:18:27 AM - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 244.94 Mb Available Physical Memory | 25.56% Memory free
2.26 Gb Paging File | 1.66 Gb Available in Paging File | 73.31% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.30 Gb Total Space | 4.65 Gb Free Space | 4.46% Space Free | Partition Type: NTFS
Drive D: | 7.46 Gb Total Space | 0.38 Gb Free Space | 5.15% Space Free | Partition Type: FAT32

Computer Name: KAELYN | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/04 00:17:27 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Downloads\OTL(1).exe
PRC - [2011/06/15 18:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/10 22:28:30 | 003,769,048 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2011/05/10 22:27:38 | 005,607,080 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2011/05/10 22:21:12 | 003,834,456 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDMonSvc.exe
PRC - [2011/05/10 22:18:34 | 003,585,696 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFWSvc.exe
PRC - [2011/05/10 22:18:08 | 003,515,656 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2011/05/10 02:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 02:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2009/09/10 17:02:14 | 000,505,152 | ---- | M] (D-Link Corp.) -- C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe
PRC - [2007/06/13 00:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/28 13:19:09 | 000,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
PRC - [2006/02/15 19:34:58 | 000,249,856 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe


========== Modules (SafeList) ==========

MOD - [2011/07/04 00:17:27 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Downloads\OTL(1).exe
MOD - [2011/05/10 02:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2006/08/25 05:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/06/28 13:19:06 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings\Temp\IadHide5.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/05/30 11:33:54 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/05/11 15:10:44 | 000,167,040 | ---- | M] (Safer-Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe -- (SDWSCService)
SRV - [2011/05/10 22:28:30 | 003,769,048 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe -- (SDUpdateService)
SRV - [2011/05/10 22:21:12 | 003,834,456 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy 2\SDMonSvc.exe -- (SDMonitorService)
SRV - [2011/05/10 22:18:34 | 003,585,696 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy 2\SDFWSvc.exe -- (SDFirewallService)
SRV - [2011/05/10 22:18:08 | 003,515,656 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe -- (SDScannerService)
SRV - [2011/05/10 02:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/02/11 19:12:38 | 000,167,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\D-Link\DWA-130 revE\WLSVC.exe -- (WLSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 02:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 02:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 02:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 02:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 01:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 01:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 01:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009/08/05 22:23:22 | 000,588,032 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2008/02/27 10:54:00 | 000,020,480 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WLNdis50.sys -- (WLNdis50)
DRV - [2006/03/08 10:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/03 11:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 11:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/12 14:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 08:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 08:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/06/29 15:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/03/09 11:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 11:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 05:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2562237476-906228576-2048124378-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKU\S-1-5-21-2562237476-906228576-2048124378-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKU\S-1-5-21-2562237476-906228576-2048124378-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKU\S-1-5-21-2562237476-906228576-2048124378-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKU\S-1-5-21-2562237476-906228576-2048124378-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKU\S-1-5-21-2562237476-906228576-2048124378-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2562237476-906228576-2048124378-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/06/30 19:59:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/01 17:37:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/07/01 17:38:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/01 01:37:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/01 03:40:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2011/07/01 01:37:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2011/07/01 01:37:20 | 000,000,000 | ---D | M]

[2011/06/30 19:40:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Mozilla\Extensions
[2011/07/03 21:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Mozilla\Firefox\Profiles\38g9mrbs.default\extensions
[2011/07/03 21:08:27 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Mozilla\Firefox\Profiles\38g9mrbs.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2011/07/01 00:55:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/04 06:42:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/03 05:10:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/18 18:29:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/07/01 00:55:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/05/11 16:09:22 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
File not found (No name found) --
[2011/07/01 17:37:05 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/07/01 17:38:05 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.005.030.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/07/01 00:54:59 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/15 18:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/15 02:20:18 | 001,034,544 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/07/01 00:54:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/12/06 01:43:34 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2009/12/31 22:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/06/22 07:45:01 | 000,002,029 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\esnips.xml

O1 HOSTS File: ([2011/07/01 01:06:52 | 000,434,001 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14939 more lines...
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-2562237476-906228576-2048124378-1008\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-2562237476-906228576-2048124378-1008\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2562237476-906228576-2048124378-1008..\Run: [BitComet] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk = C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe (D-Link Corp.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2562237476-906228576-2048124378-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html ()
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - SDWinLogon.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/05 01:28:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sdnclean.exe) - C:\WINDOWS\System32\sdnclean.exe (Safer Networking Limited)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/04 00:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Start Menu\Programs\Startup
[2011/07/03 21:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BitComet
[2011/07/03 20:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\BitComet
[2011/07/03 08:30:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2011/07/03 08:30:02 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2011/07/03 08:29:54 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2011/07/03 06:38:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011/07/02 09:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Sonic
[2011/07/02 09:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Leadertech
[2011/07/02 08:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings\Application Data\AVG Security Toolbar
[2011/07/01 18:15:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\AVG10
[2011/07/01 17:38:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/07/01 17:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/07/01 17:37:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/07/01 17:32:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/07/01 17:32:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/07/01 17:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/07/01 17:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/01 15:24:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Adobe
[2011/07/01 15:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\HPQ
[2011/07/01 08:03:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2011/07/01 06:06:06 | 002,181,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011/07/01 06:06:06 | 002,137,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011/07/01 06:06:05 | 002,016,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011/07/01 06:06:04 | 002,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2011/07/01 05:23:46 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011/07/01 03:48:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/07/01 03:45:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/01 03:43:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2011/07/01 01:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Apple Computer
[2011/07/01 01:39:46 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2011/07/01 01:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings\Application Data\Apple
[2011/07/01 01:35:54 | 004,517,664 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2011/07/01 01:35:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/07/01 01:32:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings\Application Data\Apple Computer
[2011/07/01 01:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Macromedia
[2011/07/01 01:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\TigerPlayer
[2011/07/01 00:59:54 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/01 00:55:15 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/07/01 00:55:15 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/01 00:55:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/01 00:55:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/07/01 00:55:15 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/07/01 00:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Sun
[2011/07/01 00:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2011/07/01 00:49:27 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2011/07/01 00:49:12 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll
[2011/07/01 00:49:12 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll
[2011/07/01 00:49:11 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2011/06/30 19:59:23 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/06/30 19:59:23 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/06/30 19:59:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/06/30 19:59:22 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/06/30 19:59:22 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/06/30 19:59:21 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/06/30 19:59:21 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/06/30 19:59:21 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/06/30 19:59:20 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/06/30 19:59:02 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/06/30 19:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/06/30 19:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/06/30 19:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Downloads
[2011/06/30 19:39:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings\Application Data\Mozilla
[2011/06/30 19:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Mozilla
[2011/06/30 19:22:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/06/30 19:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\MSNInstaller
[2011/06/30 19:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\InstallShield
[2011/06/30 12:15:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Symantec
[2011/06/30 12:15:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Recent
[2011/06/30 12:03:05 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Microsoft
[2011/06/30 12:03:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Real
[2011/06/30 12:03:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Intuit
[2011/06/30 12:03:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Identities
[2011/06/30 12:03:04 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Cookies
[2011/06/30 12:03:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data
[2011/06/30 12:03:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Favorites
[2011/06/30 12:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings\Application Data\Wildtangent
[2011/06/30 12:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings\Application Data\Microsoft
[2011/06/30 12:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings\Application Data\Google
[2011/06/30 12:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Desktop
[2011/06/30 12:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings\Application Data\ApplicationHistory
[2011/06/30 12:03:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\SendTo
[2011/06/30 12:03:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Start Menu
[2011/06/30 12:03:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\My Videos
[2011/06/30 12:03:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\My Pictures
[2011/06/30 12:03:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\My Music
[2011/06/30 12:03:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents
[2011/06/30 12:03:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Templates
[2011/06/30 12:03:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\PrintHood
[2011/06/30 12:03:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\NetHood
[2011/06/30 12:03:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings
[2011/06/30 12:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\WINDOWS
[2011/06/30 12:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}
[2011/06/30 11:11:16 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/04 00:14:06 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/07/04 00:08:58 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/07/04 00:06:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/04 00:06:32 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/03 23:54:35 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/07/03 22:24:02 | 000,031,692 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Desktop\Rootkit Unhooker Report
[2011/07/03 21:08:22 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitComet.lnk
[2011/07/03 20:23:16 | 120,915,856 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/07/03 20:19:13 | 000,003,649 | ---- | M] () -- C:\WINDOWS\viassary-hp.reg
[2011/07/03 13:55:12 | 011,316,509 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Aobozu - Hoshi no Sumika.mp3
[2011/07/02 09:47:21 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/07/02 09:23:29 | 006,369,621 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Big Bang - Gara Gara GO!! (korean ver.).mp3
[2011/07/02 09:22:30 | 002,954,585 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Big Bang - Top Of The World.mp3
[2011/07/02 09:21:59 | 009,052,504 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Seungri (Big Bang) - VVIP.MP3
[2011/07/02 09:21:57 | 005,978,629 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\SeungRi (Of Big Bang) - Strong Baby.mp3
[2011/07/02 09:19:17 | 005,502,975 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\BIG BANG - Lies.mp3
[2011/07/02 09:18:36 | 008,826,880 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Big Bang - Tonight.mp3
[2011/07/02 09:11:37 | 009,201,637 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\1. C.N Blue - Love.mp3
[2011/07/02 09:05:07 | 007,957,070 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CNBLUE - thank you (a.ri.ga.tou.).mp3
[2011/07/02 09:02:04 | 003,563,134 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CNBLUE Tattoo.mp3
[2011/07/02 09:01:22 | 003,177,357 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CNBlue - Just Please.mp3
[2011/07/02 09:00:46 | 008,820,736 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CNBLUE_Alone.mp3
[2011/07/02 08:59:33 | 007,729,152 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Love Light - CNBLUE.mp3
[2011/07/02 08:58:41 | 007,736,028 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CNBLUE- Sweet Holiday.mp3
[2011/07/02 08:56:17 | 007,917,057 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\02. CNBlue - Bluetory - Love Revolution.mp3
[2011/07/02 08:53:59 | 002,616,824 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CNBLUE - I'm A Loner.mp3
[2011/07/02 08:51:48 | 009,281,297 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\C.N.BLUE - Lie.mp3
[2011/07/02 08:47:54 | 003,663,070 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\C.N Blue - The Way -One Time-.mp3
[2011/07/02 08:46:14 | 005,109,583 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CN BLUE - Love Girl.mp3
[2011/07/02 08:29:29 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/02 08:29:29 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/02 00:09:56 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/01 19:10:21 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/01 17:37:28 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/07/01 11:12:38 | 000,184,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/01 03:45:48 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2011/07/01 01:39:52 | 000,001,550 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/01 01:37:05 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/07/01 01:21:34 | 000,001,841 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Easy Internet Sign-up.lnk
[2011/07/01 01:21:34 | 000,000,488 | ---- | M] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2011/07/01 01:18:19 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/07/01 01:06:52 | 000,434,001 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/01 01:01:40 | 000,434,001 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110701-010652.backup
[2011/07/01 00:59:54 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/01 00:54:57 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/07/01 00:54:57 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/01 00:54:57 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/01 00:54:57 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/07/01 00:54:57 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/07/01 00:49:27 | 000,001,844 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2011/06/30 19:59:24 | 000,001,697 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/30 19:59:21 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/30 19:56:34 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Desktop\SpywareBlaster.lnk
[2011/06/30 19:28:20 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/30 19:28:20 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/30 19:19:00 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
[2011/06/30 19:19:00 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wireless Connection Manager.lnk
[2011/06/30 12:14:48 | 000,001,918 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
[2011/06/30 12:14:34 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/30 12:12:11 | 000,001,835 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_EX319AA-ABA SR1922X NA670_YC_0Pres_QMXF626_E63NAprREA1_48_INAGAMI_SASUSTek Computer INC._V1.02_B3.11_T060919_WXP2_L409_M959_J120_7AMD_8Athlon 64_92.2_#060809_N_Z14F12F20_G10DE0241.MRK
[2011/06/30 12:02:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/30 12:01:25 | 000,001,063 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/06/30 12:00:29 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2011/06/29 22:28:16 | 002,762,724 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Desktop\iTunes Music Library.xml
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/03 22:24:01 | 000,031,692 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Desktop\Rootkit Unhooker Report
[2011/07/03 20:23:16 | 120,915,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/07/03 14:04:50 | 011,316,509 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Aobozu - Hoshi no Sumika.mp3
[2011/07/02 09:47:21 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/07/02 09:33:33 | 007,309,479 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\2-08 - Asia Engineer - Eternal Pose.mp3
[2011/07/02 09:33:33 | 003,490,849 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\UVERworld-Core Pride.mp3
[2011/07/02 09:33:32 | 009,310,371 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Tomofumi Tanizawa - Soufuu.mp3
[2011/07/02 09:25:52 | 003,563,134 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CNBLUE Tattoo.mp3
[2011/07/02 09:25:52 | 003,177,357 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CNBlue - Just Please.mp3
[2011/07/02 09:25:47 | 007,957,070 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CNBLUE - thank you (a.ri.ga.tou.).mp3
[2011/07/02 09:25:45 | 009,201,637 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\1. C.N Blue - Love.mp3
[2011/07/02 09:25:41 | 008,826,880 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Big Bang - Tonight.mp3
[2011/07/02 09:25:38 | 005,978,629 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\SeungRi (Of Big Bang) - Strong Baby.mp3
[2011/07/02 09:25:38 | 005,502,975 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\BIG BANG - Lies.mp3
[2011/07/02 09:25:35 | 009,052,504 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Seungri (Big Bang) - VVIP.MP3
[2011/07/02 09:25:34 | 002,954,585 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Big Bang - Top Of The World.mp3
[2011/07/02 09:25:32 | 006,369,621 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Big Bang - Gara Gara GO!! (korean ver.).mp3
[2011/07/02 09:25:30 | 005,109,583 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CN BLUE - Love Girl.mp3
[2011/07/02 09:25:29 | 003,663,070 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\C.N Blue - The Way -One Time-.mp3
[2011/07/02 09:25:16 | 009,281,297 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\C.N.BLUE - Lie.mp3
[2011/07/02 09:25:13 | 002,616,824 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CNBLUE - I'm A Loner.mp3
[2011/07/02 09:25:11 | 007,917,057 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\02. CNBlue - Bluetory - Love Revolution.mp3
[2011/07/02 09:25:09 | 007,736,028 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CNBLUE- Sweet Holiday.mp3
[2011/07/02 09:25:06 | 007,729,152 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Love Light - CNBLUE.mp3
[2011/07/02 09:25:05 | 008,820,736 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CNBLUE_Alone.mp3
[2011/07/01 17:37:28 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/07/01 08:03:38 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/07/01 01:36:21 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/01 01:21:34 | 000,000,488 | ---- | C] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2011/07/01 01:18:19 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/07/01 01:18:19 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/07/01 00:49:27 | 000,001,850 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2011/07/01 00:49:27 | 000,001,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2011/06/30 19:56:34 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Desktop\SpywareBlaster.lnk
[2011/06/30 19:28:20 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/30 19:18:59 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\wlndis50.sys
[2011/06/30 19:18:59 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys
[2011/06/30 19:18:59 | 000,010,667 | ---- | C] () -- C:\WINDOWS\System32\wlndis50.cat
[2011/06/30 19:18:59 | 000,001,593 | ---- | C] () -- C:\WINDOWS\System32\wlndis50.inf
[2011/06/30 12:14:48 | 000,001,918 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
[2011/06/30 12:12:08 | 000,001,835 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_EX319AA-ABA SR1922X NA670_YC_0Pres_QMXF626_E63NAprREA1_48_INAGAMI_SASUSTek Computer INC._V1.02_B3.11_T060919_WXP2_L409_M959_J120_7AMD_8Athlon 64_92.2_#060809_N_Z14F12F20_G10DE0241.MRK
[2011/06/30 12:12:07 | 1005,113,344 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/30 12:03:15 | 000,001,773 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Microsoft\Internet Explorer\Quick Launch\Netscape Browser.lnk
[2011/06/30 12:03:15 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2011/06/30 12:03:15 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/30 12:03:15 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Microsoft\Internet Explorer\Quick Launch\HP Rhapsody.lnk
[2011/06/30 12:03:15 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/30 12:01:16 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office 2003 Edition 60 Days Trial Welcome Tour.lnk
[2011/06/30 12:01:16 | 000,001,753 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Netscape Browser.lnk
[2011/06/29 22:26:54 | 002,762,724 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Desktop\iTunes Music Library.xml
[2010/08/15 07:49:39 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/03/26 11:05:16 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/01/31 08:25:55 | 000,000,041 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/01/26 20:12:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/10/06 09:00:58 | 000,032,705 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2007/01/18 11:52:48 | 000,102,032 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2007/01/18 11:52:48 | 000,017,218 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2006/12/08 09:10:53 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/08/22 18:18:01 | 000,000,043 | ---- | C] () -- C:\WINDOWS\twinnt30.ini
[2006/08/09 12:36:57 | 000,102,032 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2006/08/09 12:36:57 | 000,017,218 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2006/06/28 13:49:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/28 13:24:22 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/06/28 13:19:07 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-5577497.exe
[2006/06/28 13:18:04 | 000,667,896 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2006/06/28 13:18:04 | 000,001,235 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2006/06/28 13:17:56 | 000,012,988 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/06/28 13:17:49 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/06/28 13:15:15 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/06/28 13:14:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/28 13:00:38 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/28 12:59:01 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/06/28 12:59:01 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/06/28 12:53:59 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/06/28 12:52:36 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/06/28 12:49:18 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/28 12:49:18 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/06/28 12:49:18 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/28 12:49:18 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/28 12:49:17 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/28 12:49:17 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/06/28 12:49:17 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/06/28 12:49:17 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/06/28 12:49:17 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/06/28 12:49:17 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/06/28 12:49:17 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/28 12:47:03 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/28 12:30:30 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/06/28 12:30:30 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/06/28 12:30:10 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/17 14:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/12/05 01:45:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/12/05 01:33:46 | 000,382,022 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/12/05 01:33:46 | 000,053,640 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/12/05 01:31:56 | 000,184,224 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/12/05 01:28:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/05 01:26:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 01:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 01:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/15 12:04:22 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 12:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 12:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== Files - Unicode (All) ==========
[2011/07/02 09:25:24 | 005,423,356 | R--- | C] ()(C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CN.BLUE - Intuition ??.mp3) -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CN.BLUE - Intuition 직감.mp3
[2011/07/02 08:51:27 | 005,423,356 | R--- | M] ()(C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CN.BLUE - Intuition ??.mp3) -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CN.BLUE - Intuition 직감.mp3

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D031D15E
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61B310EE

< End of report >



OTL Extras logfile created on: 7/4/2011 12:18:27 AM - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 244.94 Mb Available Physical Memory | 25.56% Memory free
2.26 Gb Paging File | 1.66 Gb Available in Paging File | 73.31% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.30 Gb Total Space | 4.65 Gb Free Space | 4.46% Space Free | Partition Type: NTFS
Drive D: | 7.46 Gb Total Space | 0.38 Gb Free Space | 5.15% Space Free | Partition Type: FAT32

Computer Name: KAELYN | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2562237476-906228576-2048124378-1008\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"17570:TCP" = 17570:TCP:*:Enabled:BitComet 17570 TCP
"17570:UDP" = 17570:UDP:*:Enabled:BitComet 17570 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFWSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFWSvc.exe:*:Enabled:Spybot-S&D 2 Firewall service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDMonSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDMonSvc.exe:*:Enabled:Spybot-S&D 2 On-Access monitor service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDSODSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDSODSvc.exe:*:Enabled:Spybot-S&D 2 Scan On Demand service
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player Beta -- (Veoh Networks)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{228814B2-6A64-4AD5-8D2D-4E2188DEB191}" = AVG 2011
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352F5013-07DC-446D-8DB6-38F339086C60}" = LightScribe 1.4.84.1
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}" = D-Link DWA-130 Wireless N USB Adapter
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = Compaq Organize
"{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1" = HP Support Overview
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB90FF25-9932-48F2-B643-1802F1864FAF}" = AVG 2011
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Free Antivirus
"AVG" = AVG 2011
"BitComet" = BitComet 1.28
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Rhapsody" = HP Rhapsody
"HPOOVClient-5577497 Uninstaller" = Compaq Connections (remove only)
"Install WeatherBug" = Remove WeatherBug Installer
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSNINST" = MSN
"Netscape Browser" = Netscape Browser (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"SpywareBlaster_is1" = SpywareBlaster 4.4
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WT004602" = Tornado Jockey
"WT005532" = Polar Bowler
"WT005533" = Polar Golfer
"WT005534" = Ricochet Lost Worlds
"WT005537" = Super Granny
"WT005538" = Tradewinds
"WT005541" = Blasterball 2 Revolution
"WT005542" = Blasterball 2 Remix
"WT005544" = Bounce Symphony
"WT005611" = Tennis Titans
"WT005612" = Family Feud
"WT005613" = Flip Words
"WT005614" = Insaniquarium Deluxe
"WT005615" = Jewel Quest
"WT005616" = Mah Jong Quest
"WT005617" = Mystery Case Files
"WT005618" = Poker Superstars
"WT005619" = SCRABBLE
"WT005620" = Slingo Deluxe
"WT005622" = Fairies
"WT005623" = Snowy The Bears Adventure
"WT005625" = Bejeweled 2 Deluxe
"WT005627" = Bookworm Deluxe
"WT005628" = Chuzzle Deluxe
"WT005629" = Diner Dash
"WT006068" = FATE

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/1/2011 2:10:55 AM | Computer Name = KAELYN | Source = Application Error | ID = 1000
Description = Faulting application nda.exe, version 1.0.0.216, faulting module mscomctl.ocx,
version 6.1.97.86, fault address 0x000149eb.

Error - 7/1/2011 2:06:41 PM | Computer Name = KAELYN | Source = Application Error | ID = 1000
Description = Faulting application NDP1.1sp1-KB979906-X86.exe, version 1.0.1683.4989,
faulting module NDP1.1sp1-KB979906-X86.exe, version 1.0.1683.4989, fault address
0x00016bed.

Error - 7/1/2011 5:15:42 PM | Computer Name = KAELYN | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp2\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 7/1/2011 7:07:01 PM | Computer Name = KAELYN | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp2\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 7/2/2011 4:20:28 PM | Computer Name = KAELYN | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp2\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 7/3/2011 7:43:55 PM | Computer Name = KAELYN | Source = ESENT | ID = 490
Description = svchost (1640) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 7/3/2011 7:43:55 PM | Computer Name = KAELYN | Source = ESENT | ID = 439
Description = Catalog Database (1640) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb. Error
-1032.

Error - 7/3/2011 7:43:55 PM | Computer Name = KAELYN | Source = ESENT | ID = 473
Description = Catalog Database (1640) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
was partially detached. Error -1032 encountered updating database headers.

Error - 7/4/2011 2:19:04 AM | Computer Name = KAELYN | Source = Application Error | ID = 1004
Description = Faulting application NDP1.1sp1-KB979906-X86.exe, version 1.0.1683.4989,
faulting module NDP1.1sp1-KB979906-X86.exe, version 1.0.1683.4989, fault address
0x00016bed.

[ System Events ]
Error - 7/1/2011 1:21:55 AM | Computer Name = KAELYN | Source = Service Control Manager | ID = 7000
Description = The crd service failed to start due to the following error: %%1053

Error - 7/1/2011 1:57:51 AM | Computer Name = KAELYN | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 7/1/2011 1:57:51 AM | Computer Name = KAELYN | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 7/1/2011 1:57:51 AM | Computer Name = KAELYN | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\AvastUI.exe.
Reference
error message: The operation completed successfully. .

Error - 7/1/2011 2:17:30 AM | Computer Name = KAELYN | Source = DCOM | ID = 10010
Description = The server {62F84090-A87D-4FA9-BF65-2AAB91B61CE5} did not register
with DCOM within the required timeout.

Error - 7/1/2011 6:49:47 AM | Computer Name = KAELYN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
Center Service service to connect.

Error - 7/1/2011 6:49:47 AM | Computer Name = KAELYN | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
to the following error: %%1053

Error - 7/1/2011 9:44:23 AM | Computer Name = KAELYN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
Center Service service to connect.

Error - 7/1/2011 9:44:23 AM | Computer Name = KAELYN | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
to the following error: %%1053

Error - 7/1/2011 1:50:21 PM | Computer Name = KAELYN | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024200d: Security Update for Windows XP (KB932168).


< End of report >



RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0xF2ED9000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4403200 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3956736 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 82.05 )
0xF5C34000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 3538944 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 82.05 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2058368 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2058368 bytes
0x804D7000 RAW 2058368 bytes
0x804D7000 WMIxWDM 2058368 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF5A9E000 C:\WINDOWS\system32\DRIVERS\HSX_DP.sys 1011712 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF7316000 iaStor.sys 872448 bytes (Intel Corporation, Intel Matrix Storage Manager driver)
0xF59E8000 C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys 745472 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF2BC4000 C:\WINDOWS\system32\DRIVERS\RTL8192su.sys 589824 bytes (Realtek Semiconductor Corporation , Realtek RTL8192S USB NDIS Driver)
0xF71CD000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF2B0A000 C:\WINDOWS\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0xF2C90000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF2E04000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB8DD3000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF5978000 C:\WINDOWS\system32\DRIVERS\NVNRM.SYS 307200 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.)
0xF2B7A000 C:\WINDOWS\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)
0xF2DBD000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 290816 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xF5B95000 C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys 282624 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xF72BB000 ftsata2.sys 274432 bytes (Promise Technology, Inc., Promise Driver for Windows Server 2003)
0xB884A000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF2C54000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xF5941000 C:\WINDOWS\system32\DRIVERS\NVSNPU.SYS 225280 bytes (NVIDIA Corporation, NVIDIA Networking Soft-NPU Driver.)
0xF58B4000 C:\WINDOWS\system32\DRIVERS\update.sys 212992 bytes (Microsoft Corporation, Update Driver)
0xF58E8000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7441000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF71A0000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB901D000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF2CFF000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF2D4C000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF73EB000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF59C3000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 151552 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xF2ABF000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF5BDA000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF5BFD000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF2D2A000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF2EB7000 C:\WINDOWS\system32\drivers\portcls.sys 139264 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF2D9C000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806CE000 ACPI_HAL 131968 bytes
0x806CE000 C:\WINDOWS\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB8ABB000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 131072 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0xF7283000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7411000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7185000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF72FE000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF2A2F000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF72A3000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9229000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xF725A000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF592A000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB8FE0000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF5C20000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF2E5C000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7271000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7430000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF5919000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA3B8000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7620000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF5FFC000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF603C000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF75E0000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF7750000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xBA408000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF77E0000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7720000 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 57344 bytes (Advanced Micro Devices, AMD Processor Driver)
0xF75F0000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF7740000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF75B0000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7760000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7770000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7590000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF602C000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF75D0000 PxHelp20.sys 49152 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7790000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7730000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7580000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7780000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF601C000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xF77D0000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF77B0000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF75C0000 bb-run.sys 36864 bytes (Promise Technology, Inc., Promise Disk Accelerator)
0xB8E2A000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF75A0000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF5FCC000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7570000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF77A0000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF5FEC000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF6998000 C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 36864 bytes (NVIDIA Corporation, NVIDIA Networking Function Driver.)
0xF600C000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7860000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7950000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7800000 avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xF77F0000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7970000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7858000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF78D8000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF7850000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7888000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7870000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7930000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7868000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Cisco Systems, Inc., IEEE 802.1X Protocol Driver)
0xF7968000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xF78E8000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0xB9328000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xF7940000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF77F8000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7880000 C:\WINDOWS\system32\DRIVERS\PS2.sys 20480 bytes (Hewlett-Packard Company, PS2 SYS)
0xF78B8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF78C8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF78A8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7960000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF7908000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7878000 C:\WINDOWS\system32\DRIVERS\wlndis50.sys 20480 bytes (-, WLAN NDIS 5.0 User Mode Control Driver)
0xF7984000 AVGIDSEH.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xB9065000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface DRIVER)
0xF5FB4000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xBA4C4000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7A14000 C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 16384 bytes (NVIDIA Corporation, NVIDIA Networking Bus Driver.)
0xF2A93000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF7980000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF2ABB000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7A20000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7A28000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7AE0000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7A78000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7B22000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7ADC000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7A76000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7A70000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7AE4000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7AE8000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7AC4000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7ACA000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A74000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7A72000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C3B000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7B61000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7C0B000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B38000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

Attached Files


Edited by SweetTech, 04 July 2011 - 12:20 PM.
expanded logs.--ST


#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:59 AM

Posted 04 July 2011 - 12:30 PM

Okay. Thanks for that information.

I don't like having files attached. It makes it much more difficult for me to work with the logs.

See this from my intro speech:


Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.



___________________________



Remove Program
We need to remove a program. To do this please do the following:
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):
  • AVG 2011
  • J2SE Runtime Environment 5.0 Update 5


NEXT:



Then run this tool:

AVG Removal Tool

Download and save AVG Removal Tool to your desktop

Run it to remove AVG. After this, please restart your computer.


NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
    PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
    PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
    PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
    PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
    PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
    SRV - [2011/05/30 11:33:54 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
    SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/01 17:37:05 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/07/01 17:38:05 | 000,000,000 | ---D | M]
    [2010/05/04 06:42:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/09/03 05:10:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/11/18 18:29:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/07/01 17:37:05 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
    [2011/07/01 17:38:05 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.005.030.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O3 - HKU\S-1-5-21-2562237476-906228576-2048124378-1008\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O4 - HKLM..\Run: []  File not found
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKU\S-1-5-21-2562237476-906228576-2048124378-1008..\Run: [BitComet]  File not found
    O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - Winlogon\Notify\SDWinLogon: DllName - SDWinLogon.dll -  File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    [2011/07/02 08:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings\Application Data\AVG Security Toolbar
    [2011/07/01 18:15:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\AVG10
    [2011/07/01 17:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2011/07/01 17:37:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
    [2011/07/01 17:32:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2011/07/01 17:32:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
    [2011/07/01 17:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2011/07/03 20:23:16 | 120,915,856 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2011/07/01 17:37:28 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
    [2011/07/01 01:01:40 | 000,434,001 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110701-010652.backup
    [2011/07/03 20:23:16 | 120,915,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2011/07/01 17:37:28 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D031D15E
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61B310EE
    
    :Reg
    
    :Files
    C:\WINDOWS\System32\drivers\AVG\
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Scanning with MalwareBytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (v1.51.0.1200) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.



NEXT:



What issues are you currently experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 HELP?!?!

HELP?!?!
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 04 July 2011 - 11:46 PM

Thank you for your reply and once again, I appreciate your advice to the fullest. Here are the results from the scans you wanted me to employ, I hope they help. Please help and help me get rid of this plague!! (order of scan results: malwarebytes, TDDS Killer, OTL Fix)

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7025

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

7/4/2011 6:35:26 PM
mbam-log-2011-07-04 (18-35-26).txt

Scan type: Quick scan
Objects scanned: 179499
Time elapsed: 22 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\localservice\application data\020000008490a75a1363c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\020000008490a75a1363o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\020000008490a75a1363p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\020000008490a75a1363s.manifest (Malware.Trace) -> Quarantined and deleted successfully.



RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0xF2ED9000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4403200 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3956736 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 82.05 )
0xF5C34000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 3538944 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 82.05 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2058368 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2058368 bytes
0x804D7000 RAW 2058368 bytes
0x804D7000 WMIxWDM 2058368 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF5A9E000 C:\WINDOWS\system32\DRIVERS\HSX_DP.sys 1011712 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF7316000 iaStor.sys 872448 bytes (Intel Corporation, Intel Matrix Storage Manager driver)
0xF59E8000 C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys 745472 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF2BC4000 C:\WINDOWS\system32\DRIVERS\RTL8192su.sys 589824 bytes (Realtek Semiconductor Corporation , Realtek RTL8192S USB NDIS Driver)
0xF71CD000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF2B0A000 C:\WINDOWS\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0xF2C90000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF2E04000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB8DD3000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF5978000 C:\WINDOWS\system32\DRIVERS\NVNRM.SYS 307200 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.)
0xF2B7A000 C:\WINDOWS\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)
0xF2DBD000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 290816 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xF5B95000 C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys 282624 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xF72BB000 ftsata2.sys 274432 bytes (Promise Technology, Inc., Promise Driver for Windows Server 2003)
0xB884A000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF2C54000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xF5941000 C:\WINDOWS\system32\DRIVERS\NVSNPU.SYS 225280 bytes (NVIDIA Corporation, NVIDIA Networking Soft-NPU Driver.)
0xF58B4000 C:\WINDOWS\system32\DRIVERS\update.sys 212992 bytes (Microsoft Corporation, Update Driver)
0xF58E8000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7441000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF71A0000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB901D000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF2CFF000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF2D4C000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF73EB000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF59C3000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 151552 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xF2ABF000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF5BDA000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF5BFD000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF2D2A000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF2EB7000 C:\WINDOWS\system32\drivers\portcls.sys 139264 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF2D9C000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806CE000 ACPI_HAL 131968 bytes
0x806CE000 C:\WINDOWS\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB8ABB000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 131072 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0xF7283000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7411000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7185000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF72FE000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF2A2F000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF72A3000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9229000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xF725A000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF592A000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB8FE0000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF5C20000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF2E5C000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7271000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7430000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF5919000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA3B8000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7620000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF5FFC000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF603C000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF75E0000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF7750000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xBA408000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF77E0000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7720000 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 57344 bytes (Advanced Micro Devices, AMD Processor Driver)
0xF75F0000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF7740000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF75B0000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7760000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7770000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7590000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF602C000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF75D0000 PxHelp20.sys 49152 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7790000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7730000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7580000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7780000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF601C000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xF77D0000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF77B0000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF75C0000 bb-run.sys 36864 bytes (Promise Technology, Inc., Promise Disk Accelerator)
0xB8E2A000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF75A0000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF5FCC000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7570000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF77A0000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF5FEC000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF6998000 C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 36864 bytes (NVIDIA Corporation, NVIDIA Networking Function Driver.)
0xF600C000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7860000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7950000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7800000 avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xF77F0000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7970000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7858000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF78D8000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF7850000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7888000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7870000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7930000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7868000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Cisco Systems, Inc., IEEE 802.1X Protocol Driver)
0xF7968000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xF78E8000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0xB9328000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xF7940000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF77F8000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7880000 C:\WINDOWS\system32\DRIVERS\PS2.sys 20480 bytes (Hewlett-Packard Company, PS2 SYS)
0xF78B8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF78C8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF78A8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7960000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF7908000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7878000 C:\WINDOWS\system32\DRIVERS\wlndis50.sys 20480 bytes (-, WLAN NDIS 5.0 User Mode Control Driver)
0xF7984000 AVGIDSEH.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xB9065000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface DRIVER)
0xF5FB4000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xBA4C4000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7A14000 C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 16384 bytes (NVIDIA Corporation, NVIDIA Networking Bus Driver.)
0xF2A93000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF7980000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF2ABB000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7A20000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7A28000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7AE0000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7A78000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7B22000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7ADC000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7A76000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7A70000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7AE4000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7AE8000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7AC4000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7ACA000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A74000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7A72000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C3B000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7B61000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7C0B000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B38000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================




All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
No active process named avgtray.exe was found!
No active process named AVGIDSAgent.exe was found!
No active process named avgnsx.exe was found!
No active process named avgcsrvx.exe was found!
No active process named avgchsvx.exe was found!
No active process named AVGIDSMonitor.exe was found!
No active process named avgwdsvc.exe was found!
No active process named avgrsx.exe was found!
Error: No service named AVG Security Toolbar Service was found to stop!
Service\Driver key AVG Security Toolbar Service not found.
File C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe not found.
Error: No service named AVGIDSAgent was found to stop!
Service\Driver key AVGIDSAgent not found.
File C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe not found.
Error: No service named avgwd was found to stop!
Service\Driver key avgwd not found.
File C:\Program Files\AVG\AVG10\avgwdsvc.exe not found.
Error: No service named AVGIDSDriver was found to stop!
Service\Driver key AVGIDSDriver not found.
File C:\WINDOWS\system32\drivers\AVGIDSDriver.sys not found.
Error: No service named Avgtdix was found to stop!
Service\Driver key Avgtdix not found.
File C:\WINDOWS\system32\drivers\avgtdix.sys not found.
Error: No service named Avgrkx86 was found to stop!
Service\Driver key Avgrkx86 not found.
File C:\WINDOWS\system32\DRIVERS\avgrkx86.sys not found.
Error: No service named Avgmfx86 was found to stop!
Service\Driver key Avgmfx86 not found.
File C:\WINDOWS\system32\drivers\avgmfx86.sys not found.
Error: No service named AVGIDSEH was found to stop!
Service\Driver key AVGIDSEH not found.
File C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys not found.
Error: No service named AVGIDSShim was found to stop!
Service\Driver key AVGIDSShim not found.
File C:\WINDOWS\system32\drivers\AVGIDSShim.sys not found.
Error: No service named AVGIDSFilter was found to stop!
Service\Driver key AVGIDSFilter not found.
File C:\WINDOWS\system32\drivers\AVGIDSFilter.sys not found.
Error: No service named Avgldx86 was found to stop!
Service\Driver key Avgldx86 not found.
File C:\WINDOWS\system32\drivers\avgldx86.sys not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
File C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
File C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\ not found.
C:\Program Files\AVG\AVG10\Firefox4\Components folder moved successfully.
C:\Program Files\AVG\AVG10\Firefox4 folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared not found.
C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\components folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
Folder C:\PROGRAM FILES\AVG\AVG10\FIREFOX4\ not found.
Folder C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
File C:\Program Files\AVG\AVG10\avgssie.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
File C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
File C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-2562237476-906228576-2048124378-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AVG_TRAY not found.
File C:\Program Files\AVG\AVG10\avgtray.exe not found.
Registry value HKEY_USERS\S-1-5-21-2562237476-906228576-2048124378-1008\Software\Microsoft\Windows\CurrentVersion\Run\\BitComet deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
File C:\Program Files\AVG\AVG10\avgpp.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ not found.
File C:\Program Files\AVG\AVG10\avgpp.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync deleted successfully.
File C:\Program Files\AVG\AVG10\avgchsvx.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart deleted successfully.
File C:\Program Files\AVG\AVG10\avgrsx.exe not found.
C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings\Application Data\AVG Security Toolbar\cache\update folder moved successfully.
C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings\Application Data\AVG Security Toolbar\cache folder moved successfully.
C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings\Application Data\AVG Security Toolbar folder moved successfully.
C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\AVG10\cfgall folder moved successfully.
C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\AVG10 folder moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\ not found.
Folder C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011\ not found.
C:\Documents and Settings\All Users\Application Data\AVG10\log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG10 folder moved successfully.
Folder C:\WINDOWS\System32\drivers\AVG\ not found.
C:\Program Files\AVG\AVG10\Toolbar\Firefox folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar folder moved successfully.
C:\Program Files\AVG\AVG10\Notification folder moved successfully.
C:\Program Files\AVG\AVG10 folder moved successfully.
C:\Program Files\AVG folder moved successfully.
C:\Documents and Settings\All Users\SPL38.tmp deleted successfully.
C:\Documents and Settings\All Users\SPLCA.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\003149_.tmp deleted successfully.
File C:\WINDOWS\System32\drivers\AVG\incavi.avm not found.
File C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk not found.
C:\WINDOWS\system32\drivers\etc\hosts.20110701-010652.backup moved successfully.
File C:\WINDOWS\System32\drivers\AVG\incavi.avm not found.
File C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D031D15E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:61B310EE deleted successfully.
========== REGISTRY ==========
========== FILES ==========
Folder C:\WINDOWS\System32\drivers\AVG not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Compaq_Administrator
->Temp folder emptied: 112896771 bytes
->Temporary Internet Files folder emptied: 303153966 bytes
->Java cache emptied: 48746019 bytes
->FireFox cache emptied: 239132363 bytes
->Flash cache emptied: 327554 bytes

User: Compaq_Administrator.KAELYN
->Temp folder emptied: 25241460 bytes
->Temporary Internet Files folder emptied: 21852733 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 45095158 bytes
->Flash cache emptied: 7090 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 339725 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 50070176 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 43509844 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 26249802 bytes

Total Files Cleaned = 874.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Compaq_Administrator
->Flash cache emptied: 0 bytes

User: Compaq_Administrator.KAELYN
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.25.0 log created on 07042011_175020

Files\Folders moved on Reboot...
C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings\Temp\IadHide5.dll moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Edited by HELP?!?!, 04 July 2011 - 11:47 PM.


#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:59 AM

Posted 05 July 2011 - 01:23 PM

Can you post the TDSSKiller log for me to review? It looks like you posted the RKU log instead of the TDSSKiller log. It can be found in your C:\ drive.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 HELP?!?!

HELP?!?!
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 05 July 2011 - 10:55 PM

Sorry, here you go.

2011/07/04 17:46:52.0250 3156 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/04 17:46:53.0000 3156 ================================================================================
2011/07/04 17:46:53.0000 3156 SystemInfo:
2011/07/04 17:46:53.0000 3156
2011/07/04 17:46:53.0000 3156 OS Version: 5.1.2600 ServicePack: 2.0
2011/07/04 17:46:53.0000 3156 Product type: Workstation
2011/07/04 17:46:53.0000 3156 ComputerName: KAELYN
2011/07/04 17:46:53.0031 3156 UserName: Compaq_Administrator
2011/07/04 17:46:53.0031 3156 Windows directory: C:\WINDOWS
2011/07/04 17:46:53.0031 3156 System windows directory: C:\WINDOWS
2011/07/04 17:46:53.0031 3156 Processor architecture: Intel x86
2011/07/04 17:46:53.0031 3156 Number of processors: 1
2011/07/04 17:46:53.0031 3156 Page size: 0x1000
2011/07/04 17:46:53.0031 3156 Boot type: Normal boot
2011/07/04 17:46:53.0031 3156 ================================================================================
2011/07/04 17:46:54.0062 3156 Initialize success
2011/07/04 17:47:16.0375 4092 ================================================================================
2011/07/04 17:47:16.0375 4092 Scan started
2011/07/04 17:47:16.0375 4092 Mode: Manual;
2011/07/04 17:47:16.0375 4092 ================================================================================
2011/07/04 17:47:16.0562 4092 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/07/04 17:47:16.0875 4092 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/04 17:47:16.0984 4092 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/04 17:47:17.0234 4092 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/07/04 17:47:17.0390 4092 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/07/04 17:47:17.0500 4092 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/07/04 17:47:17.0968 4092 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/07/04 17:47:18.0156 4092 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/07/04 17:47:18.0703 4092 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/07/04 17:47:18.0859 4092 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/07/04 17:47:18.0968 4092 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/07/04 17:47:19.0093 4092 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/07/04 17:47:19.0218 4092 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys
2011/07/04 17:47:19.0343 4092 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/07/04 17:47:19.0453 4092 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/04 17:47:19.0562 4092 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/04 17:47:19.0796 4092 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/04 17:47:19.0937 4092 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/04 17:47:20.0078 4092 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
2011/07/04 17:47:20.0187 4092 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/04 17:47:20.0328 4092 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/04 17:47:20.0531 4092 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/04 17:47:20.0640 4092 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/04 17:47:20.0765 4092 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/04 17:47:21.0468 4092 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/04 17:47:21.0625 4092 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/04 17:47:21.0796 4092 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/04 17:47:21.0906 4092 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/04 17:47:22.0031 4092 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/04 17:47:22.0250 4092 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/04 17:47:22.0390 4092 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/04 17:47:22.0546 4092 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/07/04 17:47:22.0671 4092 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/04 17:47:22.0812 4092 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/07/04 17:47:22.0921 4092 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/07/04 17:47:23.0046 4092 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/04 17:47:23.0156 4092 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/04 17:47:23.0281 4092 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
2011/07/04 17:47:23.0406 4092 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/07/04 17:47:23.0515 4092 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/04 17:47:23.0625 4092 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/04 17:47:23.0859 4092 HSXHWBS2 (1f5c64b0c6b2e2f48735a77ae714ccb8) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
2011/07/04 17:47:24.0031 4092 HSX_DP (a7f8c9228898a1e871d2ae7082f50ac3) C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
2011/07/04 17:47:24.0312 4092 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/04 17:47:24.0593 4092 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/04 17:47:24.0718 4092 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/07/04 17:47:24.0890 4092 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/04 17:47:25.0312 4092 IntcAzAudAddService (64be56b8858ca0153c725c720ffd194f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/07/04 17:47:25.0531 4092 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/04 17:47:25.0765 4092 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/07/04 17:47:25.0937 4092 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/04 17:47:26.0046 4092 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/04 17:47:26.0171 4092 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/04 17:47:26.0281 4092 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/04 17:47:26.0406 4092 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/04 17:47:26.0531 4092 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/04 17:47:26.0656 4092 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/04 17:47:26.0796 4092 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/04 17:47:26.0921 4092 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/04 17:47:27.0171 4092 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/07/04 17:47:27.0296 4092 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/04 17:47:27.0421 4092 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/04 17:47:27.0531 4092 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/04 17:47:27.0640 4092 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/04 17:47:27.0859 4092 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/04 17:47:28.0000 4092 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/04 17:47:28.0140 4092 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/04 17:47:28.0328 4092 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/04 17:47:28.0453 4092 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/04 17:47:28.0562 4092 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/04 17:47:28.0703 4092 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/04 17:47:28.0812 4092 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/04 17:47:28.0921 4092 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/04 17:47:29.0031 4092 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/04 17:47:29.0156 4092 Ndisuio (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/04 17:47:29.0265 4092 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/04 17:47:29.0390 4092 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/04 17:47:29.0500 4092 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/04 17:47:29.0640 4092 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/04 17:47:30.0015 4092 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/07/04 17:47:30.0140 4092 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/04 17:47:30.0265 4092 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/04 17:47:30.0390 4092 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/04 17:47:30.0593 4092 nv (ce58f42b11be20a47c3d8d2f38da254e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/07/04 17:47:30.0812 4092 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/07/04 17:47:30.0953 4092 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/07/04 17:47:31.0125 4092 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/04 17:47:31.0265 4092 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/04 17:47:31.0390 4092 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/07/04 17:47:31.0515 4092 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/04 17:47:31.0656 4092 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/04 17:47:31.0765 4092 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/04 17:47:31.0906 4092 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/04 17:47:32.0109 4092 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/04 17:47:32.0234 4092 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/04 17:47:32.0921 4092 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/04 17:47:33.0031 4092 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/07/04 17:47:33.0140 4092 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/07/04 17:47:33.0281 4092 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/04 17:47:33.0390 4092 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/04 17:47:33.0515 4092 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/04 17:47:34.0203 4092 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/04 17:47:34.0312 4092 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/04 17:47:34.0437 4092 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/04 17:47:34.0546 4092 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/04 17:47:34.0671 4092 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/04 17:47:34.0781 4092 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/04 17:47:34.0906 4092 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/04 17:47:35.0046 4092 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/04 17:47:35.0171 4092 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/04 17:47:35.0468 4092 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/07/04 17:47:35.0578 4092 RTL8192su (7bfdf13721f0366212ab8e94361a05bd) C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
2011/07/04 17:47:35.0765 4092 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/04 17:47:35.0875 4092 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/07/04 17:47:36.0000 4092 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/04 17:47:36.0375 4092 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/04 17:47:36.0609 4092 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/04 17:47:36.0828 4092 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/04 17:47:36.0953 4092 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/04 17:47:37.0062 4092 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/04 17:47:37.0531 4092 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/04 17:47:37.0687 4092 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/04 17:47:37.0843 4092 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/04 17:47:38.0015 4092 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/04 17:47:38.0125 4092 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/04 17:47:38.0359 4092 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/04 17:47:38.0593 4092 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/04 17:47:38.0781 4092 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/07/04 17:47:38.0906 4092 usbehci (7481d843e672b51039b7e8a161b746b8) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/04 17:47:39.0015 4092 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/04 17:47:39.0156 4092 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/07/04 17:47:39.0343 4092 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/04 17:47:39.0468 4092 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/04 17:47:39.0593 4092 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/04 17:47:39.0718 4092 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/07/04 17:47:39.0843 4092 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/07/04 17:47:39.0984 4092 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/04 17:47:40.0125 4092 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/04 17:47:40.0343 4092 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/04 17:47:40.0546 4092 winachsx (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/07/04 17:47:40.0765 4092 WLNdis50 (bb2c5a7a555b387b85481b8bde5370d7) C:\WINDOWS\system32\DRIVERS\wlndis50.sys
2011/07/04 17:47:40.0984 4092 MBR (0x1B8) (d11c727e03bb7318dcda069b06e652f0) \Device\Harddisk0\DR0
2011/07/04 17:47:41.0046 4092 Boot (0x1200) (487ed811a12817003b6b500808121879) \Device\Harddisk0\DR0\Partition0
2011/07/04 17:47:41.0062 4092 Boot (0x1200) (aa6f6c4e4cc7a95ef89b2f32f8a368be) \Device\Harddisk0\DR0\Partition1
2011/07/04 17:47:41.0093 4092 ================================================================================
2011/07/04 17:47:41.0093 4092 Scan finished
2011/07/04 17:47:41.0093 4092 ================================================================================
2011/07/04 17:47:41.0125 4012 Detected object count: 0
2011/07/04 17:47:41.0125 4012 Actual detected object count: 0
2011/07/04 17:48:20.0812 1832 ================================================================================
2011/07/04 17:48:20.0812 1832 Scan started
2011/07/04 17:48:20.0812 1832 Mode: Manual;
2011/07/04 17:48:20.0812 1832 ================================================================================
2011/07/04 17:48:21.0109 1832 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/07/04 17:48:21.0484 1832 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/04 17:48:21.0640 1832 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/04 17:48:21.0875 1832 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/07/04 17:48:22.0000 1832 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/07/04 17:48:22.0125 1832 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/07/04 17:48:22.0640 1832 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/07/04 17:48:22.0843 1832 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/07/04 17:48:23.0406 1832 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/07/04 17:48:23.0515 1832 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/07/04 17:48:23.0625 1832 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/07/04 17:48:23.0781 1832 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/07/04 17:48:23.0906 1832 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys
2011/07/04 17:48:24.0015 1832 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/07/04 17:48:24.0140 1832 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/04 17:48:24.0250 1832 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/04 17:48:24.0468 1832 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/04 17:48:24.0640 1832 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/04 17:48:24.0765 1832 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
2011/07/04 17:48:24.0875 1832 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/04 17:48:25.0000 1832 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/04 17:48:25.0187 1832 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/04 17:48:25.0296 1832 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/04 17:48:25.0421 1832 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/04 17:48:26.0250 1832 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/04 17:48:26.0390 1832 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/04 17:48:26.0500 1832 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/04 17:48:26.0609 1832 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/04 17:48:26.0734 1832 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/04 17:48:26.0937 1832 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/04 17:48:27.0093 1832 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/04 17:48:27.0281 1832 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/07/04 17:48:27.0390 1832 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/04 17:48:27.0500 1832 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/07/04 17:48:27.0640 1832 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/07/04 17:48:27.0750 1832 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/04 17:48:27.0859 1832 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/04 17:48:27.0968 1832 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
2011/07/04 17:48:28.0093 1832 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/07/04 17:48:28.0250 1832 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/04 17:48:28.0359 1832 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/04 17:48:28.0593 1832 HSXHWBS2 (1f5c64b0c6b2e2f48735a77ae714ccb8) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
2011/07/04 17:48:28.0718 1832 HSX_DP (a7f8c9228898a1e871d2ae7082f50ac3) C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
2011/07/04 17:48:28.0843 1832 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/04 17:48:29.0140 1832 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/04 17:48:29.0281 1832 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/07/04 17:48:29.0421 1832 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/04 17:48:29.0843 1832 IntcAzAudAddService (64be56b8858ca0153c725c720ffd194f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/07/04 17:48:30.0046 1832 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/04 17:48:30.0250 1832 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/07/04 17:48:30.0359 1832 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/04 17:48:30.0484 1832 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/04 17:48:30.0625 1832 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/04 17:48:30.0750 1832 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/04 17:48:30.0875 1832 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/04 17:48:30.0984 1832 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/04 17:48:31.0125 1832 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/04 17:48:31.0265 1832 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/04 17:48:31.0406 1832 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/04 17:48:31.0671 1832 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/07/04 17:48:31.0796 1832 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/04 17:48:31.0906 1832 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/04 17:48:32.0015 1832 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/04 17:48:32.0140 1832 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/04 17:48:32.0343 1832 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/04 17:48:32.0484 1832 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/04 17:48:32.0625 1832 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/04 17:48:32.0796 1832 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/04 17:48:32.0906 1832 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/04 17:48:33.0000 1832 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/04 17:48:33.0109 1832 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/04 17:48:33.0218 1832 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/04 17:48:33.0328 1832 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/04 17:48:33.0437 1832 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/04 17:48:33.0562 1832 Ndisuio (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/04 17:48:33.0671 1832 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/04 17:48:33.0828 1832 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/04 17:48:33.0953 1832 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/04 17:48:34.0109 1832 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/04 17:48:34.0265 1832 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/07/04 17:48:34.0375 1832 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/04 17:48:34.0515 1832 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/04 17:48:34.0656 1832 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/04 17:48:34.0875 1832 nv (ce58f42b11be20a47c3d8d2f38da254e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/07/04 17:48:35.0109 1832 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/07/04 17:48:35.0218 1832 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/07/04 17:48:35.0343 1832 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/04 17:48:35.0484 1832 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/04 17:48:35.0609 1832 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/07/04 17:48:35.0734 1832 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/04 17:48:35.0906 1832 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/04 17:48:36.0093 1832 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/04 17:48:36.0343 1832 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/04 17:48:36.0578 1832 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/04 17:48:36.0718 1832 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/04 17:48:37.0640 1832 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/04 17:48:37.0812 1832 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/07/04 17:48:37.0968 1832 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/07/04 17:48:38.0125 1832 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/04 17:48:38.0265 1832 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/04 17:48:38.0421 1832 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/04 17:48:39.0281 1832 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/04 17:48:39.0437 1832 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/04 17:48:39.0609 1832 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/04 17:48:39.0843 1832 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/04 17:48:39.0968 1832 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/04 17:48:40.0093 1832 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/04 17:48:40.0218 1832 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/04 17:48:40.0406 1832 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/04 17:48:40.0671 1832 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/04 17:48:40.0843 1832 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/07/04 17:48:41.0015 1832 RTL8192su (7bfdf13721f0366212ab8e94361a05bd) C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
2011/07/04 17:48:41.0296 1832 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/04 17:48:41.0531 1832 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/07/04 17:48:41.0671 1832 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/04 17:48:42.0140 1832 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/04 17:48:42.0265 1832 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/04 17:48:42.0406 1832 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/04 17:48:42.0671 1832 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/04 17:48:42.0828 1832 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/04 17:48:43.0671 1832 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/04 17:48:43.0859 1832 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/04 17:48:43.0984 1832 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/04 17:48:44.0093 1832 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/04 17:48:44.0218 1832 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/04 17:48:44.0671 1832 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/04 17:48:44.0953 1832 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/04 17:48:45.0187 1832 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/07/04 17:48:45.0421 1832 usbehci (7481d843e672b51039b7e8a161b746b8) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/04 17:48:45.0609 1832 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/04 17:48:45.0859 1832 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/07/04 17:48:46.0031 1832 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/04 17:48:46.0265 1832 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/04 17:48:46.0421 1832 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/04 17:48:46.0656 1832 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/07/04 17:48:46.0859 1832 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/07/04 17:48:46.0968 1832 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/04 17:48:47.0171 1832 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/04 17:48:47.0468 1832 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/04 17:48:47.0703 1832 winachsx (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/07/04 17:48:47.0984 1832 WLNdis50 (bb2c5a7a555b387b85481b8bde5370d7) C:\WINDOWS\system32\DRIVERS\wlndis50.sys
2011/07/04 17:48:48.0125 1832 MBR (0x1B8) (d11c727e03bb7318dcda069b06e652f0) \Device\Harddisk0\DR0
2011/07/04 17:48:48.0171 1832 Boot (0x1200) (487ed811a12817003b6b500808121879) \Device\Harddisk0\DR0\Partition0
2011/07/04 17:48:48.0234 1832 Boot (0x1200) (aa6f6c4e4cc7a95ef89b2f32f8a368be) \Device\Harddisk0\DR0\Partition1
2011/07/04 17:48:48.0250 1832 ================================================================================
2011/07/04 17:48:48.0250 1832 Scan finished
2011/07/04 17:48:48.0250 1832 ================================================================================
2011/07/04 17:48:48.0281 1736 Detected object count: 0
2011/07/04 17:48:48.0281 1736 Actual detected object count: 0
2011/07/04 17:49:12.0046 2248 Deinitialize success

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:59 AM

Posted 06 July 2011 - 03:41 PM

Hi!

No worries. I take it the redirects are still occurring? Are there any other computers in the household that are experiencing these redirects?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 HELP?!?!

HELP?!?!
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 06 July 2011 - 10:15 PM

Hello! Thank the holy stars!! The redirecting has stopped and I think my computer is just about back to normal! Loading videos is a little slower than how it was before, but the problem has gotten a lot better to the point where its only a very minor set back now. From the results I provided is there anything else that I should do? For now, my computer seems back to normal.

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:59 AM

Posted 07 July 2011 - 08:42 AM

Hi!

That's great! Glad to hear that the redirects have stopped.

We'll run through some extra scans to see what they find:


ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:


Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 HELP?!?!

HELP?!?!
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 08 July 2011 - 01:16 PM

Thank you for your advice and here are the results of the scans you wanted. Order (ESETscan, Security Check)

C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk Win32/Adware.ADON application
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ept0356f.default\extensions\{71180067-c403-4c09-9c96-008ab1ad91a3}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\Documents and Settings\Compaq_Administrator\Desktop\eBay.lnk Win32/Adware.ADON application
C:\Documents and Settings\Compaq_Administrator\My Documents\Downloads\eSnipsDownloader(3).exe Win32/Toolbar.Zugo application
C:\Documents and Settings\Compaq_Administrator\Start Menu\eBay.lnk Win32/Adware.ADON application
C:\Program Files\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application



Results of screen317's Security Check version 0.99.17
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 26
Adobe Flash Player 10.3.181.34
Adobe Reader X (10.1.0)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:59 AM

Posted 08 July 2011 - 11:34 PM

Hi!

Thank you for your advice and here are the results of the scans you wanted. Order (ESETscan, Security Check)

No problem! Your logs are looking better. We still have some work to do though.

These threat(s) below will be removed very shortly:

C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk Win32/Adware.ADON application
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ept0356f.default\extensions\{71180067-c403-4c09-9c96-008ab1ad91a3}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\Documents and Settings\Compaq_Administrator\Desktop\eBay.lnk Win32/Adware.ADON application
C:\Documents and Settings\Compaq_Administrator\My Documents\Downloads\eSnipsDownloader(3).exe Win32/Toolbar.Zugo application
C:\Documents and Settings\Compaq_Administrator\Start Menu\eBay.lnk Win32/Adware.ADON application


____________________________________________________

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    
    :Files
    C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk
    C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ept0356f.default\extensions\{71180067-c403-4c09-9c96-008ab1ad91a3}
    C:\Documents and Settings\Compaq_Administrator\Desktop\eBay.lnk
    C:\Documents and Settings\Compaq_Administrator\My Documents\Downloads\eSnipsDownloader(3).exe
    C:\Documents and Settings\Compaq_Administrator\Start Menu\eBay.lnk
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Update Windows XP
Service Pack 3 (SP3)
It would be in your best interest to install this service pack. This update includes all previously released updates for your system.
Microsoft advises that SP1 or SP1a needs to be installed before installing this update.
Attention: The SP3 download is very large! Based on your Internet connection... be prepared, it could take hours to download!!
Alternately, you could see if a friend or family member has the SP3 update on CD or order it from MS for a fee ... based on your location.

This will be a 2 step process...
The 1st step in this process is to apply Service Pack 3 (SP3) for Windows XP. This update, includes security fixes, to protect your computer.
The 2nd step is to apply all the critical updates and patches since SP3 was released.
Note: If at any time during these steps, you experience problems with your computer...:stop: ...Do not continue with the steps and post a description of the problem.
  • First
  • Obtain Windows XP Service Pack 3 from the Microsoft Download Center
  • Click the Download ...button. Choose "Save" at the prompt...and save the file to your desktop.
  • Double click the "WindowsXP-KB936929-SP3-x86-ENU.exe" file on your desktop to install the update.
    When the installation has completed successfully...
  • ! IMPORTANT ! reboot your computer (normally) before proceeding to the next step.
Second
  • Now...Go to: Windows Update and install the Critical Updates.
  • Press the "Express"...button to have all "critical" updates shown.
  • Make sure all critical updates and patches are checked for download and installation.
  • Press the Install Updates ... button to begin downloading and installing the updates
    After successfully installing the critical updates and patches...
  • ! IMPORTANT ! reboot your computer normally (again) before proceeding.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Edited by SweetTech, 08 July 2011 - 11:35 PM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 HELP?!?!

HELP?!?!
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 11 July 2011 - 02:09 AM

Nothing is really wrong with my computer anymore, but I just want to make sure everything is alright and there isn't anything lying around still.
Here are the results and sorry for posting back so late. (OTL Fix, OTL scan)

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ept0356f.default\extensions\{71180067-c403-4c09-9c96-008ab1ad91a3}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ept0356f.default\extensions\{71180067-c403-4c09-9c96-008ab1ad91a3}\defaults folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ept0356f.default\extensions\{71180067-c403-4c09-9c96-008ab1ad91a3}\chrome folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ept0356f.default\extensions\{71180067-c403-4c09-9c96-008ab1ad91a3} folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Desktop\eBay.lnk moved successfully.
C:\Documents and Settings\Compaq_Administrator\My Documents\Downloads\eSnipsDownloader(3).exe moved successfully.
C:\Documents and Settings\Compaq_Administrator\Start Menu\eBay.lnk moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Compaq_Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Compaq_Administrator.KAELYN
->Temp folder emptied: 8055751 bytes
->Temporary Internet Files folder emptied: 97022 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 97003208 bytes
->Flash cache emptied: 4329 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 11191280 bytes

Total Files Cleaned = 111.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Compaq_Administrator
->Flash cache emptied: 0 bytes

User: Compaq_Administrator.KAELYN
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.25.0 log created on 07092011_073648

Files\Folders moved on Reboot...
C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings\Temp\IadHide5.dll moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...




OTL logfile created on: 7/10/2011 8:54:25 PM - Run 2
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 382.09 Mb Available Physical Memory | 39.86% Memory free
2.26 Gb Paging File | 1.71 Gb Available in Paging File | 75.86% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.30 Gb Total Space | 2.45 Gb Free Space | 2.35% Space Free | Partition Type: NTFS
Drive D: | 7.46 Gb Total Space | 0.38 Gb Free Space | 5.15% Space Free | Partition Type: FAT32

Computer Name: KAELYN | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/04 01:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 01:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/07/03 22:25:00 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Downloads\OTL.exe
PRC - [2011/06/15 18:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/10 22:28:30 | 003,769,048 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2011/05/10 22:27:38 | 005,607,080 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2011/05/10 22:21:12 | 003,834,456 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDMonSvc.exe
PRC - [2011/05/10 22:18:34 | 003,585,696 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFWSvc.exe
PRC - [2011/05/10 22:18:08 | 003,515,656 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2009/09/10 17:02:14 | 000,505,152 | ---- | M] (D-Link Corp.) -- C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/28 13:19:09 | 000,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe


========== Modules (SafeList) ==========

MOD - [2011/07/04 01:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2011/07/03 22:25:00 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 06:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/06/28 13:19:06 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings\Temp\IadHide5.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/07/04 01:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/05/11 15:10:44 | 000,167,040 | ---- | M] (Safer-Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe -- (SDWSCService)
SRV - [2011/05/10 22:28:30 | 003,769,048 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe -- (SDUpdateService)
SRV - [2011/05/10 22:21:12 | 003,834,456 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy 2\SDMonSvc.exe -- (SDMonitorService)
SRV - [2011/05/10 22:18:34 | 003,585,696 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy 2\SDFWSvc.exe -- (SDFirewallService)
SRV - [2011/05/10 22:18:08 | 003,515,656 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe -- (SDScannerService)
SRV - [2009/02/11 19:12:38 | 000,167,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\D-Link\DWA-130 revE\WLSVC.exe -- (WLSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 01:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 01:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 01:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 01:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 01:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 01:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 01:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/08/05 22:23:22 | 000,588,032 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2008/02/27 10:54:00 | 000,020,480 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WLNdis50.sys -- (WLNdis50)
DRV - [2006/03/08 10:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/03 11:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 11:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/12 14:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 08:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 08:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/06/29 15:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/03/09 11:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 11:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 05:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/04 20:56:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/01 01:37:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/01 03:40:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2011/07/01 01:37:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2011/07/01 01:37:20 | 000,000,000 | ---D | M]

[2011/06/30 19:40:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Mozilla\Extensions
[2011/07/09 09:08:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Mozilla\Firefox\Profiles\38g9mrbs.default\extensions
[2011/07/03 21:08:27 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Mozilla\Firefox\Profiles\38g9mrbs.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2011/07/09 09:08:41 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Mozilla\Firefox\Profiles\38g9mrbs.default\extensions\searchtoolbar@zugo.com
[2011/07/04 17:50:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/01 00:55:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/05/11 16:09:22 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
File not found (No name found) --
[2011/07/04 20:56:00 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/07/01 00:54:59 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/15 18:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/15 02:20:18 | 001,034,544 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/07/01 00:54:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/12/06 01:43:34 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2009/12/31 22:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/06/22 07:45:01 | 000,002,029 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\esnips.xml

O1 HOSTS File: ([2011/07/09 07:36:58 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk = C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe (D-Link Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html ()
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/05 01:28:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sdnclean.exe) - C:\WINDOWS\System32\sdnclean.exe (Safer Networking Limited)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/07/10 01:33:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\IETldCache
[2011/07/10 01:09:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/07/10 01:06:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/07/10 00:28:04 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\UserData
[2011/07/09 14:52:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Start Menu\Programs\Accessories
[2011/07/09 14:51:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/07/09 10:35:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2011/07/09 10:35:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/07/09 10:35:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/07/09 10:35:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/07/09 09:09:00 | 000,000,000 | ---D | C] -- C:\Program Files\FYZip
[2011/07/09 09:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FYZip
[2011/07/09 09:06:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Start Menu\Programs\Administrative Tools
[2011/07/07 23:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/04 22:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\GetRightToGo
[2011/07/04 18:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Malwarebytes
[2011/07/04 18:08:50 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/04 18:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/04 18:08:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/04 18:08:45 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/04 18:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/04 17:50:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/04 17:37:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/07/04 00:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Start Menu\Programs\Startup
[2011/07/03 21:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BitComet
[2011/07/03 20:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\BitComet
[2011/07/02 09:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Sonic
[2011/07/02 09:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Leadertech
[2011/07/01 17:38:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/07/01 17:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/01 15:24:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Adobe
[2011/07/01 15:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\HPQ
[2011/07/01 08:03:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2011/07/01 03:48:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/07/01 03:45:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/01 03:43:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2011/07/01 01:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Apple Computer
[2011/07/01 01:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings\Application Data\Apple
[2011/07/01 01:35:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/07/01 01:32:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings\Application Data\Apple Computer
[2011/07/01 01:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Macromedia
[2011/07/01 01:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\TigerPlayer
[2011/07/01 00:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Sun
[2011/07/01 00:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2011/07/01 00:49:27 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2011/07/01 00:49:11 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2011/06/30 19:59:23 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/06/30 19:59:23 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/06/30 19:59:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/06/30 19:59:22 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/06/30 19:59:22 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/06/30 19:59:21 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/06/30 19:59:21 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/06/30 19:59:21 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/06/30 19:59:20 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/06/30 19:59:02 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/06/30 19:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/06/30 19:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/06/30 19:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Downloads
[2011/06/30 19:39:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings\Application Data\Mozilla
[2011/06/30 19:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Mozilla
[2011/06/30 19:22:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/06/30 19:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\MSNInstaller
[2011/06/30 19:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\InstallShield
[2011/06/30 12:15:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Symantec
[2011/06/30 12:15:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Recent
[2011/06/30 12:03:05 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Microsoft
[2011/06/30 12:03:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Real
[2011/06/30 12:03:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Intuit
[2011/06/30 12:03:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Identities
[2011/06/30 12:03:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data
[2011/06/30 12:03:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Favorites
[2011/06/30 12:03:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Cookies
[2011/06/30 12:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings\Application Data\Wildtangent
[2011/06/30 12:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings\Application Data\Microsoft
[2011/06/30 12:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings\Application Data\Google
[2011/06/30 12:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Desktop
[2011/06/30 12:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings\Application Data\ApplicationHistory
[2011/06/30 12:03:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\SendTo
[2011/06/30 12:03:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Start Menu
[2011/06/30 12:03:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\My Videos
[2011/06/30 12:03:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\My Pictures
[2011/06/30 12:03:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\My Music
[2011/06/30 12:03:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents
[2011/06/30 12:03:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Templates
[2011/06/30 12:03:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\PrintHood
[2011/06/30 12:03:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\NetHood
[2011/06/30 12:03:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings
[2011/06/30 12:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\WINDOWS
[2011/06/30 12:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}
[2011/06/30 11:11:16 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/10 19:14:52 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/07/10 18:48:06 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/07/10 18:44:41 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/07/10 18:44:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/10 18:44:20 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/10 01:34:10 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/10 01:33:30 | 000,185,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/10 01:26:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/10 00:36:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/09 14:54:49 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/09 14:54:49 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/09 14:52:23 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/07/09 10:32:27 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/07/09 07:36:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/04 20:56:01 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/04 18:08:50 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/04 01:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 01:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 01:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 01:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 01:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 01:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 01:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 01:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 01:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 01:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/03 22:24:02 | 000,031,692 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Desktop\Rootkit Unhooker Report
[2011/07/03 21:08:22 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitComet.lnk
[2011/07/03 20:19:13 | 000,003,649 | ---- | M] () -- C:\WINDOWS\viassary-hp.reg
[2011/07/03 13:55:12 | 011,316,509 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Aobozu - Hoshi no Sumika.mp3
[2011/07/02 09:47:21 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/07/02 09:23:29 | 006,369,621 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Big Bang - Gara Gara GO!! (korean ver.).mp3
[2011/07/02 09:22:30 | 002,954,585 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Big Bang - Top Of The World.mp3
[2011/07/02 09:21:59 | 009,052,504 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Seungri (Big Bang) - VVIP.MP3
[2011/07/02 09:21:57 | 005,978,629 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\SeungRi (Of Big Bang) - Strong Baby.mp3
[2011/07/02 09:19:17 | 005,502,975 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\BIG BANG - Lies.mp3
[2011/07/02 09:18:36 | 008,826,880 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Big Bang - Tonight.mp3
[2011/07/02 09:11:37 | 009,201,637 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\1. C.N Blue - Love.mp3
[2011/07/02 09:05:07 | 007,957,070 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CNBLUE - thank you (a.ri.ga.tou.).mp3
[2011/07/02 09:02:04 | 003,563,134 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CNBLUE Tattoo.mp3
[2011/07/02 09:01:22 | 003,177,357 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CNBlue - Just Please.mp3
[2011/07/02 09:00:46 | 008,820,736 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CNBLUE_Alone.mp3
[2011/07/02 08:59:33 | 007,729,152 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Love Light - CNBLUE.mp3
[2011/07/02 08:58:41 | 007,736,028 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CNBLUE- Sweet Holiday.mp3
[2011/07/02 08:56:17 | 007,917,057 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\02. CNBlue - Bluetory - Love Revolution.mp3
[2011/07/02 08:53:59 | 002,616,824 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CNBLUE - I'm A Loner.mp3
[2011/07/02 08:51:48 | 009,281,297 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\C.N.BLUE - Lie.mp3
[2011/07/02 08:47:54 | 003,663,070 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\C.N Blue - The Way -One Time-.mp3
[2011/07/02 08:46:14 | 005,109,583 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CN BLUE - Love Girl.mp3
[2011/07/01 19:10:21 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/01 03:45:48 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2011/07/01 01:39:52 | 000,001,550 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/01 01:37:05 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/07/01 01:21:34 | 000,001,841 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Easy Internet Sign-up.lnk
[2011/07/01 01:21:34 | 000,000,488 | ---- | M] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2011/07/01 01:18:19 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/07/01 00:49:27 | 000,001,844 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2011/06/30 19:59:24 | 000,001,697 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/30 19:56:34 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Desktop\SpywareBlaster.lnk
[2011/06/30 19:28:20 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/30 19:28:20 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/30 19:19:00 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
[2011/06/30 19:19:00 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wireless Connection Manager.lnk
[2011/06/30 12:14:48 | 000,001,918 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
[2011/06/30 12:12:11 | 000,001,835 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_EX319AA-ABA SR1922X NA670_YC_0Pres_QMXF626_E63NAprREA1_48_INAGAMI_SASUSTek Computer INC._V1.02_B3.11_T060919_WXP2_L409_M959_J120_7AMD_8Athlon 64_92.2_#060809_N_Z14F12F20_G10DE0241.MRK
[2011/06/30 12:01:25 | 000,001,063 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/06/30 12:00:29 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2011/06/29 22:28:16 | 002,762,724 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Desktop\iTunes Music Library.xml
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/09 14:52:32 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Start Menu\Programs\Outlook Express.lnk
[2011/07/09 14:52:29 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Start Menu\Programs\Internet Explorer.lnk
[2011/07/09 14:52:28 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/09 10:32:55 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/07/09 10:32:54 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/07/09 10:32:52 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/07/04 18:08:50 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/03 22:24:01 | 000,031,692 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Desktop\Rootkit Unhooker Report
[2011/07/03 14:04:50 | 011,316,509 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Aobozu - Hoshi no Sumika.mp3
[2011/07/02 09:47:21 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/07/02 09:33:33 | 007,309,479 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\2-08 - Asia Engineer - Eternal Pose.mp3
[2011/07/02 09:33:33 | 003,490,849 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\UVERworld-Core Pride.mp3
[2011/07/02 09:33:32 | 009,310,371 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Tomofumi Tanizawa - Soufuu.mp3
[2011/07/02 09:25:52 | 003,563,134 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CNBLUE Tattoo.mp3
[2011/07/02 09:25:52 | 003,177,357 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CNBlue - Just Please.mp3
[2011/07/02 09:25:47 | 007,957,070 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CNBLUE - thank you (a.ri.ga.tou.).mp3
[2011/07/02 09:25:45 | 009,201,637 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\1. C.N Blue - Love.mp3
[2011/07/02 09:25:41 | 008,826,880 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Big Bang - Tonight.mp3
[2011/07/02 09:25:38 | 005,978,629 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\SeungRi (Of Big Bang) - Strong Baby.mp3
[2011/07/02 09:25:38 | 005,502,975 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\BIG BANG - Lies.mp3
[2011/07/02 09:25:35 | 009,052,504 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Seungri (Big Bang) - VVIP.MP3
[2011/07/02 09:25:34 | 002,954,585 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Big Bang - Top Of The World.mp3
[2011/07/02 09:25:32 | 006,369,621 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Big Bang - Gara Gara GO!! (korean ver.).mp3
[2011/07/02 09:25:30 | 005,109,583 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CN BLUE - Love Girl.mp3
[2011/07/02 09:25:29 | 003,663,070 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\C.N Blue - The Way -One Time-.mp3
[2011/07/02 09:25:16 | 009,281,297 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\C.N.BLUE - Lie.mp3
[2011/07/02 09:25:13 | 002,616,824 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CNBLUE - I'm A Loner.mp3
[2011/07/02 09:25:11 | 007,917,057 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\02. CNBlue - Bluetory - Love Revolution.mp3
[2011/07/02 09:25:09 | 007,736,028 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CNBLUE- Sweet Holiday.mp3
[2011/07/02 09:25:06 | 007,729,152 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Love Light - CNBLUE.mp3
[2011/07/02 09:25:05 | 008,820,736 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CNBLUE_Alone.mp3
[2011/07/01 08:03:38 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/07/01 01:36:21 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/01 01:21:34 | 000,000,488 | ---- | C] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2011/07/01 01:18:19 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/07/01 01:18:19 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/07/01 00:49:27 | 000,001,850 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2011/07/01 00:49:27 | 000,001,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2011/06/30 19:56:34 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Desktop\SpywareBlaster.lnk
[2011/06/30 19:28:20 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/30 19:18:59 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\wlndis50.sys
[2011/06/30 19:18:59 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys
[2011/06/30 19:18:59 | 000,010,667 | ---- | C] () -- C:\WINDOWS\System32\wlndis50.cat
[2011/06/30 19:18:59 | 000,001,593 | ---- | C] () -- C:\WINDOWS\System32\wlndis50.inf
[2011/06/30 12:14:48 | 000,001,918 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
[2011/06/30 12:12:08 | 000,001,835 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_EX319AA-ABA SR1922X NA670_YC_0Pres_QMXF626_E63NAprREA1_48_INAGAMI_SASUSTek Computer INC._V1.02_B3.11_T060919_WXP2_L409_M959_J120_7AMD_8Athlon 64_92.2_#060809_N_Z14F12F20_G10DE0241.MRK
[2011/06/30 12:12:07 | 1005,113,344 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/30 12:03:15 | 000,001,773 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Microsoft\Internet Explorer\Quick Launch\Netscape Browser.lnk
[2011/06/30 12:03:15 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2011/06/30 12:03:15 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Microsoft\Internet Explorer\Quick Launch\HP Rhapsody.lnk
[2011/06/30 12:03:15 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/30 12:01:16 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office 2003 Edition 60 Days Trial Welcome Tour.lnk
[2011/06/30 12:01:16 | 000,001,753 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Netscape Browser.lnk
[2011/06/29 22:26:54 | 002,762,724 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Desktop\iTunes Music Library.xml
[2010/08/15 07:49:39 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/03/26 11:05:16 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/01/31 08:25:55 | 000,000,041 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/01/26 20:12:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/10/06 09:00:58 | 000,032,705 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2007/01/18 11:52:48 | 000,102,032 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2007/01/18 11:52:48 | 000,017,218 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2006/12/08 09:10:53 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/08/22 18:18:01 | 000,000,043 | ---- | C] () -- C:\WINDOWS\twinnt30.ini
[2006/08/09 12:36:57 | 000,102,032 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2006/08/09 12:36:57 | 000,017,218 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2006/06/28 13:49:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/28 13:24:22 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/06/28 13:19:07 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-5577497.exe
[2006/06/28 13:18:04 | 000,667,896 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2006/06/28 13:18:04 | 000,001,235 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2006/06/28 13:17:56 | 000,012,988 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/06/28 13:17:49 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/06/28 13:15:15 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/06/28 13:14:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/28 13:00:38 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/28 12:59:01 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/06/28 12:59:01 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/06/28 12:53:59 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/06/28 12:52:36 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/06/28 12:49:18 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/28 12:49:18 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/06/28 12:49:18 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/28 12:49:18 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/28 12:49:17 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/28 12:49:17 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/06/28 12:49:17 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/06/28 12:49:17 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/06/28 12:49:17 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/06/28 12:49:17 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/06/28 12:49:17 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/28 12:47:03 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/28 12:30:30 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/06/28 12:30:30 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/06/28 12:30:10 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/17 14:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/12/05 01:45:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/12/05 01:33:46 | 000,382,022 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/12/05 01:33:46 | 000,053,640 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/12/05 01:31:56 | 000,185,816 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/12/05 01:28:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/05 01:26:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 01:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 01:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/15 12:04:22 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 12:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 12:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2010/03/25 15:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/06/30 19:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/07/01 01:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/06/29 21:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Boxtools
[2011/07/01 17:38:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/09 17:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\D-Link
[2011/04/09 17:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\D-Link Toolbar
[2010/12/18 11:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/07/04 17:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/08/18 07:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MuvEnum
[2011/07/01 01:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\oK31001LpPgK31001
[2008/11/07 00:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/12/06 01:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/12/21 10:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soft Solutions
[2011/07/01 00:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/31 17:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2010/07/15 03:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/03/26 11:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/17 04:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/03 23:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\BitComet
[2011/07/04 22:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\GetRightToGo
[2011/07/02 09:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\Leadertech
[2011/06/30 19:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\MSNInstaller
[2011/07/01 01:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.KAELYN\Application Data\TigerPlayer
[2011/07/01 01:21:34 | 000,000,488 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job
[2011/07/10 18:48:06 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/15 18:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/15 18:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/15 18:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/15 18:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/15 18:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/15 18:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 02:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 02:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 02:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.exe" HIDE [2005/11/28 22:02:36 | 000,038,923 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.exe" REGISTER [2005/11/28 22:02:36 | 000,038,923 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.EXE" SHOW [2005/11/28 22:02:36 | 000,038,923 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\shell\open\command\\:
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\shell\properties\command\\: -chrome "chrome://browser/content/pref/pref.xul"

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-10 06:24:06

========== Files - Unicode (All) ==========
[2011/07/02 09:25:24 | 005,423,356 | R--- | C] ()(C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CN.BLUE - Intuition ??.mp3) -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CN.BLUE - Intuition 직감.mp3
[2011/07/02 08:51:27 | 005,423,356 | R--- | M] ()(C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CN.BLUE - Intuition ??.mp3) -- C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\CN.BLUE - Intuition 직감.mp3

< End of report >

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:59 AM

Posted 11 July 2011 - 11:42 AM

Hi!

I just see a few more things that we need to address, and then we should be able to clean-up our tools in the next reply.

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    O4 - HKLM..\Run: [PCDrProfiler] File not found
    O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
    :Reg
    
    :Files
    C:\Documents and Settings\All Users\Application Data\oK31001LpPgK31001
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 HELP?!?!

HELP?!?!
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 13 July 2011 - 11:33 AM

Thanks again for your help, here is the report! (OTL Fix)

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCDrProfiler deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\oK31001LpPgK31001 folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Compaq_Administrator.KAELYN\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Compaq_Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Compaq_Administrator.KAELYN
->Temp folder emptied: 3013926 bytes
->Temporary Internet Files folder emptied: 4414221 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 115370882 bytes
->Flash cache emptied: 3400 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 58312688 bytes

Total Files Cleaned = 173.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Compaq_Administrator
->Flash cache emptied: 0 bytes

User: Compaq_Administrator.KAELYN
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.25.0 log created on 07132011_062612




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users