Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

js:Downloader-AQX [Trj] and PUP win32 PuP-gen


  • This topic is locked This topic is locked
71 replies to this topic

#1 Discombobulated_lol

Discombobulated_lol

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atl GA
  • Local time:12:17 AM

Posted 19 July 2011 - 02:56 PM

I saw a topic last night and notice someone said they did a Boot scan , so i thought thats a Great idea considering i couldn't seem to fine this damn thing on my computer making it run outa hand and Cpu running from 2% to 60% and 80% and clipping at %100 then back to 18% and 50

i knew something was up so i did a boot scan with Avast this morning that took about 2 1/2 hours and first thing it found was a js:Downloader-AQX[Trj] and somekinda PUPwin32 PuP-gen inside i think Documents and settings , i couldn't seem to find where i can get a Log from Avast , or where it put it at all but i did select Delete while it was scanning in Boot scan

My question is is it really Gone? from what i remember in the Malware removal section here on bleeping-computer , it stated a few more steps that are going to be done but i need to know Exactly what those steps are

Yes im Backed up , defogger is on , avast should already be disabled considering i can only get online in safemode (with networking) only :(
if you need a log , i did down load RSIT ,WILL BE IN MY NEXT POST

Please if you can Help i would appreciate it ...And i know you guys get busy so take your time ok :)

BC AdBot (Login to Remove)

 


#2 Discombobulated_lol

Discombobulated_lol
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atl GA
  • Local time:12:17 AM

Posted 19 July 2011 - 03:04 PM

Logfile of random's system information tool 1.09 (written by random/random)
Run by Chris at 2011-07-19 15:31:05
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 30 GB (52%) free of 57 GB
Total RAM: 495 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:31:24 PM, on 7/19/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris\Desktop\RSIT.exe
C:\Program Files\trend micro\Chris.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Documents and Settings\Chris\My Documents\Shank1\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: ooVoo Toolbar - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files\oovootoolbar\oovootoolbarX.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O3 - Toolbar: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
O3 - Toolbar: ooVoo Toolbar - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files\oovootoolbar\oovootoolbarX.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Documents and Settings\Chris\My Documents\Downloads\Propellerhead Reason 5\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\TP-LINK\QSS\jswtrayutil.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3 101\AWC.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Documents and Settings\Chris\My Documents\Shank1\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Documents and Settings\Chris\My Documents\Shank1\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\iobit\advanced systemcare 3 101\spictrl.dll
O10 - Unknown file in Winsock LSP: c:\program files\iobit\advanced systemcare 3 101\spictrl.dll
O10 - Unknown file in Winsock LSP: c:\program files\iobit\advanced systemcare 3 101\spictrl.dll
O10 - Unknown file in Winsock LSP: c:\program files\iobit\advanced systemcare 3 101\spictrl.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292358310378
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: JumpStart Push-Button Service (jswpbapi) - Wireless - C:\Program Files\TP-LINK\QSS\jswpbapi.exe
O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - wireless - C:\Program Files\TP-LINK\QSS\jswpsapi.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10347 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\expressripDowngrade.job
C:\WINDOWS\tasks\expressripShakeIcon.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-937844147-3795378766-2985934344-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-937844147-3795378766-2985934344-1006UA.job
C:\WINDOWS\tasks\mixpadShakeIcon.job
C:\WINDOWS\tasks\ParetoLogic Registration.job
C:\WINDOWS\tasks\ParetoLogic Update Version2.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\switchDowngrade.job
C:\WINDOWS\tasks\switchShakeIcon.job
C:\WINDOWS\tasks\tonegenShakeIcon.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{679BD00C-1B74-477D-B31A-CF1E7C5A091D}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{78833E0A-558B-4F0E-B7F6-83CB7FA6DFAF}.job
C:\WINDOWS\tasks\wavepadDowngrade.job
C:\WINDOWS\tasks\wavepadShakeIcon.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
MediaBar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B9F5787-88A5-4945-90E7-C4B18563BC5E}]
KeyScramblerBHO Class - C:\Documents and Settings\Chris\My Documents\Shank1\KeyScrambler\KeyScramblerIE.dll [2010-10-13 796192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-07 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]
DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-07 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59c6f12b-f004-43e5-9997-08f2123119b6}]
ooVoo Toolbar - C:\Program Files\oovootoolbar\oovootoolbarX.dll [2011-03-31 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}]
Search Toolbar - C:\Program Files\Search Toolbar\SearchToolbar.dll [2010-04-08 271024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll [2010-12-09 3911776]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]
{9D425283-D487-4337-BAB6-AB8354A81457} - Search Toolbar - C:\Program Files\Search Toolbar\SearchToolbar.dll [2010-04-08 271024]
{28387537-e3f9-4ed7-860c-11e69af4a8a0} -
{59c6f12b-f004-43e5-9997-08f2123119b6} - ooVoo Toolbar - C:\Program Files\oovootoolbar\oovootoolbarX.dll [2011-03-31 81920]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2004-01-26 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2004-01-26 118784]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2003-10-30 192512]
"SigmaTel StacMon"=C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe [2003-08-03 86073]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2003-01-02 172032]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-04-18 88363]
"00THotkey"=C:\WINDOWS\System32\00THotkey.exe [2004-02-25 258048]
"000StTHK"=C:\WINDOWS\system32\000StTHK.exe [2001-06-23 24576]
"TFncKy"=TFncKy.exe []
"TFNF5"=C:\WINDOWS\system32\TFNF5.exe [2003-12-02 73728]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2004-03-03 278528]
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2004-02-03 1089589]
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2004-03-02 135168]
"TouchED"=C:\Program Files\TOSHIBA\TouchED\TouchED.Exe [2003-01-21 126976]
"Pinger"=C:\TOSHIBA\IVP\ISM\pinger.exe [2005-03-17 151552]
"PRONoMgr.exe"=c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe [2003-12-10 86016]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-10-14 2793304]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-02-14 1230704]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]
"PWRISOVM.EXE"=C:\Documents and Settings\Chris\My Documents\Downloads\Propellerhead Reason 5\PowerISO\PWRISOVM.EXE [2010-04-12 180224]
"jswtrayutil"=C:\Program Files\TP-LINK\QSS\jswtrayutil.exe [2009-09-24 32871]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2011-05-17 395144]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2003-09-05 65536]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe [2007-08-29 1347584]
"Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe [2010-11-04 6174008]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3 101\AWC.exe [2010-09-28 2407632]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-01-26 323584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
c:\WINDOWS\System32\LgNotify.dll [2003-12-16 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Logitech\Vid HD\Vid.exe"="C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD"
"C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Disabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\TOSHIBA\ConfigFree\CFSServW.exe"="C:\Program Files\TOSHIBA\ConfigFree\CFSServW.exe:*:Disabled:ConfigFree™ Search for Wireless Devices Version 4.50"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe"="C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"vidc.iv41"=ir41_32.ax
"msacm.iac2"=iac25_32.ax
"vidc.iv50"=ir50_32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo"=vfwwdm32.dll
"msacm.vorbis"=vorbis.acm
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll

======List of files/folders created in the last 1 month======

2011-07-17 18:44:09 ----D---- C:\Program Files\trend micro
2011-07-17 18:44:08 ----D---- C:\rsit
2011-07-16 18:35:54 ----D---- C:\Program Files\Cobian Backup 10
2011-07-16 11:25:31 ----D---- C:\Program Files\Cobian Backup 8
2011-07-13 19:10:57 ----HD---- C:\WINDOWS\msdownld.tmp
2011-07-13 12:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-13 12:00:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-07-12 17:56:39 ----A---- C:\WINDOWS\'Full Speed' Internet Booster + Performance Tests Uninstall Log.txt
2011-07-11 03:57:37 ----D---- C:\Program Files\IK Multimedia
2011-07-11 03:56:25 ----D---- C:\Documents and Settings\Chris\Application Data\InstallShield
2011-07-10 13:14:42 ----N---- C:\WINDOWS\system32\SET145.tmp
2011-07-10 13:12:08 ----D---- C:\Program Files\Ask.com
2011-07-10 13:12:08 ----D---- C:\Firefox
2011-07-10 13:10:22 ----D---- C:\Program Files\ManyCam
2011-07-08 03:31:12 ----D---- C:\Documents and Settings\Chris\Application Data\GetRight
2011-07-08 03:30:38 ----D---- C:\Program Files\GetRight
2011-07-01 15:53:58 ----A---- C:\WINDOWS\system32\javaws.exe
2011-07-01 15:53:58 ----A---- C:\WINDOWS\system32\javaw.exe
2011-07-01 15:53:58 ----A---- C:\WINDOWS\system32\java.exe
2011-06-30 00:02:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$

======List of files/folders modified in the last 1 month======

2011-07-19 15:04:08 ----AC---- C:\WINDOWS\ntbtlog.txt
2011-07-19 15:01:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-19 15:01:20 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-19 14:48:17 ----D---- C:\WINDOWS\Prefetch
2011-07-19 14:48:12 ----D---- C:\WINDOWS\Temp
2011-07-19 13:46:53 ----D---- C:\Documents and Settings\Chris\Application Data\PriceGong
2011-07-19 10:30:34 ----D---- C:\WINDOWS
2011-07-19 06:02:06 ----A---- C:\WINDOWS\system32\msvcsv60.dll
2011-07-19 02:17:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-19 00:18:55 ----SHD---- C:\System Volume Information
2011-07-19 00:18:55 ----D---- C:\WINDOWS\system32\Restore
2011-07-18 16:44:12 ----D---- C:\WINDOWS\system32
2011-07-17 18:44:09 ----RD---- C:\Program Files
2011-07-17 18:29:07 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2011-07-17 15:51:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-15 19:03:43 ----D---- C:\WINDOWS\system32\drivers
2011-07-15 16:46:47 ----D---- C:\WINDOWS\system32\CatRoot
2011-07-15 16:46:32 ----HD---- C:\WINDOWS\inf
2011-07-13 13:35:44 ----RASH---- C:\boot.ini
2011-07-13 12:00:25 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-13 12:00:12 ----A---- C:\WINDOWS\imsins.BAK
2011-07-13 11:41:37 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-12 19:33:57 ----D---- C:\Documents and Settings\Chris\Application Data\IObit
2011-07-12 19:04:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2503658$
2011-07-11 04:00:06 ----SHD---- C:\WINDOWS\Installer
2011-07-11 04:00:06 ----SHD---- C:\Config.Msi
2011-07-11 03:59:48 ----SD---- C:\Documents and Settings\Chris\Application Data\Microsoft
2011-07-11 03:59:47 ----D---- C:\Program Files\QuickTime
2011-07-11 03:58:20 ----D---- C:\Program Files\VstPlugins
2011-07-11 02:20:23 ----D---- C:\Documents and Settings\Chris\Application Data\uTorrent
2011-07-10 14:59:17 ----D---- C:\Documents and Settings\Chris\Application Data\ManyCam
2011-07-10 13:13:12 ----SD---- C:\WINDOWS\Tasks
2011-07-04 07:43:51 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-07-02 04:53:05 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2011-07-01 15:54:38 ----D---- C:\Program Files\Common Files\Java
2011-07-01 15:53:51 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-08-12 45648]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\WINDOWS\System32\DRIVERS\TVALZ.SYS [2003-08-07 9216]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2010-08-12 9072]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2010-08-12 9200]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2003-10-24 90416]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2003-12-10 100153]
R3 AR9271;Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys [2010-01-04 1714176]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-12-29 153088]
R3 JSWSCIMD;jswscimd Service; C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2009-09-21 57440]
R3 KeyScrambler;KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [2010-02-11 114952]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-01 9856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w22n51;Intel® PRO/Wireless 2200 Adapter Driver; C:\WINDOWS\System32\DRIVERS\w22n51.sys [2004-01-02 1646720]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-07-04 30808]
S1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-07-04 441176]
S1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-07-04 309848]
S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-07-04 43608]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2010-04-12 59388]
S2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-04-07 8552]
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-07-04 102616]
S2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.2.1.0; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2009-07-04 14037]
S2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\System32\DRIVERS\netdevio.sys [2003-01-29 12032]
S2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2010-06-25 35088]
S2 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys [2003-09-15 11258]
S2 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\System32\drivers\TBiosDrv.sys []
S2 tossmbnt;tossmbnt; C:\WINDOWS\system32\drivers\tossmbnt.sys [2002-04-06 19607]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2004-01-26 122110]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2004-01-26 99002]
S3 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011; C:\WINDOWS\system32\drivers\wA301a.sys [2004-01-26 33847]
S3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2002-12-20 1164576]
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\System32\DRIVERS\ar5211.sys [2004-04-18 380160]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2009-10-07 23832]
S3 gv3;Intel GV3 Processor Driver; C:\WINDOWS\System32\DRIVERS\gv3.sys [2002-11-18 30976]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-01-26 95579]
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2009-10-07 114712]
S3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2009-10-07 25752]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2009-10-07 266008]
S3 LVUVC;Logitech Webcam 250(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2009-10-07 6756632]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\stac97.sys [2003-07-17 230416]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
S2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2004-03-04 28672]
S2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\System32\DVDRAMSV.exe [2003-05-23 106496]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-20 135664]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
S2 jswpbapi;JumpStart Push-Button Service; C:\Program Files\TP-LINK\QSS\jswpbapi.exe [2009-09-21 188416]
S2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 154136]
S2 PEVSystemStart;PEVSystemStart; C:\ComboFix\PEV.cfxxe EXEC /i C:\ComboFix\HIDEC.exe C:\ComboFix\SWREG.EXE ACL HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep /RESET /Q []
S2 RegSrvc;RegSrvc; C:\WINDOWS\System32\RegSrvc.exe [2003-12-16 122880]
S2 S24EventMonitor;Spectrum24 Event Monitor; C:\WINDOWS\System32\S24EvMon.exe [2003-12-16 311363]
S2 Swupdtmr;Swupdtmr; c:\Toshiba\Ivp\Swupdate\swupdtmr.exe [2004-05-13 53248]
S2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-20 135664]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup; C:\Program Files\TP-LINK\QSS\jswpsapi.exe [2009-09-21 360529]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#3 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:12:17 AM

Posted 20 July 2011 - 08:01 AM

Hi,

Welcome to Bleeping Computer.

My name is Shannon and I will be working with you to remove the malware that is on your machine.

I apologize for the delay in replying to your post, but this forum is extremely busy.

Please Track this topic - On the top right on this tread, click on the Watch Topic button, click on 'Immediate Email Notification', and then click on the Proceed button at the bottom.

Do Not make any changes on your own to the infected computer.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now, let's look more thoroughly at the infected computer -

We need to see some information about what is happening in your machine. Please perform the following scan:
  • We need to create an OTL Report
  • Please download OTL from here:
  • Main Mirror
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "Use SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them into your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Next, please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

Once you have the above logs, click on the Add Reply button below, copy in the contents of the two OTL logs and the RKU log. Also include any comments that you might have concerning the infection(s) and the infected computer.
Shannon

#4 Discombobulated_lol

Discombobulated_lol
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atl GA
  • Local time:12:17 AM

Posted 20 July 2011 - 06:15 PM

OTL logfile created on: 7/20/2011 7:06:12 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

494.80 Mb Total Physical Memory | 267.26 Mb Available Physical Memory | 54.01% Memory free
1.90 Gb Paging File | 1.64 Gb Available in Paging File | 86.11% Paging File free
Paging file location(s): C:\pagefile.sys 1533 1533 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 29.07 Gb Free Space | 52.01% Space Free | Partition Type: NTFS
Drive D: | 7.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: TOSHIBA-USER | User Name: Chris | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/20 18:51:32 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
PRC - [2011/06/30 09:50:31 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/12/16 19:47:42 | 000,376,832 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\ZCfgSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/07/20 18:51:32 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/10/07 04:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/09/21 10:48:12 | 000,360,529 | ---- | M] (wireless) [On_Demand | Stopped] -- C:\Program Files\TP-LINK\QSS\jswpsapi.exe -- (jswpsapi)
SRV - [2009/09/21 10:48:10 | 000,188,416 | ---- | M] (Wireless) [Auto | Stopped] -- C:\Program Files\TP-LINK\QSS\jswpbapi.exe -- (jswpbapi)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2004/05/13 17:46:02 | 000,053,248 | ---- | M] () [Auto | Stopped] -- c:\Toshiba\Ivp\Swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2004/03/04 19:41:08 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003/12/16 19:42:32 | 000,311,363 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2003/12/16 19:41:40 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2003/05/23 16:38:26 | 000,106,496 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/12 17:55:22 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/08/12 00:07:46 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2010/08/12 00:07:46 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2010/06/25 13:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2010/04/12 04:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/02/11 11:03:56 | 000,114,952 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2010/01/04 19:31:32 | 001,714,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)
DRV - [2009/10/07 04:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 04:49:38 | 006,756,632 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 250(UVC)
DRV - [2009/10/07 04:47:55 | 000,266,008 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 04:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/10/07 04:46:12 | 000,114,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/09/21 10:48:10 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2009/07/04 16:42:53 | 000,014,037 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2008/01/14 06:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2004/04/18 19:45:08 | 000,380,160 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/04/07 14:35:56 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/01/26 22:03:20 | 000,033,847 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wA301a.sys -- ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55})
DRV - [2004/01/02 05:52:34 | 001,646,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel®
DRV - [2003/12/10 20:11:26 | 000,100,153 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/10/24 16:53:14 | 000,090,416 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/09/15 13:20:18 | 000,011,258 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2003/08/07 18:52:00 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\TVALZ.SYS -- (TVALZ)
DRV - [2003/07/17 20:19:32 | 000,230,416 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2003/06/11 11:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/12/20 16:07:00 | 001,164,576 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/11/18 20:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2002/10/01 12:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/04/06 22:50:56 | 000,019,607 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys -- (tossmbnt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=B8MC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE8HP&PC=B8MC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-937844147-3795378766-2985934344-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=B8MC
IE - HKU\S-1-5-21-937844147-3795378766-2985934344-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-937844147-3795378766-2985934344-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-937844147-3795378766-2985934344-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE8HP&PC=B8MC
IE - HKU\S-1-5-21-937844147-3795378766-2985934344-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Chris\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Chris\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Chris\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/08 17:17:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/08 17:17:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird


O1 HOSTS File: ([2011/03/28 12:57:57 | 000,431,392 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14851 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - Reg Error: Value error. File not found
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Documents and Settings\Chris\My Documents\Shank1\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files\oovootoolbar\oovootoolbarX.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files\oovootoolbar\oovootoolbarX.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-937844147-3795378766-2985934344-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-937844147-3795378766-2985934344-1006\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-937844147-3795378766-2985934344-1006\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKU\S-1-5-21-937844147-3795378766-2985934344-1006\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-937844147-3795378766-2985934344-1006\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [jswtrayutil] C:\Program Files\TP-LINK\QSS\jswtrayutil.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Documents and Settings\Chris\My Documents\Downloads\Propellerhead Reason 5\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe (SigmaTel Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-937844147-3795378766-2985934344-1006..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3 101\AWC.exe (IObit)
O4 - HKU\S-1-5-21-937844147-3795378766-2985934344-1006..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-937844147-3795378766-2985934344-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-937844147-3795378766-2985934344-1006..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\S-1-5-21-937844147-3795378766-2985934344-1006..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-937844147-3795378766-2985934344-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-937844147-3795378766-2985934344-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-937844147-3795378766-2985934344-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Documents and Settings\Chris\My Documents\Shank1\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\IObit\Advanced SystemCare 3 101\SPICtrl.dll (IObit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\IObit\Advanced SystemCare 3 101\SPICtrl.dll (IObit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\IObit\Advanced SystemCare 3 101\SPICtrl.dll (IObit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\IObit\Advanced SystemCare 3 101\SPICtrl.dll (IObit)
O15 - HKU\S-1-5-21-937844147-3795378766-2985934344-1006\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292358310378 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\Sebring: DllName - c:\WINDOWS\System32\LgNotify.dll - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/07 13:19:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{bc5762c0-8343-11df-866a-000e3536ec63}\Shell - "" = AutoRun
O33 - MountPoints2\{bc5762c0-8343-11df-866a-000e3536ec63}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bc5762c0-8343-11df-866a-000e3536ec63}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL index.htm
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/20 18:51:31 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2011/07/20 12:20:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com
[2011/07/20 12:20:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/20 12:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\SUPERAntiSpyware
[2011/07/20 12:20:11 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/20 12:12:24 | 011,614,480 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Chris\Desktop\SUPERAntiSpyware.exe
[2011/07/19 22:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\Autoruns
[2011/07/19 06:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\T-RackS 3 Mastered 1
[2011/07/18 17:22:17 | 000,889,416 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Chris\Desktop\dotNetFx40_Full_setup.exe
[2011/07/17 18:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/07/17 18:44:08 | 000,000,000 | ---D | C] -- C:\rsit
[2011/07/16 18:40:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Safe mirror
[2011/07/16 18:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cobian Backup 10
[2011/07/16 18:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2011/07/16 11:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cobian Backup 8
[2011/07/16 11:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 8
[2011/07/16 11:24:07 | 008,499,200 | ---- | C] (Luis Cobian) -- C:\Documents and Settings\Chris\Desktop\cbSetup8.exe
[2011/07/16 05:15:46 | 015,492,608 | ---- | C] (Luis Cobian, CobianSoft) -- C:\Documents and Settings\Chris\Desktop\cbSetup.exe
[2011/07/14 13:36:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\bluescreenview
[2011/07/13 08:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\FlBackup
[2011/07/12 14:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Korg_Legacy_Collection
[2011/07/11 03:57:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IK Multimedia
[2011/07/11 03:57:37 | 000,000,000 | ---D | C] -- C:\Program Files\IK Multimedia
[2011/07/11 03:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\InstallShield
[2011/07/11 01:47:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\New Folder (4)
[2011/07/11 01:47:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\words of wizdom
[2011/07/10 13:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\ManyCam
[2011/07/10 13:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\ManyCam
[2011/07/10 13:12:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\AskToolbar
[2011/07/10 13:12:08 | 000,000,000 | ---D | C] -- C:\Firefox
[2011/07/10 13:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/07/10 13:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\ManyCam
[2011/07/08 07:32:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\virtual piano
[2011/07/08 05:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Blue
[2011/07/08 05:51:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\poizone_install
[2011/07/08 03:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\GetRight
[2011/07/08 03:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GetRight
[2011/07/08 03:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\GetRight
[2011/07/06 07:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\New Folder (2)
[2011/07/01 15:53:58 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/01 15:53:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/01 15:53:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/30 08:49:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\pling
[2011/06/28 05:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\acrobatics_alieno_109
[2011/06/28 03:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Synth1V108a
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/20 19:04:03 | 000,130,604 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\RKUnhookerLE.zip
[2011/07/20 18:51:32 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2011/07/20 12:20:41 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/20 12:12:24 | 011,614,480 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Chris\Desktop\SUPERAntiSpyware.exe
[2011/07/20 09:37:39 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\unhide.exe
[2011/07/20 06:32:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/20 06:29:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-937844147-3795378766-2985934344-1006UA.job
[2011/07/20 06:27:00 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{78833E0A-558B-4F0E-B7F6-83CB7FA6DFAF}.job
[2011/07/20 06:26:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{679BD00C-1B74-477D-B31A-CF1E7C5A091D}.job
[2011/07/20 05:34:43 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/20 05:01:05 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/07/20 04:43:49 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/19 22:40:06 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/19 21:50:30 | 000,620,972 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Autoruns.zip
[2011/07/19 15:28:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Chris\defogger_reenable
[2011/07/19 06:02:06 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss
[2011/07/19 06:02:06 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\msvcsv60.dll
[2011/07/19 06:02:06 | 000,000,016 | ---- | M] () -- C:\WINDOWS\msocreg32.dat
[2011/07/19 05:30:01 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/19 02:29:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-937844147-3795378766-2985934344-1006Core.job
[2011/07/18 17:37:06 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Microsoft Fix it.url
[2011/07/18 17:22:26 | 000,889,416 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Chris\Desktop\dotNetFx40_Full_setup.exe
[2011/07/18 06:50:39 | 000,294,195 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\gmer.zip
[2011/07/18 00:28:54 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Defogger.exe
[2011/07/17 16:48:15 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\RSIT.exe
[2011/07/16 11:24:08 | 008,499,200 | ---- | M] (Luis Cobian) -- C:\Documents and Settings\Chris\Desktop\cbSetup8.exe
[2011/07/16 05:15:46 | 015,492,608 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Documents and Settings\Chris\Desktop\cbSetup.exe
[2011/07/15 19:03:43 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/14 13:36:00 | 000,060,184 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\bluescreenview.zip
[2011/07/14 00:29:34 | 000,375,987 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\MiniToolBox.exe
[2011/07/13 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/07/13 13:35:44 | 000,000,361 | RHS- | M] () -- C:\boot.ini
[2011/07/13 12:06:27 | 000,149,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 12:00:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/13 08:48:33 | 549,224,650 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\FlBackup.zip
[2011/07/11 03:59:48 | 000,002,353 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/07/11 03:59:48 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/07/11 03:55:47 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/11 01:56:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2011/07/10 13:16:33 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\ManyCam.lnk
[2011/07/08 05:03:57 | 003,088,207 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\virtual piano.rar
[2011/07/08 04:20:20 | 003,301,581 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\poizone_install.rar
[2011/07/08 03:49:52 | 004,008,839 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Blue.rar
[2011/07/07 13:54:50 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/07 06:28:59 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/04 07:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 07:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 07:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/06/28 05:14:34 | 009,138,397 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\acrobatics_alieno_109.zip
[2011/06/28 03:42:49 | 000,397,699 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Synth1V108a.zip
[2011/06/25 12:40:59 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/20 19:03:59 | 000,130,604 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\RKUnhookerLE.zip
[2011/07/20 12:20:41 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/20 09:37:34 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\unhide.exe
[2011/07/19 21:50:30 | 000,620,972 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Autoruns.zip
[2011/07/19 15:28:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Chris\defogger_reenable
[2011/07/18 17:22:39 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Microsoft Fix it.url
[2011/07/18 06:50:39 | 000,294,195 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\gmer.zip
[2011/07/18 00:28:54 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Defogger.exe
[2011/07/17 16:48:09 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\RSIT.exe
[2011/07/14 13:35:59 | 000,060,184 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\bluescreenview.zip
[2011/07/14 00:29:31 | 000,375,987 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\MiniToolBox.exe
[2011/07/13 18:33:15 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{679BD00C-1B74-477D-B31A-CF1E7C5A091D}.job
[2011/07/13 08:44:46 | 549,224,650 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\FlBackup.zip
[2011/07/11 03:59:48 | 000,002,353 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/07/11 03:59:48 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/07/11 03:57:58 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\T-RackS 3.lnk
[2011/07/10 13:16:33 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\ManyCam.lnk
[2011/07/10 13:13:12 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/07/08 07:31:49 | 003,088,207 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\virtual piano.rar
[2011/07/08 05:58:52 | 004,008,839 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Blue.rar
[2011/07/08 05:50:56 | 003,301,581 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\poizone_install.rar
[2011/07/07 06:28:58 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2011/06/28 05:23:14 | 009,138,397 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\acrobatics_alieno_109.zip
[2011/06/28 03:44:54 | 000,397,699 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Synth1V108a.zip
[2011/06/12 16:39:37 | 000,016,384 | ---- | C] () -- C:\WINDOWS\DelDir.EXE
[2011/05/04 06:02:40 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/04 06:02:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/04 06:02:40 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/04 06:02:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/04 06:02:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/30 15:27:10 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2011/03/30 15:27:10 | 000,000,016 | ---- | C] () -- C:\WINDOWS\msocreg32.dat
[2011/02/01 15:52:12 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/27 08:21:22 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/06 07:27:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/04/26 01:06:08 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/03/30 05:21:32 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/02/22 20:53:39 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/10/07 04:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 04:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/07/12 06:05:26 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2009/07/08 15:54:02 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/04/27 16:30:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/04/27 15:51:47 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe
[2004/04/27 15:51:47 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\MFCFirstRemove.exe
[2004/04/27 15:51:47 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\RefreshDevice.exe
[2004/04/07 18:40:18 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2004/04/07 17:54:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/04/07 17:54:32 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/04/07 17:54:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/04/07 17:54:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/04/07 17:54:32 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/04/07 17:54:32 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/04/07 17:37:05 | 000,000,894 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/04/07 17:23:27 | 000,000,475 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/04/07 17:19:11 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/07 17:11:21 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\tcleanup.exe
[2004/04/07 16:55:31 | 000,019,607 | ---- | C] () -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys
[2004/04/07 15:21:09 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2004/04/07 15:13:32 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2004/04/07 15:13:32 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2004/04/07 15:09:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2004/04/07 15:04:44 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2004/04/07 15:04:44 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2004/04/07 15:04:44 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2004/04/07 15:04:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2004/04/07 14:49:20 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/04/07 14:34:21 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/04/07 13:27:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/07 13:23:40 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/04/07 13:22:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/04/07 13:17:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/04/07 12:52:40 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/04/07 12:47:09 | 000,382,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/04/07 12:47:09 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/04/07 12:47:09 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/04/07 12:47:08 | 000,053,838 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/04/07 12:47:04 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/04/07 12:47:02 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/04/07 12:46:58 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/04/07 12:46:42 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/04/07 12:46:42 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/04/07 12:46:11 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/04/07 12:45:51 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/04/07 06:11:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/04/07 06:10:24 | 000,149,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/04/17 15:35:00 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/04/17 15:35:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2002/06/06 05:01:58 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll

< End of report >




#5 Discombobulated_lol

Discombobulated_lol
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atl GA
  • Local time:12:17 AM

Posted 20 July 2011 - 08:06 PM

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF5F80000 C:\WINDOWS\System32\DRIVERS\w22n51.sys 1650688 bytes (Intel® Corporation, Intel® Wireless LAN Driver)
0xF5D8A000 C:\WINDOWS\System32\DRIVERS\AGRSM.sys 1167360 bytes (Agere Systems, SoftModem Device Driver)
0xF75C5000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF073000 C:\WINDOWS\System32\ialmdd5.DLL 507904 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xECE99000 C:\WINDOWS\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0xECF95000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF5D04000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xED554000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB575E000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xECF09000 C:\WINDOWS\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)
0xB5475000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF5ECB000 C:\WINDOWS\system32\drivers\stac97.sys 233472 bytes (SigmaTel, Inc., SigmaTel Audio Driver (WDM))
0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 200704 bytes (Intel Corporation, Component GHAL Driver)
0xF76EF000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB5BBD000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7598000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xED005000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xED52C000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF5F5A000 C:\WINDOWS\System32\DRIVERS\e100b325.sys 155648 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xED084000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF5EA7000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6113000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF5F04000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xED4E2000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xED0AA000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xF7669000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF76A1000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xEDC4D000 C:\WINDOWS\system32\drivers\ialmsbw.sys 122880 bytes (Intel Corporation, Intel Graphics Platform (SoftBIOS) Driver for Windows 2000® & Windows XP™)
0xF76C0000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF5F3F000 C:\WINDOWS\System32\drivers\keyscrambler.sys 110592 bytes (QFX Software Corporation, KeyScrambler Keyboard Encryption Driver)
0xF757E000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xEDC6B000 C:\WINDOWS\system32\drivers\ialmkchw.sys 102400 bytes (Intel Corporation, Intel Graphics Chipset (KCH) Driver for Windows 2000® & Windows XP™)
0xF5F27000 C:\WINDOWS\System32\DRIVERS\Apfiltr.sys 98304 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0xF7689000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF614B000 C:\WINDOWS\System32\DRIVERS\ialmnt5.sys 98304 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xB5EE2000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xF7652000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xED5EB000 C:\WINDOWS\System32\Drivers\meiudf.sys 94208 bytes (Matsubleepa Electric Industrial Co.,Ltd., DVD-RAM UDF File System Driver)
0xF5D73000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB5B80000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6137000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x806EF000 ACPI_HAL 81152 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 81152 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xED5C7000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF76DE000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF5D62000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xED5DA000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xF786E000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF774E000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF788E000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF78AE000 C:\WINDOWS\system32\DRIVERS\jswscimd.sys 61440 bytes (Atheros Communications, Inc., Wireless Intermediate Miniport Driver)
0xF787E000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xBA44C000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF795E000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF775E000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF61C3000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0xF779E000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF784E000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF78CE000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF78BE000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xF777E000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF78EE000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF6173000 C:\WINDOWS\system32\drivers\wA301a.sys 49152 bytes (Intel Corporation, Ch7009 Minidriver)
0xF782E000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF785E000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF776E000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF78DE000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF773E000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF793E000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF77AE000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF790E000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF797E000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 36864 bytes (AVAST Software, avast! TDI Filter Driver)
0xB5636000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF778E000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF789E000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF78FE000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF61E3000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF783E000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7AAE000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7B2E000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7A96000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB9DF8000 C:\WINDOWS\system32\drivers\npf.sys 28672 bytes (CACE Technologies, Inc., npf.sys (NT5/6 x86) Kernel Driver)
0xF79BE000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7A36000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF7A9E000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7AB6000 C:\WINDOWS\system32\DRIVERS\ManyCam.sys 24576 bytes (ManyCam LLC., ManyCam Virtual Webcam, WDM Video Capture Driver)
0xF7AA6000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7A56000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF7A8E000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7B1E000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7B36000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xECDAE000 C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0xF7B26000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF79C6000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7AC6000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7ACE000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7ABE000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB69DC000 C:\WINDOWS\System32\Drivers\tossmbnt.SYS 20480 bytes
0xB634A000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7B56000 C:\WINDOWS\System32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF6B76000 C:\WINDOWS\System32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB7DDB000 C:\WINDOWS\System32\DRIVERS\mdc8021x.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF7BEE000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB7DD3000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xED12F000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF7B4E000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7B52000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xECBC5000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF6B72000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB7DCF000 C:\WINDOWS\System32\DRIVERS\netdevio.sys 12288 bytes (TOSHIBA Corporation., Network Device Usermode I/O protocol)
0xF6B86000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus® ASPI Shell)
0xF7C2A000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB8103000 C:\WINDOWS\System32\DRIVERS\s24trans.sys 12288 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xF7B5A000 TVALZ.SYS 12288 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
0xF7C2E000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF7C96000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows ® 2000 DDK provider, TR Manager)
0xF7C9C000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7C9A000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7C42000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7C3E000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7C9E000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7CA0000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7C8A000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA60B000 C:\WINDOWS\System32\drivers\TBiosDrv.sys 8192 bytes
0xF7C8E000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7C40000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7D7F000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7DF3000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))
0xF7DF4000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp))
0xF7D51000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7DF5000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7D06000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

#6 Discombobulated_lol

Discombobulated_lol
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atl GA
  • Local time:12:17 AM

Posted 20 July 2011 - 08:27 PM

Ok , that should be what you need

Also just so you know , i did delete the Viruses with Avast befor i knew what to do

and i did run SUPERAntiSpyware today , and it detected 56 tracking cookies but i did know what to do with em so i left it alone and closed it out

MalwareByet's didn't fined a thing

Note: I still can't go online in user mode ,Only in safe mode with Networking

Reason why is once i realized the software i downloaded Called "Fullspeed internet booster" was Malware

(Befor i had no Anti-VirusSoftware)

once i down loaded Avast , i tried to use the internet Booster (Full speed)

Avast said it was Malware and stopped it from running

So i decided to uninstall it and it said it was going to change all my internet settings and after that i couldn't go online in user mode :( Onlu Safe Mode with Networking

And thats where it all started :(


PS was i suppose to run OTL.exe in user mode or safe mode?

I ran it in safe mode , and RKunhooker in user mode

Just so u know , if i need to run OTL in user mode again let me know and i will ok!

#7 Discombobulated_lol

Discombobulated_lol
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atl GA
  • Local time:12:17 AM

Posted 20 July 2011 - 08:38 PM

Oh yeah , i just remembered something i did

I ran sfc\scannow in "Run" a few days ago to see if that would get me back online ..

Didn't work though , but i think it did fix some things

#8 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:12:17 AM

Posted 20 July 2011 - 08:57 PM

Hi-

You forgot to copy in the contents of the OTL Extra.txt files. Please do so. Do not attempt to fix any of the problems on this computer unless I tell you to. Do you have the XP system CD for this PC?
Shannon

#9 Discombobulated_lol

Discombobulated_lol
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atl GA
  • Local time:12:17 AM

Posted 20 July 2011 - 09:15 PM

i did actually , after running OTL.exe i went to my desk top and found the Extras.txt and copy & Pasted it in befor the RKUnhooker txt , you don't see it? or did i do it wrong? i'll do it again but does it need to be done in user or safe mode cause i did it in Safe made (with networking)

I do not have the CD cause im not the Original owner , i bought it from a friend here at work who found it on ebay

But i do thing he had a XP CD though



#10 Discombobulated_lol

Discombobulated_lol
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atl GA
  • Local time:12:17 AM

Posted 20 July 2011 - 09:26 PM

OTL Extras logfile created on: 7/20/2011 7:06:12 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

494.80 Mb Total Physical Memory | 267.26 Mb Available Physical Memory | 54.01% Memory free
1.90 Gb Paging File | 1.64 Gb Available in Paging File | 86.11% Paging File free
Paging file location(s): C:\pagefile.sys 1533 1533 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 29.07 Gb Free Space | 52.01% Space Free | Partition Type: NTFS
Drive D: | 7.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: TOSHIBA-USER | User Name: Chris | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-937844147-3795378766-2985934344-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Disabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\TOSHIBA\ConfigFree\CFSServW.exe" = C:\Program Files\TOSHIBA\ConfigFree\CFSServW.exe:*:Disabled:ConfigFree™ Search for Wireless Devices Version 4.50 -- (TOSHIBA)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{153898EE-EECA-471E-8E33-C8485EA84C07}" = QSS Installation Program
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3354B408-2D6B-4F8A-9BB3-A9E0C567F891}" = QSS Installation Program
"{423C4130-EBC3-410A-B3A0-37BBF9D607D5}" = T-RackS 3 Deluxe
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A2A107B-9695-423F-9462-8F17C178BD35}" = TP-LINK Wireless Client Utility
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF0EDB56-BBF6-3C9F-9C50-2E3B3D444641}" = Google Talk Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"avast" = avast! Free Antivirus
"CobBackup10" = Cobian Backup 10
"CobBackup8" = Cobian Backup 8
"GetRight_is1" = GetRight
"Google Chrome" = Google Chrome
"HyperCam 2" = HyperCam 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"ManyCam" = ManyCam 2.6.55 (remove only)
"PowerISO" = PowerISO
"Predator_is1" = Rob Papen Predator V1.1.1
"Proteus VX" = Proteus VX
"Reason5_is1" = Reason 5.0
"Rob Papen BLUE Version 1.6.1_is1" = Rob Papen BLUE Version 1.6.1
"Tone2 Gladiator Retail_is1" = Gladiator v1.2.2.0
"uTorrent" = µTorrent
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.4.6

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-937844147-3795378766-2985934344-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/11/2011 12:11:12 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
chrome.dll, version 11.0.696.65, fault address 0x005256eb.

Error - 6/2/2011 4:21:12 AM | Computer Name = TOSHIBA-USER | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 -- Error 25015.Failed to install
assembly 'C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll' because
of system error: The process cannot access the file because it is being used by
another process.

Error - 6/13/2011 10:08:35 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application fl.exe, version 0.0.0.0, faulting module flengine.dll,
version 7.0.0.0, fault address 0x002192a0.

Error - 6/17/2011 2:46:05 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application fl.exe, version 0.0.0.0, faulting module gladiator.dll,
version 1.2.2.0, fault address 0x00052990.

Error - 7/15/2011 6:31:23 AM | Computer Name = TOSHIBA-USER | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Documents and Settings\Administrator\Local
Settings\Temporary Internet Files\Content.IE5\EAPNJ07N\MicrosoftFixit50195[1].msi
is not permitted due to an error in software restriction policy processing. The
object cannot be trusted.

Error - 7/16/2011 1:27:34 AM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 7/16/2011 1:29:56 AM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ Application Events ]
Error - 5/11/2011 12:11:12 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
chrome.dll, version 11.0.696.65, fault address 0x005256eb.

Error - 6/2/2011 4:21:12 AM | Computer Name = TOSHIBA-USER | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 -- Error 25015.Failed to install
assembly 'C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll' because
of system error: The process cannot access the file because it is being used by
another process.

Error - 6/13/2011 10:08:35 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application fl.exe, version 0.0.0.0, faulting module flengine.dll,
version 7.0.0.0, fault address 0x002192a0.

Error - 6/17/2011 2:46:05 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application fl.exe, version 0.0.0.0, faulting module gladiator.dll,
version 1.2.2.0, fault address 0x00052990.

Error - 7/15/2011 6:31:23 AM | Computer Name = TOSHIBA-USER | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Documents and Settings\Administrator\Local
Settings\Temporary Internet Files\Content.IE5\EAPNJ07N\MicrosoftFixit50195[1].msi
is not permitted due to an error in software restriction policy processing. The
object cannot be trusted.

Error - 7/16/2011 1:27:34 AM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 7/16/2011 1:29:56 AM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 7/20/2011 1:14:17 AM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/20/2011 1:17:41 AM | Computer Name = TOSHIBA-USER | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 7/20/2011 1:18:09 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 7/20/2011 4:44:15 AM | Computer Name = TOSHIBA-USER | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 7/20/2011 4:44:51 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 7/20/2011 6:32:44 AM | Computer Name = TOSHIBA-USER | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 7/20/2011 6:33:13 AM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/20/2011 6:33:46 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 7/20/2011 6:33:46 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSnx aswSP aswTdi Fips intelppm SCDEmu

Error - 7/20/2011 6:53:54 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

#11 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:12:17 AM

Posted 21 July 2011 - 10:34 AM

Hi-

Thanks for all the logs. So far I have not seen any infections. As I understand it, the only current problem is that you can not get onto the internet using Internet Explorer in normal mode. Are there any other problems?

For IE, try this - Go to the Control Panel->Internet options and click on the Advanced tab. Click on the Reset button to reset IE's settings. Back out and start IE. Did that fix the problem?

Time for looking -

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post its contents in your next reply.
In your reply, please copy in the contents of the Security Check report and the aswMBR report. Also, let me know what the computer's current problems are.
Shannon

#12 Discombobulated_lol

Discombobulated_lol
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atl GA
  • Local time:12:17 AM

Posted 21 July 2011 - 02:08 PM

Sup


Ok , im going to restert and see if the reset worked and run both security check and aswMBR and post them in my next reply

brb

#13 Discombobulated_lol

Discombobulated_lol
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atl GA
  • Local time:12:17 AM

Posted 21 July 2011 - 02:55 PM

No it didn't work , i still have to be in safe mode networking ... but here are my Logs

Results of screen317's Security Check version 0.99.17
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Malwarebytes' Anti-Malware
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````

#14 Discombobulated_lol

Discombobulated_lol
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atl GA
  • Local time:12:17 AM

Posted 21 July 2011 - 02:57 PM

aswMBR version 0.9.8.942 Copyright© 2011 AVAST Software
Run date: 2011-07-21 15:28:33
-----------------------------
15:28:33.319 OS Version: Windows 5.1.2600 Service Pack 3
15:28:33.319 Number of processors: 1 586 0xD06
15:28:33.319 ComputerName: TOSHIBA-USER UserName: Chris
15:28:36.533 Initialize success
15:28:39.708 AVAST engine defs: 11072100
15:28:57.664 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:28:57.664 Disk 0 Vendor: TOSHIBA_MK6025GAS KA200K Size: 57231MB BusType: 3
15:28:57.694 Disk 0 MBR read successfully
15:28:57.704 Disk 0 MBR scan
15:28:57.814 Disk 0 Windows XP default MBR code
15:28:57.834 Disk 0 scanning sectors +117210240
15:28:57.974 Disk 0 scanning C:\WINDOWS\system32\drivers
15:29:37.992 Service scanning
15:29:41.837 Modules scanning
15:29:54.676 Disk 0 trace - called modules:
15:29:54.726 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
15:29:54.736 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863ce030]
15:29:54.746 3 CLASSPNP.SYS[f779efd7] -> nt!IofCallDriver -> \Device\00000081[0x86307f18]
15:29:54.766 5 ACPI.sys[f76f5620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8638d7f8]
15:29:55.637 AVAST engine scan C:\WINDOWS
15:30:09.637 AVAST engine scan C:\WINDOWS\system32
15:34:57.581 AVAST engine scan C:\WINDOWS\system32\drivers
15:35:31.961 AVAST engine scan C:\Documents and Settings\Chris
15:38:58.958 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Chris\Desktop\MBR.dat"
15:38:58.978 The log file has been saved successfully to "C:\Documents and Settings\Chris\Desktop\aswMBR.txt"






#15 Discombobulated_lol

Discombobulated_lol
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atl GA
  • Local time:12:17 AM

Posted 21 July 2011 - 03:25 PM

Also , just so you know ..it takes way to long for my computer to load in user mode

Hard drive just keeps going n going n going as if its loading to much

What ever that damn full speed internet booster did , it really did a number to my computer :(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users