Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cleared personal shield now have exe issues


  • This topic is locked This topic is locked
58 replies to this topic

#1 malln2

malln2

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 07 August 2011 - 05:55 AM

Hi Thank you in advance for any help.
I started with Personal shield pro 2.2 keep popping up on my system this was once a week and seemed to go away then it came back a couple of times a minute.
I lost access to all exe programs but have used exefix.reg
I have run Malware bites which find nothing but now I have trouble using it.
I have run superanti spyware with some issues found but now I cannot find the log might be me or another symptom.
Stupidly and having had spyware doctor before I put it on the system and followed the remove avast instruction now I cannot load avastback on.
I tried trend housecall nothing found.
To get to the registry I had to put a file on my desktop regedit.com
I also had to use a tweak from Kelly's Korner get the exe files to open.
Logs are below.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Malcolm2 at 9:31:23 on 2011-08-07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1982.1379 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\WTClient.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.virginmedia.com/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: PhotoPos Pro Toolbar: {a057a204-bacc-4d26-9f9d-3befcfbe6e86} - c:\progra~1\photop~1\PHOTOP~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PhotoPos Pro Toolbar: {a057a204-bacc-4d26-9f9d-3befcfbe6e86} - c:\progra~1\photop~1\PHOTOP~1.DLL
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [331BigDog] c:\windows\VM331_STI.EXE
mRun: [VMonitorVMUVC] "c:\program files\vimicro corporation\vmuvc\VMonitor.exe" VMUVC
mRun: [WTClient] WTClient.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\realte~1.lnk - c:\program files\realtek\11n usb wireless lan utility\RtWLan.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258576919625
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://upload.theadulthub.com/uploader/ImageUploader6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{8847C759-8121-4FD5-82BF-7CBBD0181D9C} : DhcpNameServer = 194.168.4.100 194.168.8.100
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-8-5 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-8-5 338880]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-8-6 51984]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-8-6 69392]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-6 441176]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-8-5 251560]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-7-19 123264]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-8-5 247760]
R2 ServicepointService;ServicepointService;c:\program files\virgin media\service manager\ServicepointService.exe [2011-5-3 689464]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-8-24 606056]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-8-6 33552]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-4-26 133104]
S3 CPWGU(Philips);Philips SNU5600 Wireless USB Adapter 11b/g(Philips);c:\windows\system32\drivers\CPWGU.sys [2009-11-18 408064]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-26 133104]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-8-5 70536]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-8-5 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-8-5 1150936]
S3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?]
S3 vm331avs;VC0331 USB2.0 Digital Camera;c:\windows\system32\drivers\vm331avs.sys [2008-5-28 972544]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2009-11-20 250240]
S3 vvftav323;vvftav323;c:\windows\system32\drivers\vvftav323.sys [2007-3-19 475136]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2009-11-20 476160]
.
=============== Created Last 30 ================
.
2011-08-06 18:23:36 -------- d-----w- C:\ComboFix
2011-08-06 12:09:34 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-06 12:08:28 40112 ----a-w- c:\windows\avastSS.scr
2011-08-06 12:08:02 -------- d-----w- c:\program files\AVAST Software
2011-08-06 12:08:02 -------- d-----w- c:\documents and settings\all users.windows\application data\AVAST Software
2011-08-06 08:47:57 -------- d-----w- c:\documents and settings\malcolm2\application data\SUPERAntiSpyware.com
2011-08-06 08:47:16 -------- d-----w- c:\documents and settings\all users.windows\application data\!SASCORE
2011-08-06 08:47:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-06 08:47:10 -------- d-----w- c:\documents and settings\all users.windows\application data\SUPERAntiSpyware.com
2011-08-06 07:08:45 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-08-06 07:08:45 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-08-06 07:08:44 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-08-05 16:52:42 -------- d-----w- c:\documents and settings\malcolm2\local settings\application data\Threat Expert
2011-08-05 15:16:34 767952 ----a-w- c:\windows\BDTSupport.dll
2011-08-05 15:16:32 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-08-05 15:16:31 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-08-05 15:16:31 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-08-05 15:00:43 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-08-05 15:00:43 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-08-05 15:00:42 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-08-05 15:00:37 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-08-05 15:00:37 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-08-05 15:00:31 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-08-05 15:00:24 -------- d-----w- c:\program files\PC Tools Security
2011-08-05 15:00:24 -------- d-----w- c:\program files\common files\PC Tools
2011-08-05 14:55:37 -------- d-----w- c:\documents and settings\all users.windows\application data\PC Tools
2011-07-31 17:02:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-12 10:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 10:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 10:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 10:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-09 11:32:33 -------- d-----w- c:\documents and settings\all users.windows\application data\ErrorEND
2011-07-09 11:10:55 -------- d-----w- c:\documents and settings\all users.windows\application data\RegSERVO
.
==================== Find3M ====================
.
2011-07-06 23:09:18 0 ----a-w- c:\documents and settings\all users.windows\application data\wqi.exe
2011-07-06 23:09:18 0 ----a-w- c:\documents and settings\all users.windows\application data\qex.exe
2011-07-06 23:09:18 0 ----a-w- c:\documents and settings\all users.windows\application data\oac.exe
2011-07-06 23:09:18 0 ----a-w- c:\documents and settings\all users.windows\application data\hsc.exe
2011-07-06 23:09:18 0 ----a-w- c:\documents and settings\all users.windows\application data\doo.exe
2011-07-06 22:59:33 0 ----a-w- c:\documents and settings\all users.windows\application data\wcx.exe
2011-07-06 22:59:33 0 ----a-w- c:\documents and settings\all users.windows\application data\uus.exe
2011-07-06 22:59:33 0 ----a-w- c:\documents and settings\all users.windows\application data\lev.exe
2011-07-06 22:59:33 0 ----a-w- c:\documents and settings\all users.windows\application data\jyl.exe
2011-07-06 22:59:33 0 ----a-w- c:\documents and settings\all users.windows\application data\anf.exe
2011-07-06 22:59:24 0 ----a-w- c:\documents and settings\all users.windows\application data\vwd.exe
2011-07-06 22:59:24 0 ----a-w- c:\documents and settings\all users.windows\application data\rsi.exe
2011-07-06 22:59:24 0 ----a-w- c:\documents and settings\all users.windows\application data\meu.exe
2011-07-06 22:59:24 0 ----a-w- c:\documents and settings\all users.windows\application data\jqo.exe
2011-07-06 22:59:24 0 ----a-w- c:\documents and settings\all users.windows\application data\hmj.exe
2011-07-06 22:57:14 0 ----a-w- c:\documents and settings\all users.windows\application data\wdt.exe
2011-07-06 22:57:14 0 ----a-w- c:\documents and settings\all users.windows\application data\vua.exe
2011-07-06 22:57:14 0 ----a-w- c:\documents and settings\all users.windows\application data\qep.exe
2011-07-06 22:57:14 0 ----a-w- c:\documents and settings\all users.windows\application data\lot.exe
2011-07-06 22:53:56 0 ----a-w- c:\documents and settings\all users.windows\application data\uqe.exe
2011-07-06 22:53:56 0 ----a-w- c:\documents and settings\all users.windows\application data\oyx.exe
2011-07-06 22:53:56 0 ----a-w- c:\documents and settings\all users.windows\application data\lnv.exe
2011-07-06 22:53:56 0 ----a-w- c:\documents and settings\all users.windows\application data\jxf.exe
2011-07-06 22:53:56 0 ----a-w- c:\documents and settings\all users.windows\application data\cxn.exe
2011-07-06 22:50:14 0 ----a-w- c:\documents and settings\all users.windows\application data\twg.exe
2011-07-06 22:50:14 0 ----a-w- c:\documents and settings\all users.windows\application data\tny.exe
2011-07-06 22:50:14 0 ----a-w- c:\documents and settings\all users.windows\application data\tlh.exe
2011-07-06 22:50:14 0 ----a-w- c:\documents and settings\all users.windows\application data\pwb.exe
2011-07-06 22:50:14 0 ----a-w- c:\documents and settings\all users.windows\application data\fyi.exe
2011-07-06 22:43:52 0 ----a-w- c:\documents and settings\all users.windows\application data\uqo.exe
2011-07-06 22:43:52 0 ----a-w- c:\documents and settings\all users.windows\application data\ubu.exe
2011-07-06 22:43:52 0 ----a-w- c:\documents and settings\all users.windows\application data\stb.exe
2011-07-06 22:43:52 0 ----a-w- c:\documents and settings\all users.windows\application data\pvr.exe
2011-07-06 22:43:52 0 ----a-w- c:\documents and settings\all users.windows\application data\eso.exe
2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe
2011-06-02 12:44:13 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-06-02 12:44:13 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-10 07:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 07:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
============= FINISH: 9:32:49.89 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 17/11/2009 10:05:12
System Uptime: 07/08/2011 09:16:40 (0 hours ago)
.
Motherboard: MSI | | AMETHYST-M
Processor: AMD Sempron™ Processor 3000+ | Socket 939 | 1790/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 34.148 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 12.495 GiB free.
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6303 classic
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6303 classic
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
RP338: 11/06/2011 21:11:50 - System Checkpoint
RP339: 13/06/2011 16:50:01 - System Checkpoint
RP340: 14/06/2011 17:41:57 - System Checkpoint
RP341: 16/06/2011 15:57:16 - System Checkpoint
RP342: 17/06/2011 16:35:14 - System Checkpoint
RP343: 18/06/2011 18:50:27 - System Checkpoint
RP344: 19/06/2011 20:34:41 - System Checkpoint
RP345: 21/06/2011 19:23:41 - System Checkpoint
RP346: 23/06/2011 17:41:19 - System Checkpoint
RP347: 24/06/2011 20:51:29 - System Checkpoint
RP348: 26/06/2011 10:30:18 - System Checkpoint
RP349: 27/06/2011 18:40:28 - System Checkpoint
RP350: 28/06/2011 21:15:52 - System Checkpoint
RP351: 29/06/2011 22:16:14 - System Checkpoint
RP352: 01/07/2011 17:50:40 - System Checkpoint
RP353: 02/07/2011 15:34:27 - Installed Next Generation Visualisations
RP354: 03/07/2011 15:37:10 - System Checkpoint
RP355: 04/07/2011 17:52:49 - Installed Compatibility Pack for the 2007 Office system
RP356: 05/07/2011 20:23:13 - System Checkpoint
RP357: 07/07/2011 02:41:53 - System Checkpoint
RP358: 08/07/2011 02:56:12 - System Checkpoint
RP359: 09/07/2011 15:02:02 - System Checkpoint
RP360: 10/07/2011 16:34:01 - System Checkpoint
RP361: 11/07/2011 18:32:41 - System Checkpoint
RP362: 12/07/2011 20:47:15 - System Checkpoint
RP363: 14/07/2011 20:54:41 - System Checkpoint
RP364: 15/07/2011 22:51:55 - System Checkpoint
RP365: 16/07/2011 22:54:06 - System Checkpoint
RP366: 18/07/2011 17:11:57 - System Checkpoint
RP367: 19/07/2011 17:34:48 - System Checkpoint
RP368: 20/07/2011 20:33:50 - System Checkpoint
RP369: 21/07/2011 20:34:50 - System Checkpoint
RP370: 22/07/2011 21:20:23 - System Checkpoint
RP371: 23/07/2011 21:50:37 - System Checkpoint
RP372: 24/07/2011 22:04:49 - System Checkpoint
RP373: 26/07/2011 17:40:45 - System Checkpoint
RP374: 27/07/2011 18:13:00 - System Checkpoint
RP375: 28/07/2011 18:52:02 - System Checkpoint
RP376: 29/07/2011 19:48:39 - System Checkpoint
RP377: 30/07/2011 20:12:28 - System Checkpoint
RP378: 31/07/2011 20:40:40 - System Checkpoint
RP379: 01/08/2011 21:17:04 - System Checkpoint
RP380: 02/08/2011 21:46:51 - System Checkpoint
RP381: 04/08/2011 08:13:53 - System Checkpoint
RP382: 05/08/2011 11:32:38 - System Checkpoint
RP383: 06/08/2011 13:08:02 - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
ACDSee for PENTAX 3.0
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI Display Driver
Bonjour
BroadJump Client Foundation
Browser Defender 3.0
Compatibility Pack for the 2007 Office system
Corel Uninstaller
DivX Codec
Easy DVD Player 2.0
Facebook Plug-In
FrostWire 4.21.8
Glary Utilities 2.35.0.1216
Google Earth
Google SketchUp 8
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iTunes
Java Auto Updater
Java™ 6 Update 21
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Next Generation Visualisations
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Ovi Desktop Sync Engine
OviMPlatform
PC Connectivity Solution
PhotoPos Pro Toolbar
QuickTime
RAR File Open Knife - Free Opener
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek AC'97 Audio
REALTEK Wireless LAN Driver and Utility
RealUpgrade 1.1
Safari
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Spyware Doctor 8.0
Stylin' Studio v1.0
SUPERAntiSpyware
Sweex Nightvision Hi-Res Chatcam
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB2.0 Digital Camera
V Stuff Backup v1.6.2.16478
Virgin Media Service Manager 3.7.47
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
What's Running 2.2
Windows Backup Utility
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
.
==== Event Viewer Messages From Past Week ========
.
06/08/2011 19:00:11, error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
06/08/2011 13:18:28, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
06/08/2011 13:18:28, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
06/08/2011 08:26:18, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdPPM Fips IPSec MRxSmb NetBIOS NetBT pctgntdi RasAcd Rdbss StarOpen Tcpip WS2IFSL
06/08/2011 08:09:08, error: Service Control Manager [7034] - The ThreatFire service terminated unexpectedly. It has done this 1 time(s).
06/08/2011 08:08:58, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ThreatFire service to connect.
06/08/2011 08:08:58, error: Service Control Manager [7000] - The ThreatFire service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05/08/2011 17:52:50, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
05/08/2011 17:52:50, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05/08/2011 17:52:49, error: Service Control Manager [7034] - The PC Tools Auxiliary Service service terminated unexpectedly. It has done this 1 time(s).
05/08/2011 17:52:49, error: Service Control Manager [7034] - The Browser Defender Update Service service terminated unexpectedly. It has done this 1 time(s).
05/08/2011 17:52:49, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: Access is denied.
05/08/2011 17:52:49, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
05/08/2011 17:52:42, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PC Tools Security Service service to connect.
05/08/2011 17:52:42, error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05/08/2011 16:17:43, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
05/08/2011 15:57:16, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
05/08/2011 15:27:01, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
05/08/2011 15:23:45, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
05/08/2011 15:23:45, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
05/08/2011 14:49:30, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdPPM aswSnx aswSP aswTdi Fips StarOpen
05/08/2011 13:06:03, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
05/08/2011 12:56:13, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
05/08/2011 12:56:03, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
05/08/2011 12:55:51, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdPPM aswFW aswRdr aswSnx aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss StarOpen Tcpip
05/08/2011 12:55:51, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
05/08/2011 12:55:51, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
05/08/2011 12:55:51, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
05/08/2011 12:55:51, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
05/08/2011 12:55:51, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
05/08/2011 12:55:51, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
05/08/2011 12:48:13, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WinTab Service service to connect.
05/08/2011 12:48:13, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ServicepointService service to connect.
05/08/2011 12:48:13, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ProtexisLicensing service to connect.
05/08/2011 12:48:13, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Java Quick Starter service to connect.
05/08/2011 12:48:13, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
05/08/2011 12:48:13, error: Service Control Manager [7000] - The WinTab Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05/08/2011 12:48:13, error: Service Control Manager [7000] - The ServicepointService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05/08/2011 12:48:13, error: Service Control Manager [7000] - The ProtexisLicensing service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05/08/2011 12:48:13, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05/08/2011 12:48:13, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05/08/2011 12:32:52, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: Access is denied.
05/08/2011 12:32:52, error: DCOM [10005] - DCOM got error "%5" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
05/08/2011 12:32:51, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
05/08/2011 12:32:51, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05/08/2011 12:28:19, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.
05/08/2011 12:28:19, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05/08/2011 12:27:19, error: Service Control Manager [7034] - The WinTab Service service terminated unexpectedly. It has done this 1 time(s).
05/08/2011 12:27:19, error: Service Control Manager [7034] - The ServicepointService service terminated unexpectedly. It has done this 1 time(s).
05/08/2011 12:27:19, error: Service Control Manager [7034] - The ProtexisLicensing service terminated unexpectedly. It has done this 1 time(s).
05/08/2011 12:27:19, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
05/08/2011 12:27:19, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
05/08/2011 12:27:19, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
05/08/2011 12:27:19, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
01/08/2011 15:34:48, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{0FB7C9A6-4600-45A9-97B9-A3FCE65F483A} because another computer on the network has the same name. The server could not start.
.
==== End Of File ===========================


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-07 11:34:20
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-1b ST380011A rev.8.11
Running: gmer.exe; Driver: C:\DOCUME~1\Malcolm2\LOCALS~1\Temp\fgddypob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB3C68202]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB3C8C6C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB3C6A7F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB3C6A848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB3C6A95E]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xB9E4DC30]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB3C6A746]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9ECFF68]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9ED0230]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB3C6A898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB3C6A79A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB3C6A90C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB3C68226]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xB9E4DE90]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xB9E4DF50]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB3C6ABE2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB3C8CBF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB3C8CA5D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB3C67FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB3C6824A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB3C6AD56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB3C68CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB3C6A820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB3C6A870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB3C6A988]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xB9E4DAD0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB3C6A772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB3C6AA1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB3C6A8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB3C6A7C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB3C6AAFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB3C6A936]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB3C8C8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB3C68BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB3C8C72A]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9EF296E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB3C8B6E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB3C6826E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB3C68292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB3C6804A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB3C68186]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xB9E4E150]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB3C68162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB3C681AA]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xB9E50300]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB3C682B6]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 26B4 80501EEC 4 Bytes [E8, B6, C8, B3]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B8EC 4 Bytes CALL B3C69335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF809922 5 Bytes JMP B3C6BCA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP B3C6BBAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 783B BF824157 5 Bytes JMP B3C6AF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828CE9 5 Bytes JMP B3C6BE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316DA 5 Bytes JMP B3C6C014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B8F2 BF83A37C 5 Bytes JMP B3C6BB1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 5F35 BF857E69 5 Bytes JMP B3C6AFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 348C BF866FF4 5 Bytes JMP B3C6B180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3517 BF86707F 5 Bytes JMP B3C6B326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3F47 BF867AAF 5 Bytes JMP B3C6AE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + AAFC BF86E664 5 Bytes JMP B3C6BBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 2ED7 BF871F85 5 Bytes JMP B3C6BF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF88C9D8 5 Bytes JMP B3C6B2FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 4149 BF8B0CBE 5 Bytes JMP B3C6AE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 2DBF BF8C26A3 5 Bytes JMP B3C6BD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 450 BF8C3048 5 Bytes JMP B3C6B03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CB4AA 1 Byte [E9]
.text win32k.sys!EngFillPath + 1517 BF8CB4AA 5 Bytes JMP B3C6B0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CB72A 5 Bytes JMP B3C6B0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8ED1B7 5 Bytes JMP B3C6AD8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19B2 BF913F1F 5 Bytes JMP B3C6AEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2586 BF914AF3 5 Bytes JMP B3C6B008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EE5 BF917452 5 Bytes JMP B3C6B440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1924 BF945FB0 5 Bytes JMP B3C6BECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\DOCUME~1\Malcolm2\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\spoolsv.exe[316] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A40001
.text C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe[344] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A30001
.text C:\WINDOWS\system32\PSIService.exe[436] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\Program Files\Internet Explorer\iexplore.exe[528] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[528] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[528] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[528] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[528] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[528] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[528] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[528] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[528] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[528] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[528] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[528] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[528] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[528] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[792] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[852] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[872] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A20001
.text ...
.text C:\WINDOWS\system32\SearchIndexer.exe[1628] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[1732] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\WINDOWS\system32\WTClient.exe[1792] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D10001
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A30001
.text C:\WINDOWS\system32\svchost.exe[1984] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A30001
.text C:\Program Files\Java\jre6\bin\jqs.exe[2040] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A30001
.text ...
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3948] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys (avast! TDI Filter Driver/AVAST Software)

Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys (UM Injection Driver/PC Tools)

AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys (avast! TDI Filter Driver/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{25EFA533-F7E1-B683-297B-357EB5395E2C}

---- EOF - GMER 1.0.15 ----


ComboFix 11-08-06.02 - Malcolm2 06/08/2011 19:32:39.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1982.1433 [GMT 1:00]
Running from: c:\documents and settings\Malcolm2\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\pC01602OcOeB01602
c:\documents and settings\All Users.WINDOWS\Application Data\pC01602OcOeB01602\pC01602OcOeB01602
c:\documents and settings\All Users.WINDOWS\Application Data\pC01602OcOeB01602\pC01602OcOeB01602.exe
c:\documents and settings\All Users.WINDOWS\Application Data\yfk.exe
c:\documents and settings\Malcolm2\Local Settings\Application Data\bws.exe
c:\documents and settings\Malcolm2\Local Settings\Application Data\cph.exe
c:\documents and settings\Malcolm2\Local Settings\Application Data\ell.exe
c:\documents and settings\Malcolm2\Local Settings\Application Data\esb.exe
c:\documents and settings\Malcolm2\Local Settings\Application Data\fam.exe
c:\documents and settings\Malcolm2\Local Settings\Application Data\haj.exe
c:\documents and settings\Malcolm2\Local Settings\Application Data\hrm.exe
c:\documents and settings\Malcolm2\Local Settings\Application Data\ikh.exe
c:\documents and settings\Malcolm2\Local Settings\Application Data\kdg.exe
c:\documents and settings\Malcolm2\Local Settings\Application Data\kea.exe
c:\documents and settings\Malcolm2\Local Settings\Application Data\lbk.exe
c:\documents and settings\Malcolm2\Local Settings\Application Data\mby.exe
c:\documents and settings\Malcolm2\Local Settings\Application Data\mku.exe
c:\documents and settings\Malcolm2\Local Settings\Application Data\ngs.exe
c:\documents and settings\Malcolm2\Local Settings\Application Data\pbr.exe
c:\documents and settings\Malcolm2\Local Settings\Application Data\pdf.exe
c:\documents and settings\Malcolm2\Local Settings\Application Data\pws.exe
c:\documents and settings\Malcolm2\Local Settings\Application Data\qnj.exe
c:\documents and settings\Malcolm2\Local Settings\Application Data\qpn.exe
c:\documents and settings\Malcolm2\Local Settings\Application Data\rdo.exe
c:\documents and settings\Malcolm2\Local Settings\Application Data\uvy.exe
c:\documents and settings\Malcolm2\Local Settings\Application Data\vpi.exe
c:\documents and settings\Malcolm2\Local Settings\Application Data\wii.exe
c:\documents and settings\Malcolm2\Local Settings\Application Data\wpc.exe
c:\documents and settings\Malcolm2\Local Settings\Application Data\wru.exe
c:\documents and settings\Malcolm2\Local Settings\Application Data\xfl.exe
c:\documents and settings\Malcolm2\Local Settings\Application Data\xgd.exe
c:\documents and settings\Malcolm2\Local Settings\Application Data\ykr.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-06 to 2011-08-06 )))))))))))))))))))))))))))))))
.
.
2011-08-06 12:09 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-06 12:09 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-06 12:09 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-08-06 12:09 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-08-06 12:09 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-08-06 12:08 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-06 12:08 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-06 12:08 . 2011-08-06 12:08 -------- d-----w- c:\program files\AVAST Software
2011-08-06 12:08 . 2011-08-06 12:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVAST Software
2011-08-06 08:47 . 2011-08-06 08:47 -------- d-----w- c:\documents and settings\Malcolm2\Application Data\SUPERAntiSpyware.com
2011-08-06 08:47 . 2011-08-06 08:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\!SASCORE
2011-08-06 08:47 . 2011-08-06 08:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-06 08:47 . 2011-08-06 08:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2011-08-06 07:08 . 2010-12-31 08:36 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-08-06 07:08 . 2010-12-31 08:36 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-08-06 07:08 . 2010-12-31 08:36 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-08-05 16:52 . 2011-08-05 16:52 -------- d-----w- c:\documents and settings\Malcolm2\Local Settings\Application Data\Threat Expert
2011-08-05 15:16 . 2011-01-07 13:54 767952 ----a-w- c:\windows\BDTSupport.dll
2011-08-05 15:16 . 2011-01-07 13:54 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-08-05 15:16 . 2011-01-07 13:54 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-08-05 15:16 . 2011-01-07 13:54 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-08-05 15:00 . 2010-07-16 13:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-08-05 15:00 . 2010-07-16 13:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-08-05 15:00 . 2011-01-17 08:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-08-05 15:00 . 2010-12-10 15:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-08-05 15:00 . 2010-12-10 12:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-08-05 15:00 . 2010-12-16 07:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-08-05 15:00 . 2011-08-06 18:32 -------- d-----w- c:\program files\PC Tools Security
2011-08-05 15:00 . 2011-08-05 15:01 -------- d-----w- c:\program files\Common Files\PC Tools
2011-08-05 14:57 . 2011-08-06 18:38 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2011-08-05 14:55 . 2011-08-06 07:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Tools
2011-08-05 13:52 . 2011-08-06 18:23 -------- d-----w- C:\32788R22FWJFW
2011-08-05 11:55 . 2011-08-05 14:49 -------- d-----w- c:\documents and settings\Administrator.MALHOME
2011-07-31 17:02 . 2011-07-31 17:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-12 10:20 . 2011-07-12 10:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 10:20 . 2011-07-12 10:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 10:20 . 2011-07-12 10:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 10:20 . 2011-07-12 10:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-09 11:32 . 2011-07-09 11:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ErrorEND
2011-07-09 11:10 . 2011-07-09 11:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\RegSERVO
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 23:09 . 2011-07-06 23:09 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\wqi.exe
2011-07-06 23:09 . 2011-07-06 23:09 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\qex.exe
2011-07-06 23:09 . 2011-07-06 23:09 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\oac.exe
2011-07-06 23:09 . 2011-07-06 23:09 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\hsc.exe
2011-07-06 23:09 . 2011-07-06 23:09 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\doo.exe
2011-07-06 22:59 . 2011-07-06 22:59 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\wcx.exe
2011-07-06 22:59 . 2011-07-06 22:59 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\uus.exe
2011-07-06 22:59 . 2011-07-06 22:59 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\lev.exe
2011-07-06 22:59 . 2011-07-06 22:59 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\jyl.exe
2011-07-06 22:59 . 2011-07-06 22:59 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\anf.exe
2011-07-06 22:59 . 2011-07-06 22:59 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\vwd.exe
2011-07-06 22:59 . 2011-07-06 22:59 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\rsi.exe
2011-07-06 22:59 . 2011-07-06 22:59 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\meu.exe
2011-07-06 22:59 . 2011-07-06 22:59 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\jqo.exe
2011-07-06 22:59 . 2011-07-06 22:59 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\hmj.exe
2011-07-06 22:57 . 2011-07-06 22:57 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\wdt.exe
2011-07-06 22:57 . 2011-07-06 22:57 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\vua.exe
2011-07-06 22:57 . 2011-07-06 22:57 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\qep.exe
2011-07-06 22:57 . 2011-07-06 22:57 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\lot.exe
2011-07-06 22:53 . 2011-07-06 22:53 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\uqe.exe
2011-07-06 22:53 . 2011-07-06 22:53 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\oyx.exe
2011-07-06 22:53 . 2011-07-06 22:53 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\lnv.exe
2011-07-06 22:53 . 2011-07-06 22:53 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\jxf.exe
2011-07-06 22:53 . 2011-07-06 22:53 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\cxn.exe
2011-07-06 22:50 . 2011-07-06 22:50 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\twg.exe
2011-07-06 22:50 . 2011-07-06 22:50 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\tny.exe
2011-07-06 22:50 . 2011-07-06 22:50 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\tlh.exe
2011-07-06 22:50 . 2011-07-06 22:50 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\pwb.exe
2011-07-06 22:50 . 2011-07-06 22:50 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\fyi.exe
2011-07-06 22:43 . 2011-07-06 22:43 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\uqo.exe
2011-07-06 22:43 . 2011-07-06 22:43 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\ubu.exe
2011-07-06 22:43 . 2011-07-06 22:43 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\stb.exe
2011-07-06 22:43 . 2011-07-06 22:43 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\pvr.exe
2011-07-06 22:43 . 2011-07-06 22:43 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\eso.exe
2011-07-06 18:52 . 2011-05-15 21:38 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52 . 2011-05-15 21:38 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 12:44 . 2010-05-01 19:04 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-06-02 12:44 . 2010-05-01 19:04 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-10 07:06 . 2010-12-25 08:35 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 07:06 . 2010-12-25 08:35 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9F9D-3BEFCFBE6E86}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 12:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-29 4599680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"331BigDog"="c:\windows\VM331_STI.EXE" [2008-05-28 200704]
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-03-26 135168]
"WTClient"="WTClient.exe" [2007-04-11 40960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-02 273544]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-01-13 1589208]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
REALTEK 11n USB Wireless LAN Utility.lnk - c:\program files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe [2010-8-24 966656]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"AlcxMonitor"=ALCXMNTR.EXE
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" -osboot
"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\REALTEK\\11n USB Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Virgin Media\\Service Manager\\ServicepointService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [05/08/2011 16:00 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [05/08/2011 16:00 338880]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [06/08/2011 08:08 51984]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [06/08/2011 08:08 69392]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [06/08/2011 13:09 441176]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [05/08/2011 16:00 251560]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [19/07/2011 01:02 123264]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [05/08/2011 16:16 247760]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [05/08/2011 16:00 366840]
R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [03/05/2011 15:59 689464]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [05/08/2011 16:00 70536]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [24/08/2010 16:38 606056]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [06/08/2011 08:08 33552]
R3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/04/2009 21:32 133104]
S3 CPWGU(Philips);Philips SNU5600 Wireless USB Adapter 11b/g(Philips);c:\windows\system32\drivers\CPWGU.sys [18/11/2009 19:05 408064]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26/04/2009 21:32 133104]
S3 vm331avs;VC0331 USB2.0 Digital Camera;c:\windows\system32\drivers\vm331avs.sys [28/05/2008 10:54 972544]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [20/11/2009 20:03 250240]
S3 vvftav323;vvftav323;c:\windows\system32\drivers\vvftav323.sys [19/03/2007 09:15 475136]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [20/11/2009 20:03 476160]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver32
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
.
2011-08-06 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-08-08 07:26]
.
2011-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-26 20:32]
.
2011-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-26 20:32]
.
2011-08-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-682003330-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2011-08-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-682003330-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2011-08-06 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-05-17 12:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://upload.theadulthub.com/uploader/ImageUploader6.cab
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-06 20:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1085031214-682003330-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{25EFA533-F7E1-B683-297B-357EB5395E2C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\PC Tools Security\TFEngine\TFWAH.dll
c:\program files\PC Tools Security\TFEngine\TFNI.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
c:\program files\PC Tools Security\TFEngine\TFMon.dll
c:\program files\PC Tools Security\TFEngine\TFRK.dll
.
- - - - - - - > 'lsass.exe'(956)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\program files\PC Tools Security\TFEngine\TFWAH.dll
.
Completion time: 2011-08-06 20:22:51
ComboFix-quarantined-files.txt 2011-08-06 19:22
ComboFix2.txt 2011-05-15 15:45
.
Pre-Run: 36,299,493,376 bytes free
Post-Run: 36,642,816,000 bytes free
.
- - End Of File - - 98C12E6803D6215184BA7FC539C9EA35

BC AdBot (Login to Remove)

 


#2 malln2

malln2
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 07 August 2011 - 06:03 AM

Sorry I forgot to thank orange blossom for setting me on the right path.

#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:59 PM

Posted 13 August 2011 - 07:10 AM

Welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.sys /90
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#4 malln2

malln2
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 13 August 2011 - 09:08 AM

Hi Etavares and thank you for your help in fixing this.

OTL log
OTL logfile created on: 13/08/2011 13:20:44 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Malcolm2\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 70.47% Memory free
3.19 Gb Paging File | 2.77 Gb Available in Paging File | 86.66% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.02 Gb Total Space | 34.03 Gb Free Space | 47.92% Space Free | Partition Type: NTFS
Drive D: | 18.64 Gb Total Space | 12.50 Gb Free Space | 67.05% Space Free | Partition Type: NTFS

Computer Name: MALHOME | User Name: Malcolm2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/13 13:19:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Malcolm2\desktop\OTL.exe
PRC - [2011/07/19 01:02:03 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/02 13:44:18 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
PRC - [2009/03/04 13:04:22 | 000,069,632 | -H-- | M] (Tablet Driver) -- C:\WINDOWS\system32\drivers\WTSrv.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/11 17:27:00 | 000,040,960 | -H-- | M] (Tablet Driver) -- C:\WINDOWS\system32\WTClient.exe
PRC - [2006/11/02 21:40:12 | 000,174,656 | -H-- | M] () -- C:\WINDOWS\system32\PSIService.exe


========== Modules (SafeList) ==========

MOD - [2011/08/13 13:19:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Malcolm2\desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/19 01:02:03 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/06/14 16:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/03/04 13:04:22 | 000,069,632 | -H-- | M] (Tablet Driver) [Auto | Running] -- C:\WINDOWS\System32\Drivers\WTSRV.EXE -- (WinTabService)
SRV - [2006/11/02 21:40:12 | 000,174,656 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 12:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 12:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/12/31 09:36:40 | 000,069,392 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TFSysMon)
DRV - [2010/12/31 09:36:38 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/12/31 09:36:36 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/12/16 08:46:04 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/11/25 06:59:16 | 000,606,056 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/02/26 15:32:58 | 000,008,192 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 15:32:46 | 000,008,192 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 15:32:44 | 000,022,528 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 15:32:44 | 000,018,176 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/03/25 07:29:52 | 000,130,432 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/01/05 22:02:10 | 000,005,632 | -H-- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/09/08 15:10:23 | 000,014,848 | -H-- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UCTblHid.sys -- (UCTblHid)
DRV - [2008/08/26 11:26:12 | 000,018,816 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/04 12:17:14 | 001,681,920 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/06/16 02:58:00 | 000,476,160 | -H-- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vvftUVC.sys -- (vvftUVC)
DRV - [2008/06/16 02:58:00 | 000,250,240 | -H-- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VMUVC.sys -- (VMUVC)
DRV - [2008/05/28 10:54:28 | 000,972,544 | -H-- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vm331avs.sys -- (vm331avs)
DRV - [2008/04/13 23:05:40 | 000,020,992 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2007/05/02 11:11:18 | 000,109,704 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007/05/02 11:11:18 | 000,015,112 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007/05/02 11:11:16 | 000,083,592 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007/04/23 16:28:56 | 000,018,432 | -H-- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TClass2k.sys -- (TClass2k)
DRV - [2007/04/16 22:46:00 | 000,033,792 | -H-- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/03/19 09:15:10 | 000,475,136 | -H-- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vvftav323.sys -- (vvftav323)
DRV - [2006/02/07 16:23:00 | 000,408,064 | -H-- | M] (Philips Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CPWGU.sys -- (CPWGU(Philips)) Philips SNU5600 Wireless USB Adapter 11b/g(Philips)
DRV - [2005/08/29 16:11:00 | 003,644,928 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1085031214-682003330-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
IE - HKU\S-1-5-21-1085031214-682003330-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1085031214-682003330-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Malcolm2\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/12/19 10:54:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/02 13:45:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2011/08/05 16:16:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/12/19 10:54:23 | 000,000,000 | ---D | M]

[2010/07/30 20:31:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Malcolm2\Application Data\Mozilla\Extensions
[2009/11/13 16:38:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/11/14 18:43:43 | 000,000,000 | ---D | M] (Google Settings) -- C:\Program Files\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
[2008/01/04 16:36:50 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2008/01/04 16:36:50 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/09/22 20:14:04 | 000,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/01/04 16:36:50 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/08/06 20:06:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (PhotoPos Pro Toolbar) - {A057A204-BACC-4D26-9F9D-3BEFCFBE6E86} - C:\Program Files\photoposcomtbr\photoposcomtbr.dll (PhotoPos Pro inc)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (PhotoPos Pro Toolbar) - {A057A204-BACC-4D26-9F9D-3BEFCFBE6E86} - C:\Program Files\photoposcomtbr\photoposcomtbr.dll (PhotoPos Pro inc)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1085031214-682003330-1801674531-1004\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-1085031214-682003330-1801674531-1004\..\Toolbar\WebBrowser: (PhotoPos Pro Toolbar) - {A057A204-BACC-4D26-9F9D-3BEFCFBE6E86} - C:\Program Files\photoposcomtbr\photoposcomtbr.dll (PhotoPos Pro inc)
O3 - HKU\S-1-5-21-1085031214-682003330-1801674531-1004\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [331BigDog] C:\WINDOWS\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation)
O4 - HKLM..\Run: [WTClient] C:\WINDOWS\System32\WTClient.exe (Tablet Driver)
O4 - HKU\S-1-5-21-1085031214-682003330-1801674531-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ReSchedHPSU.lnk = C:\HP\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\REALTEK 11n USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-682003330-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1085031214-682003330-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1085031214-682003330-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1085031214-682003330-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258576919625 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://upload.theadulthub.com/uploader/ImageUploader6.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Malcolm2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Malcolm2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/08 16:55:43 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1085031214-682003330-1801674531-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/13 13:19:08 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Malcolm2\Desktop\OTL.exe
[2011/08/12 22:29:58 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Malcolm2\Desktop\HijackThis.exe
[2011/08/12 16:41:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm2\Application Data\PCTools
[2011/08/12 09:31:46 | 009,545,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Malcolm2\Desktop\mbam-setup.exe
[2011/08/12 08:20:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm2\Desktop\gmer
[2011/08/12 08:20:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/08/07 09:28:00 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Malcolm2\Desktop\dds.scr
[2011/08/06 20:31:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/06 19:21:26 | 004,165,920 | R--- | C] (Swearware) -- C:\Documents and Settings\Malcolm2\Desktop\ComboFix.exe
[2011/08/06 13:09:39 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/08/06 13:09:34 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/08/06 13:09:33 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/08/06 13:09:33 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/08/06 13:09:32 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/08/06 13:08:28 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/08/06 13:08:28 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/08/06 13:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/06 13:08:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2011/08/06 12:12:30 | 002,002,320 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Malcolm2\Desktop\HousecallLauncher.exe
[2011/08/06 09:47:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm2\Application Data\SUPERAntiSpyware.com
[2011/08/06 09:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\!SASCORE
[2011/08/06 09:47:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm2\Start Menu\Programs\SUPERAntiSpyware
[2011/08/06 09:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2011/08/06 09:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/06 08:08:45 | 000,069,392 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2011/08/06 08:08:45 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2011/08/06 08:08:44 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2011/08/05 17:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm2\Local Settings\Application Data\Threat Expert
[2011/08/05 16:16:32 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011/08/05 16:16:31 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/08/05 16:16:31 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/08/05 16:00:43 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2011/08/05 16:00:43 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2011/08/05 16:00:42 | 000,251,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/08/05 16:00:37 | 000,239,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/08/05 16:00:37 | 000,160,448 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/08/05 16:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\PC Tools Security
[2011/08/05 16:00:31 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/08/05 16:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/08/05 16:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/08/05 15:57:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2011/08/05 15:55:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
[2011/08/05 14:52:37 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/07/29 21:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\iTunes
[2007/10/02 04:23:00 | 000,131,072 | -H-- | C] ( ) -- C:\WINDOWS\vm331Rmv.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/13 13:20:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-682003330-1801674531-1004.job
[2011/08/13 13:20:03 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-682003330-1801674531-1004.job
[2011/08/13 13:19:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Malcolm2\Desktop\OTL.exe
[2011/08/13 13:01:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/08/13 12:49:01 | 000,000,890 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/13 10:43:37 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Malcolm2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/13 10:31:16 | 000,000,678 | ---- | M] () -- C:\Documents and Settings\Malcolm2\Desktop\Shortcut to iexplore.exe.lnk
[2011/08/13 07:49:02 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/13 07:42:50 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/08/13 07:42:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/12 22:29:58 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Malcolm2\Desktop\HijackThis.exe
[2011/08/12 14:04:05 | 000,236,041 | ---- | M] () -- C:\Documents and Settings\Malcolm2\Local Settings\Application Data\census.cache
[2011/08/12 14:04:04 | 000,224,445 | ---- | M] () -- C:\Documents and Settings\Malcolm2\Local Settings\Application Data\ars.cache
[2011/08/12 09:32:39 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/12 09:31:45 | 009,545,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Malcolm2\Desktop\mbam-setup.exe
[2011/08/11 13:59:46 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Safari.lnk
[2011/08/07 11:44:01 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LauncherAccess.dt
[2011/08/07 09:44:23 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Malcolm2\Desktop\gmer.zip
[2011/08/07 09:28:01 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Malcolm2\Desktop\dds.scr
[2011/08/07 09:26:22 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Malcolm2\Desktop\Defogger.exe
[2011/08/07 09:25:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Malcolm2\defogger_reenable
[2011/08/06 20:06:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/06 19:21:05 | 004,165,920 | R--- | M] (Swearware) -- C:\Documents and Settings\Malcolm2\Desktop\ComboFix.exe
[2011/08/06 13:41:17 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/06 12:54:01 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Malcolm2\Local Settings\Application Data\housecall.guid.cache
[2011/08/06 12:44:27 | 000,009,830 | ---- | M] () -- C:\Documents and Settings\Malcolm2\Desktop\exefix.reg
[2011/08/06 12:12:30 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Malcolm2\Desktop\HousecallLauncher.exe
[2011/08/05 16:00:36 | 000,001,675 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Spyware Doctor.lnk
[2011/08/04 07:42:24 | 000,013,646 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/29 21:35:15 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Malcolm2\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/07/29 21:33:14 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/13 10:31:16 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\Malcolm2\Desktop\Shortcut to iexplore.exe.lnk
[2011/08/12 09:32:39 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/07 11:38:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LauncherAccess.dt
[2011/08/07 09:44:23 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Malcolm2\Desktop\gmer.zip
[2011/08/07 09:26:22 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Malcolm2\Desktop\Defogger.exe
[2011/08/07 09:25:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Malcolm2\defogger_reenable
[2011/08/06 13:06:24 | 000,236,041 | ---- | C] () -- C:\Documents and Settings\Malcolm2\Local Settings\Application Data\census.cache
[2011/08/06 13:06:05 | 000,224,445 | ---- | C] () -- C:\Documents and Settings\Malcolm2\Local Settings\Application Data\ars.cache
[2011/08/06 12:54:01 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Malcolm2\Local Settings\Application Data\housecall.guid.cache
[2011/08/06 12:42:24 | 000,009,830 | ---- | C] () -- C:\Documents and Settings\Malcolm2\Desktop\exefix.reg
[2011/08/05 16:16:34 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/08/05 16:16:32 | 000,002,125 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2011/08/05 16:16:32 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2011/08/05 16:16:32 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2011/08/05 16:16:32 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2011/08/05 16:00:36 | 000,001,675 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Spyware Doctor.lnk
[2011/08/04 19:07:46 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-682003330-1801674531-1004.job
[2011/07/29 21:35:15 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Safari.lnk
[2011/07/29 21:35:15 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Malcolm2\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/07/29 21:33:14 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk
[2011/07/29 21:22:43 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/29 21:22:38 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Apple Software Update.lnk
[2011/07/07 00:09:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\wqi.exe
[2011/07/07 00:09:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\qex.exe
[2011/07/07 00:09:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\oac.exe
[2011/07/07 00:09:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\hsc.exe
[2011/07/07 00:09:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\doo.exe
[2011/07/06 23:59:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\wcx.exe
[2011/07/06 23:59:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\uus.exe
[2011/07/06 23:59:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\lev.exe
[2011/07/06 23:59:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\jyl.exe
[2011/07/06 23:59:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\anf.exe
[2011/07/06 23:59:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\vwd.exe
[2011/07/06 23:59:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\rsi.exe
[2011/07/06 23:59:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\meu.exe
[2011/07/06 23:59:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\jqo.exe
[2011/07/06 23:59:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\hmj.exe
[2011/07/06 23:57:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\wdt.exe
[2011/07/06 23:57:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\vua.exe
[2011/07/06 23:57:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\qep.exe
[2011/07/06 23:57:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\lot.exe
[2011/07/06 23:53:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\uqe.exe
[2011/07/06 23:53:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\oyx.exe
[2011/07/06 23:53:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\lnv.exe
[2011/07/06 23:53:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\jxf.exe
[2011/07/06 23:53:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\cxn.exe
[2011/07/06 23:50:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\twg.exe
[2011/07/06 23:50:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\tny.exe
[2011/07/06 23:50:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\tlh.exe
[2011/07/06 23:50:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\pwb.exe
[2011/07/06 23:50:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\fyi.exe
[2011/07/06 23:43:52 | 000,014,204 | -HS- | C] () -- C:\Documents and Settings\Malcolm2\Local Settings\Application Data\56gy0yq21407l3jn4kb8oslbf36042daa5483xw178
[2011/07/06 23:43:52 | 000,014,204 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\56gy0yq21407l3jn4kb8oslbf36042daa5483xw178
[2011/07/06 23:43:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\uqo.exe
[2011/07/06 23:43:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ubu.exe
[2011/07/06 23:43:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\stb.exe
[2011/07/06 23:43:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\pvr.exe
[2011/07/06 23:43:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\eso.exe
[2011/05/15 16:25:04 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/15 16:25:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/15 16:25:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/15 16:25:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/15 16:25:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/22 14:13:07 | 000,000,064 | -H-- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/22 14:13:07 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/12/25 11:40:42 | 000,065,548 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/24 16:38:21 | 000,451,072 | -H-- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2010/05/15 11:15:35 | 000,005,632 | -H-- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/05/01 20:12:29 | 000,000,025 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/03/29 20:00:59 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Malcolm2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/21 21:33:48 | 000,000,088 | -HS- | C] () -- C:\WINDOWS\System32\184083C501.sys
[2010/01/21 21:33:47 | 000,001,056 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/01/20 19:37:55 | 000,001,382 | -H-- | C] () -- C:\WINDOWS\Tablet5500x4000.ini
[2010/01/17 15:08:16 | 000,000,063 | -H-- | C] () -- C:\WINDOWS\mdm.ini
[2009/12/26 16:53:31 | 000,108,032 | -H-- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2009/12/26 16:52:55 | 000,039,095 | -H-- | C] () -- C:\WINDOWS\iccsigs.dat
[2009/11/18 20:10:32 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/17 12:27:52 | 000,156,672 | -H-- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/11/17 12:27:52 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/11/17 12:03:09 | 000,133,246 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/11/17 11:05:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/11/17 10:58:05 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/11/17 10:45:51 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/11/17 10:44:06 | 000,290,888 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/18 18:15:32 | 000,184,320 | -H-- | C] () -- C:\WINDOWS\System32\WinTab32.dll
[2009/03/13 13:04:44 | 000,047,104 | -H-- | C] () -- C:\WINDOWS\System32\UCMfg.exe
[2009/03/03 13:18:04 | 000,073,728 | -H-- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/06/04 08:01:10 | 000,001,295 | -H-- | C] () -- C:\WINDOWS\vm331Rmv.ini
[2008/05/26 22:59:42 | 000,018,904 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 13:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 13:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 13:00:00 | 000,333,422 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 13:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 13:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 13:00:00 | 000,047,502 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 13:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 13:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 13:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 13:00:00 | 000,004,461 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 13:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 13:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/09/27 11:51:02 | 000,020,698 | -H-- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | -H-- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | -H-- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/14 01:14:12 | 000,012,288 | -H-- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/06/14 01:13:34 | 003,596,288 | -H-- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/24 20:31:12 | 000,010,240 | -H-- | C] () -- C:\WINDOWS\System32\ucinst32.dll
[2006/11/02 21:40:12 | 000,174,656 | -H-- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2002/10/30 04:53:26 | 000,069,632 | -H-- | C] () -- C:\WINDOWS\System32\PcHook.DLL
[2002/07/25 11:04:24 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\System32\lhtool.exe
[2002/03/21 15:39:02 | 000,073,728 | -H-- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[1999/01/22 19:46:56 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2011/08/05 13:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MALHOME\Application Data\GlarySoft
[2011/08/05 13:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MALHOME\Application Data\Windows Search
[2007/10/24 18:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2007/10/24 18:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/08/06 09:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\!SASCORE
[2010/04/24 20:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ACD Systems
[2010/11/08 20:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2011/08/06 13:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2009/11/18 23:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2011/07/09 12:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ErrorEND
[2010/05/17 21:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nokia
[2010/12/19 10:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NokiaInstallerCache
[2010/05/14 15:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\OviInstallerCache
[2010/05/14 16:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
[2011/06/28 18:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Radialpoint
[2011/07/09 12:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RegSERVO
[2011/02/08 21:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SBT
[2011/08/13 09:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2011/05/03 15:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Virgin Media
[2010/04/26 20:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\VirginMedia
[2010/12/25 09:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/07/23 22:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\360desktop
[2009/02/25 22:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\ACD Systems
[2009/03/25 21:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\Any Video Converter
[2008/08/21 18:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\Ashampoo
[2009/11/10 16:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\AVGTOOLBAR
[2009/10/01 23:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\Camfrog
[2007/11/07 19:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\DataLayer
[2009/11/02 02:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\FrostWire
[2008/08/03 00:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\LimeWire
[2008/01/16 17:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\MAGIX
[2007/12/24 20:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\Nokia
[2008/06/30 11:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\Nokia Multimedia Player
[2009/01/14 20:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\OfficeUpdate12
[2009/08/14 16:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\OpenCandy
[2007/11/05 17:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\PC Suite
[2009/01/05 22:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\SAMSUNG
[2008/04/08 17:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\System Tweaker
[2008/07/06 17:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\TuxPaint
[2008/04/08 16:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\Uniblue
[2007/11/07 16:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\WinBatch
[2008/10/27 22:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\Windows Desktop Search
[2008/11/06 21:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\Windows Search
[2010/04/24 20:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\ACD Systems
[2010/05/14 16:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\Facebook
[2010/04/25 00:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\FrmMain
[2011/08/06 18:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\FrostWire
[2010/09/02 20:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\GlarySoft
[2009/11/18 17:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\InterTrust
[2010/05/17 20:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\Nokia
[2010/05/17 20:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\Nokia Ovi Suite
[2011/06/26 15:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\OpenCandy
[2010/05/14 16:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\PC Suite
[2011/08/12 16:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\PCTools
[2011/06/26 15:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\Philipp Winterberg
[2010/04/24 23:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\photoposcomtbr
[2010/05/15 11:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\Samsung
[2011/05/03 15:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\Virgin Media
[2009/11/18 22:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\Windows Desktop Search
[2009/11/19 00:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\Windows Search
[2011/08/13 07:42:50 | 000,000,318 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2011/08/13 13:01:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/04/22 15:53:39 | 000,086,557 | ---- | M] () -- C:\aaw7boot.log
[2011/05/15 12:48:28 | 000,002,977 | ---- | M] () -- C:\aswBoot.log
[2008/02/08 16:55:43 | 000,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/11/18 19:17:56 | 007,921,182 | ---- | M] () -- C:\back_up.reg
[2009/11/17 10:54:19 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/05/15 16:27:42 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2004/11/09 21:20:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004/11/09 21:20:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2004/11/09 21:20:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 13:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/08/13 07:42:34 | 1509,949,440 | -HS- | M] () -- C:\pagefile.sys
[2007/10/24 20:52:34 | 000,380,448 | ---- | M] () -- C:\rawinfo.log
[2007/11/03 01:48:45 | 000,000,018 | -H-- | M] () -- C:\SYSREST
[2011/05/15 17:21:28 | 000,043,110 | ---- | M] () -- C:\TDSSKiller.2.5.1.0_15.05.2011_17.17.58_log.txt
[2011/07/08 23:30:16 | 000,044,480 | ---- | M] () -- C:\TDSSKiller.2.5.9.0_08.07.2011_23.29.34_log.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.sys /90 >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/11/17 10:43:00 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/11/17 10:43:00 | 001,064,960 | -H-- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/11/17 10:43:00 | 000,909,312 | -H-- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\* >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:430C6D84

< End of report >


GMER log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-13 15:04:20
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-1b ST380011A rev.8.11
Running: gmer.exe; Driver: C:\DOCUME~1\Malcolm2\LOCALS~1\Temp\fgddypob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB3C43202]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB3C676C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB3C457F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB3C45848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB3C4595E]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xB9E4DC30]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB3C45746]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9ECFF68]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9ED0230]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB3C45898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB3C4579A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB3C4590C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB3C43226]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xB9E4DE90]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xB9E4DF50]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB3C45BE2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB3C67BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB3C67A5D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB3C42FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB3C4324A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB3C45D56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB3C43CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB3C45820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB3C45870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB3C45988]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xB9E4DAD0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB3C45772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB3C45A1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB3C458D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB3C457C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB3C45AFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB3C45936]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB3C678D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB3C43BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB3C6772A]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9EF296E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB3C666E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB3C4326E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB3C43292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB3C4304A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB3C43186]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xB9E4E150]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB3C43162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB3C431AA]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xB9E50300]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB3C432B6]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 26B4 80501EEC 4 Bytes [E8, 66, C6, B3]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B8EC 4 Bytes CALL B3C44335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF809922 5 Bytes JMP B3C46CA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP B3C46BAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 783B BF824157 5 Bytes JMP B3C45F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828CE9 5 Bytes JMP B3C46E0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316DA 5 Bytes JMP B3C47014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B8F2 BF83A37C 5 Bytes JMP B3C46B1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 5F35 BF857E69 5 Bytes JMP B3C45FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 348C BF866FF4 5 Bytes JMP B3C46180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3517 BF86707F 5 Bytes JMP B3C46326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3F47 BF867AAF 5 Bytes JMP B3C45E58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + AAFC BF86E664 5 Bytes JMP B3C46BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 2ED7 BF871F85 5 Bytes JMP B3C46F72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF88C9D8 5 Bytes JMP B3C462FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 4149 BF8B0CBE 5 Bytes JMP B3C45E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 2DBF BF8C26A3 5 Bytes JMP B3C46D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 450 BF8C3048 5 Bytes JMP B3C4603E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CB4AA 1 Byte [E9]
.text win32k.sys!EngFillPath + 1517 BF8CB4AA 5 Bytes JMP B3C460AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CB72A 5 Bytes JMP B3C460E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8ED1B7 5 Bytes JMP B3C45D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19B2 BF913F1F 5 Bytes JMP B3C45EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2586 BF914AF3 5 Bytes JMP B3C46008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EE5 BF917452 5 Bytes JMP B3C46440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1924 BF945FB0 5 Bytes JMP B3C46ECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe[180] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A30001
.text C:\WINDOWS\system32\spoolsv.exe[256] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A40001
.text C:\WINDOWS\system32\svchost.exe[304] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\Program Files\Internet Explorer\iexplore.exe[532] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[532] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[532] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[532] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[532] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[532] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[532] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[532] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[532] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[548] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\WINDOWS\system32\SearchIndexer.exe[652] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A70001
.text C:\WINDOWS\system32\SearchIndexer.exe[652] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\svchost.exe[732] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\Program Files\Bonjour\mDNSResponder.exe[860] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A30001
.text C:\WINDOWS\system32\winlogon.exe[896] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\WINDOWS\system32\services.exe[944] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\WINDOWS\system32\lsass.exe[956] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A30001
.text C:\Program Files\Internet Explorer\iexplore.exe[1044] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1044] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1044] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1044] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1044] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1044] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1044] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1044] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1044] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1044] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1044] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1044] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1044] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1044] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\Ati2evxx.exe[1120] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\WINDOWS\system32\ctfmon.exe[1228] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003F0001
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A30001
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A20001
.text ...
.text c:\program files\real\realplayer\update\realsched.exe[2964] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\WINDOWS\System32\alg.exe[3160] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A20001
.text C:\WINDOWS\System32\svchost.exe[3172] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys (avast! TDI Filter Driver/AVAST Software)

Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys (UM Injection Driver/PC Tools)

AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys (avast! TDI Filter Driver/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{25EFA533-F7E1-B683-297B-357EB5395E2C}

---- EOF - GMER 1.0.15 ----

#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:59 PM

Posted 13 August 2011 - 10:52 AM

Hello, malln2.

First, running Combofix on your own can result in an unbootable computer. No worries here though, but it can happen for anyone reading. It's a very powerful tool.

Some of your files are hidden by the virus, so we'll run unhide to fix it. We'll also clean out some more malware with Combofix.


P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case FrostWIre). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.







Ask Toolbar Warning"

I see you have the Ask.Com toolbar installed. This often comes bundled with spyware and is recommended you remove.

Please see here for more information:
http://www.bleepingcomputer.com/uninstall/94/Ask-Toolbar.html

If you would like to remove it, please go to add/Remove Programs and uninstall it.







Step 1


Please download unhide.exe and save it to your desktop. Double-click unhide.exe to run it.

You should see your files, start menu items and Internet Explorer favorites return. If you do not, please let me know in your reply. It is important to check, as other steps as we clean your computer may mean we delete your start menu items and favorites unreturnable. (Your files would still be fine, though).




Step 2

First, please delete your copy of Combofix.
Then, download it as save it as etavaresCF.exe instead of COmbofix.exe from one of these links:

Next:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the codebox below into Notepad:

File::
c:\documents and settings\All Users.WINDOWS\Application Data\wqi.exe
c:\documents and settings\All Users.WINDOWS\Application Data\qex.exe
c:\documents and settings\All Users.WINDOWS\Application Data\oac.exe
c:\documents and settings\All Users.WINDOWS\Application Data\hsc.exe
c:\documents and settings\All Users.WINDOWS\Application Data\doo.exe
c:\documents and settings\All Users.WINDOWS\Application Data\wcx.exe
c:\documents and settings\All Users.WINDOWS\Application Data\uus.exe
c:\documents and settings\All Users.WINDOWS\Application Data\lev.exe
c:\documents and settings\All Users.WINDOWS\Application Data\jyl.exe
c:\documents and settings\All Users.WINDOWS\Application Data\anf.exe
c:\documents and settings\All Users.WINDOWS\Application Data\vwd.exe
c:\documents and settings\All Users.WINDOWS\Application Data\rsi.exe
c:\documents and settings\All Users.WINDOWS\Application Data\meu.exe
c:\documents and settings\All Users.WINDOWS\Application Data\jqo.exe
c:\documents and settings\All Users.WINDOWS\Application Data\hmj.exe
c:\documents and settings\All Users.WINDOWS\Application Data\wdt.exe
c:\documents and settings\All Users.WINDOWS\Application Data\vua.exe
c:\documents and settings\All Users.WINDOWS\Application Data\qep.exe
c:\documents and settings\All Users.WINDOWS\Application Data\lot.exe
c:\documents and settings\All Users.WINDOWS\Application Data\uqe.exe
c:\documents and settings\All Users.WINDOWS\Application Data\oyx.exe
c:\documents and settings\All Users.WINDOWS\Application Data\lnv.exe
c:\documents and settings\All Users.WINDOWS\Application Data\jxf.exe
c:\documents and settings\All Users.WINDOWS\Application Data\cxn.exe
c:\documents and settings\All Users.WINDOWS\Application Data\twg.exe
c:\documents and settings\All Users.WINDOWS\Application Data\tny.exe
c:\documents and settings\All Users.WINDOWS\Application Data\tlh.exe
c:\documents and settings\All Users.WINDOWS\Application Data\pwb.exe
c:\documents and settings\All Users.WINDOWS\Application Data\fyi.exe
c:\documents and settings\All Users.WINDOWS\Application Data\uqo.exe
c:\documents and settings\All Users.WINDOWS\Application Data\ubu.exe
c:\documents and settings\All Users.WINDOWS\Application Data\stb.exe
c:\documents and settings\All Users.WINDOWS\Application Data\pvr.exe
c:\documents and settings\All Users.WINDOWS\Application Data\eso.exe
C:\Documents and Settings\Malcolm2\Local Settings\Application Data\56gy0yq21407l3jn4kb8oslbf36042daa5483xw178
C:\Documents and Settings\All Users.WINDOWS\Application Data\56gy0yq21407l3jn4kb8oslbf36042daa5483xw178
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"=0
DDS::
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://upload.theadulthub.com/uploader/ImageUploader6.cab
RegNull::
[HKEY_USERS\S-1-5-21-1085031214-682003330-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{25EFA533-F7E1-B683-297B-357EB5395E2C}*]

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 malln2

malln2
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 13 August 2011 - 12:12 PM

Here is the latest combofix


ComboFix 11-08-13.02 - Malcolm2 13/08/2011 17:24:33.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1982.1376 [GMT 1:00]
Running from: c:\documents and settings\Malcolm2\Desktop\etavaresCF.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-13 to 2011-08-13 )))))))))))))))))))))))))))))))
.
.
2011-08-13 16:16 . 2011-08-13 16:18 -------- d-----w- C:\etavaresCF
2011-08-12 15:41 . 2011-08-12 15:41 -------- d-----w- c:\documents and settings\Malcolm2\Application Data\PCTools
2011-08-06 12:09 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-06 12:09 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-06 12:09 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-08-06 12:09 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-08-06 12:09 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-08-06 12:08 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-06 12:08 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-06 12:08 . 2011-08-06 12:08 -------- d-----w- c:\program files\AVAST Software
2011-08-06 12:08 . 2011-08-06 12:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVAST Software
2011-08-06 08:47 . 2011-08-06 08:47 -------- d-----w- c:\documents and settings\Malcolm2\Application Data\SUPERAntiSpyware.com
2011-08-06 08:47 . 2011-08-06 08:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\!SASCORE
2011-08-06 08:47 . 2011-08-06 08:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-06 08:47 . 2011-08-06 08:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2011-08-06 07:08 . 2010-12-31 08:36 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-08-06 07:08 . 2010-12-31 08:36 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-08-06 07:08 . 2010-12-31 08:36 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-08-05 16:52 . 2011-08-05 16:52 -------- d-----w- c:\documents and settings\Malcolm2\Local Settings\Application Data\Threat Expert
2011-08-05 15:16 . 2011-01-07 13:54 767952 ----a-w- c:\windows\BDTSupport.dll
2011-08-05 15:16 . 2011-01-07 13:54 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-08-05 15:16 . 2011-01-07 13:54 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-08-05 15:16 . 2011-01-07 13:54 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-08-05 15:00 . 2010-07-16 13:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-08-05 15:00 . 2010-07-16 13:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-08-05 15:00 . 2011-01-17 08:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-08-05 15:00 . 2010-12-10 15:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-08-05 15:00 . 2010-12-10 12:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-08-05 15:00 . 2010-12-16 07:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-08-05 15:00 . 2011-08-13 08:17 -------- d-----w- c:\program files\PC Tools Security
2011-08-05 15:00 . 2011-08-05 15:01 -------- d-----w- c:\program files\Common Files\PC Tools
2011-08-05 14:57 . 2011-08-13 08:17 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2011-08-05 14:55 . 2011-08-06 07:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Tools
2011-08-05 11:55 . 2011-08-05 14:49 -------- d-----w- c:\documents and settings\Administrator.MALHOME
2011-07-31 17:02 . 2011-07-31 17:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-12 10:20 . 2011-07-12 10:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 10:20 . 2011-07-12 10:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 10:20 . 2011-07-12 10:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 10:20 . 2011-07-12 10:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 06:55 . 2011-05-15 21:38 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-08 06:55 . 2011-05-15 21:38 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 23:09 . 2011-07-06 23:09 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\wqi.exe
2011-07-06 23:09 . 2011-07-06 23:09 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\qex.exe
2011-07-06 23:09 . 2011-07-06 23:09 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\oac.exe
2011-07-06 23:09 . 2011-07-06 23:09 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\hsc.exe
2011-07-06 23:09 . 2011-07-06 23:09 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\doo.exe
2011-07-06 22:59 . 2011-07-06 22:59 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\wcx.exe
2011-07-06 22:59 . 2011-07-06 22:59 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\uus.exe
2011-07-06 22:59 . 2011-07-06 22:59 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\lev.exe
2011-07-06 22:59 . 2011-07-06 22:59 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\jyl.exe
2011-07-06 22:59 . 2011-07-06 22:59 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\anf.exe
2011-07-06 22:59 . 2011-07-06 22:59 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\vwd.exe
2011-07-06 22:59 . 2011-07-06 22:59 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\rsi.exe
2011-07-06 22:59 . 2011-07-06 22:59 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\meu.exe
2011-07-06 22:59 . 2011-07-06 22:59 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\jqo.exe
2011-07-06 22:59 . 2011-07-06 22:59 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\hmj.exe
2011-07-06 22:57 . 2011-07-06 22:57 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\wdt.exe
2011-07-06 22:57 . 2011-07-06 22:57 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\vua.exe
2011-07-06 22:57 . 2011-07-06 22:57 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\qep.exe
2011-07-06 22:57 . 2011-07-06 22:57 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\lot.exe
2011-07-06 22:53 . 2011-07-06 22:53 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\uqe.exe
2011-07-06 22:53 . 2011-07-06 22:53 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\oyx.exe
2011-07-06 22:53 . 2011-07-06 22:53 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\lnv.exe
2011-07-06 22:53 . 2011-07-06 22:53 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\jxf.exe
2011-07-06 22:53 . 2011-07-06 22:53 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\cxn.exe
2011-07-06 22:50 . 2011-07-06 22:50 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\twg.exe
2011-07-06 22:50 . 2011-07-06 22:50 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\tny.exe
2011-07-06 22:50 . 2011-07-06 22:50 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\tlh.exe
2011-07-06 22:50 . 2011-07-06 22:50 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\pwb.exe
2011-07-06 22:50 . 2011-07-06 22:50 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\fyi.exe
2011-07-06 22:43 . 2011-07-06 22:43 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\uqo.exe
2011-07-06 22:43 . 2011-07-06 22:43 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\ubu.exe
2011-07-06 22:43 . 2011-07-06 22:43 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\stb.exe
2011-07-06 22:43 . 2011-07-06 22:43 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\pvr.exe
2011-07-06 22:43 . 2011-07-06 22:43 0 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\eso.exe
2011-06-02 12:44 . 2010-05-01 19:04 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-06-02 12:44 . 2010-05-01 19:04 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9F9D-3BEFCFBE6E86}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-29 4599680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"331BigDog"="c:\windows\VM331_STI.EXE" [2008-05-28 200704]
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-03-26 135168]
"WTClient"="WTClient.exe" [2007-04-11 40960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-02 273544]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
REALTEK 11n USB Wireless LAN Utility.lnk - c:\program files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe [2010-8-24 966656]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"AlcxMonitor"=ALCXMNTR.EXE
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" -osboot
"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\REALTEK\\11n USB Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Virgin Media\\Service Manager\\ServicepointService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
.
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [2011-01-07 247760]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-26 133104]
R3 CPWGU(Philips);Philips SNU5600 Wireless USB Adapter 11b/g(Philips);c:\windows\system32\DRIVERS\CPWGU.sys [2006-02-07 408064]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-26 133104]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-12-16 70536]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service [x]
R3 vm331avs;VC0331 USB2.0 Digital Camera;c:\windows\system32\Drivers\vm331avs.sys [2008-05-28 972544]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2008-06-16 250240]
R3 vvftav323;vvftav323;c:\windows\system32\drivers\vvftav323.sys [2007-03-19 475136]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2008-06-16 476160]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-10 239168]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-12-31 51984]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-12-31 69392]
S1 aswSnx;aswSnx; [x]
S1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-01-17 251560]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-07-19 123264]
S2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [2011-03-25 689464]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 606056]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-12-31 33552]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - fgddypob
*Deregistered* - PCTSDInjDriver32
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
.
2011-08-13 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-08-08 07:26]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-26 20:32]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-26 20:32]
.
2011-08-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-682003330-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2011-08-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-682003330-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://upload.theadulthub.com/uploader/ImageUploader6.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-13 17:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1085031214-682003330-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{25EFA533-F7E1-B683-297B-357EB5395E2C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(896)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
c:\program files\PC Tools Security\TFEngine\TFMon.dll
c:\program files\PC Tools Security\TFEngine\TFRK.dll
.
- - - - - - - > 'lsass.exe'(956)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(2588)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-08-13 17:56:08
ComboFix-quarantined-files.txt 2011-08-13 16:55
ComboFix2.txt 2011-05-15 15:45
.
Pre-Run: 36,438,601,728 bytes free
Post-Run: 36,501,626,880 bytes free
.
- - End Of File - - 1C5F61EA06EBCDF60990A5D5F6968404

#7 malln2

malln2
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 13 August 2011 - 01:16 PM

Not sure if this is pertinent but when I tried to open internet explorer from my desk top it created a shortcut for internet explorer.

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:59 PM

Posted 13 August 2011 - 02:16 PM

PLease follow the instructions exactly as in my previous post. CF ran, but without the custom script. Please ensure you create the text file with the script I posted, then drag that into combofix.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 malln2

malln2
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 13 August 2011 - 05:05 PM

Hi I think I have done as asked here is the combo fix.



ComboFix 11-08-14.01 - Malcolm2 13/08/2011 22:31:02.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1982.1473 [GMT 1:00]
Running from: c:\documents and settings\Malcolm2\Desktop\etavaresCF.exe
Command switches used :: c:\documents and settings\Malcolm2\Desktop\CFScript.txt
.
FILE ::
"c:\documents and settings\All Users.WINDOWS\Application Data\56gy0yq21407l3jn4kb8oslbf36042daa5483xw178"
"c:\documents and settings\All Users.WINDOWS\Application Data\anf.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\cxn.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\doo.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\eso.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\fyi.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\hmj.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\hsc.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\jqo.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\jxf.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\jyl.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\lev.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\lnv.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\lot.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\meu.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\oac.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\oyx.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\pvr.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\pwb.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\qep.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\qex.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\rsi.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\stb.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\tlh.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\tny.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\twg.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\ubu.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\uqe.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\uqo.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\uus.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\vua.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\vwd.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\wcx.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\wdt.exe"
"c:\documents and settings\All Users.WINDOWS\Application Data\wqi.exe"
"c:\documents and settings\Malcolm2\Local Settings\Application Data\56gy0yq21407l3jn4kb8oslbf36042daa5483xw178"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\56gy0yq21407l3jn4kb8oslbf36042daa5483xw178
c:\documents and settings\All Users.WINDOWS\Application Data\anf.exe
c:\documents and settings\All Users.WINDOWS\Application Data\cxn.exe
c:\documents and settings\All Users.WINDOWS\Application Data\doo.exe
c:\documents and settings\All Users.WINDOWS\Application Data\eso.exe
c:\documents and settings\All Users.WINDOWS\Application Data\fyi.exe
c:\documents and settings\All Users.WINDOWS\Application Data\hmj.exe
c:\documents and settings\All Users.WINDOWS\Application Data\hsc.exe
c:\documents and settings\All Users.WINDOWS\Application Data\jqo.exe
c:\documents and settings\All Users.WINDOWS\Application Data\jxf.exe
c:\documents and settings\All Users.WINDOWS\Application Data\jyl.exe
c:\documents and settings\All Users.WINDOWS\Application Data\lev.exe
c:\documents and settings\All Users.WINDOWS\Application Data\lnv.exe
c:\documents and settings\All Users.WINDOWS\Application Data\lot.exe
c:\documents and settings\All Users.WINDOWS\Application Data\meu.exe
c:\documents and settings\All Users.WINDOWS\Application Data\oac.exe
c:\documents and settings\All Users.WINDOWS\Application Data\oyx.exe
c:\documents and settings\All Users.WINDOWS\Application Data\pvr.exe
c:\documents and settings\All Users.WINDOWS\Application Data\pwb.exe
c:\documents and settings\All Users.WINDOWS\Application Data\qep.exe
c:\documents and settings\All Users.WINDOWS\Application Data\qex.exe
c:\documents and settings\All Users.WINDOWS\Application Data\rsi.exe
c:\documents and settings\All Users.WINDOWS\Application Data\stb.exe
c:\documents and settings\All Users.WINDOWS\Application Data\tlh.exe
c:\documents and settings\All Users.WINDOWS\Application Data\tny.exe
c:\documents and settings\All Users.WINDOWS\Application Data\twg.exe
c:\documents and settings\All Users.WINDOWS\Application Data\ubu.exe
c:\documents and settings\All Users.WINDOWS\Application Data\uqe.exe
c:\documents and settings\All Users.WINDOWS\Application Data\uqo.exe
c:\documents and settings\All Users.WINDOWS\Application Data\uus.exe
c:\documents and settings\All Users.WINDOWS\Application Data\vua.exe
c:\documents and settings\All Users.WINDOWS\Application Data\vwd.exe
c:\documents and settings\All Users.WINDOWS\Application Data\wcx.exe
c:\documents and settings\All Users.WINDOWS\Application Data\wdt.exe
c:\documents and settings\All Users.WINDOWS\Application Data\wqi.exe
c:\documents and settings\Malcolm2\Local Settings\Application Data\56gy0yq21407l3jn4kb8oslbf36042daa5483xw178
.
.
((((((((((((((((((((((((( Files Created from 2011-07-13 to 2011-08-13 )))))))))))))))))))))))))))))))
.
.
2011-08-13 16:16 . 2011-08-13 16:18 -------- d-----w- C:\etavaresCF
2011-08-12 15:41 . 2011-08-12 15:41 -------- d-----w- c:\documents and settings\Malcolm2\Application Data\PCTools
2011-08-06 12:09 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-06 12:09 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-06 12:09 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-08-06 12:09 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-08-06 12:09 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-08-06 12:08 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-06 12:08 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-06 12:08 . 2011-08-06 12:08 -------- d-----w- c:\program files\AVAST Software
2011-08-06 12:08 . 2011-08-06 12:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVAST Software
2011-08-06 08:47 . 2011-08-06 08:47 -------- d-----w- c:\documents and settings\Malcolm2\Application Data\SUPERAntiSpyware.com
2011-08-06 08:47 . 2011-08-06 08:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\!SASCORE
2011-08-06 08:47 . 2011-08-06 08:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-06 08:47 . 2011-08-06 08:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2011-08-06 07:08 . 2010-12-31 08:36 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-08-06 07:08 . 2010-12-31 08:36 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-08-06 07:08 . 2010-12-31 08:36 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-08-05 16:52 . 2011-08-05 16:52 -------- d-----w- c:\documents and settings\Malcolm2\Local Settings\Application Data\Threat Expert
2011-08-05 15:16 . 2011-01-07 13:54 767952 ----a-w- c:\windows\BDTSupport.dll
2011-08-05 15:16 . 2011-01-07 13:54 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-08-05 15:16 . 2011-01-07 13:54 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-08-05 15:16 . 2011-01-07 13:54 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-08-05 15:00 . 2010-07-16 13:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-08-05 15:00 . 2010-07-16 13:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-08-05 15:00 . 2011-01-17 08:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-08-05 15:00 . 2010-12-10 15:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-08-05 15:00 . 2010-12-10 12:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-08-05 15:00 . 2010-12-16 07:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-08-05 15:00 . 2011-08-13 08:17 -------- d-----w- c:\program files\PC Tools Security
2011-08-05 15:00 . 2011-08-05 15:01 -------- d-----w- c:\program files\Common Files\PC Tools
2011-08-05 14:57 . 2011-08-13 20:19 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2011-08-05 14:55 . 2011-08-06 07:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Tools
2011-08-05 11:55 . 2011-08-05 14:49 -------- d-----w- c:\documents and settings\Administrator.MALHOME
2011-07-31 17:02 . 2011-07-31 17:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-12 10:20 . 2011-07-12 10:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 10:20 . 2011-07-12 10:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 10:20 . 2011-07-12 10:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 10:20 . 2011-07-12 10:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 06:55 . 2011-05-15 21:38 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-08 06:55 . 2011-05-15 21:38 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 12:44 . 2010-05-01 19:04 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-06-02 12:44 . 2010-05-01 19:04 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-13_16.45.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-13 20:19 . 2011-08-13 20:19 16384 c:\windows\Temp\usgthrsvc\Perflib_Perfdata_828.dat
+ 2011-08-13 20:19 . 2011-08-13 20:19 16384 c:\windows\Temp\Perflib_Perfdata_6f8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9F9D-3BEFCFBE6E86}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-29 4599680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"331BigDog"="c:\windows\VM331_STI.EXE" [2008-05-28 200704]
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-03-26 135168]
"WTClient"="WTClient.exe" [2007-04-11 40960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-02 273544]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
REALTEK 11n USB Wireless LAN Utility.lnk - c:\program files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe [2010-8-24 966656]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"AlcxMonitor"=ALCXMNTR.EXE
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" -osboot
"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\REALTEK\\11n USB Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Virgin Media\\Service Manager\\ServicepointService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [06/08/2011 13:09 441176]
S3 CPWGU(Philips);Philips SNU5600 Wireless USB Adapter 11b/g(Philips);c:\windows\system32\drivers\CPWGU.sys [18/11/2009 19:05 408064]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
.
2011-08-13 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-08-08 07:26]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-26 20:32]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-26 20:32]
.
2011-08-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-682003330-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2011-08-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-682003330-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-13 22:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(956)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2011-08-13 23:02:44
ComboFix-quarantined-files.txt 2011-08-13 22:02
ComboFix2.txt 2011-08-13 21:00
ComboFix3.txt 2011-08-13 16:56
ComboFix4.txt 2011-05-15 15:45
.
Pre-Run: 36,349,243,392 bytes free
Post-Run: 36,338,286,592 bytes free
.
- - End Of File - - 49CB0BF3C239943EB5FEB562926309F2

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:59 PM

Posted 13 August 2011 - 05:34 PM

Hello, malln2.

Much better...that one went through perfectly. How is your computer running now?



Step 1

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 26 32-bit version. Note that if you have 64-bit windows, the default is to use a 32-bit browser. If you modified your IE to use the 64-bit version, make sure to also download the 64-bit version.
  • Save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version(s) shown below:
    Java™ 6 Update 21
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u26-windows-i586-s.exe to install the newest version. If you downloaded the 64-bit version, make sure to install that as well.




Step 2


We'll do online scans in the next post to confirm you're looking OK, but I want to get an up to date OTL scan as well. Please run OTL and press the Quick Scan button. Only one log will open, please copy/paste the contents here.



Step 3

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 malln2

malln2
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 14 August 2011 - 04:32 AM

Hi The computer is running better. I can now see my Windows updates which I have not installed yet until you give me the go ahead. Also windows is detecting no virus software.
I still have to unhide my files and run exefix in order to open programs.
I have updated the JAVA as requested.
Have you found any virus or Mal ware?


Here are the scan results.

OTL logfile created on: 14/08/2011 10:10:37 - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Malcolm2\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 73.75% Memory free
3.19 Gb Paging File | 2.85 Gb Available in Paging File | 89.13% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.02 Gb Total Space | 33.42 Gb Free Space | 47.06% Space Free | Partition Type: NTFS
Drive D: | 18.64 Gb Total Space | 12.50 Gb Free Space | 67.05% Space Free | Partition Type: NTFS

Computer Name: MALHOME | User Name: Malcolm2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/13 13:19:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Malcolm2\desktop\OTL.exe
PRC - [2011/07/19 01:02:03 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
PRC - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2009/03/04 13:04:22 | 000,069,632 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\drivers\WTSrv.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/11 17:27:00 | 000,040,960 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\WTClient.exe
PRC - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe


========== Modules (SafeList) ==========

MOD - [2011/08/13 13:19:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Malcolm2\desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/19 01:02:03 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/06/14 16:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/03/04 13:04:22 | 000,069,632 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\WINDOWS\System32\Drivers\WTSRV.EXE -- (WinTabService)
SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 12:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 12:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/12/31 09:36:40 | 000,069,392 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TFSysMon)
DRV - [2010/12/31 09:36:38 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/12/31 09:36:36 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/12/16 08:46:04 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/11/25 06:59:16 | 000,606,056 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/02/26 15:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 15:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 15:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 15:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/03/25 07:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/01/05 22:02:10 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/09/08 15:10:23 | 000,014,848 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UCTblHid.sys -- (UCTblHid)
DRV - [2008/08/26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/04 12:17:14 | 001,681,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/06/16 02:58:00 | 000,476,160 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vvftUVC.sys -- (vvftUVC)
DRV - [2008/06/16 02:58:00 | 000,250,240 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VMUVC.sys -- (VMUVC)
DRV - [2008/05/28 10:54:28 | 000,972,544 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vm331avs.sys -- (vm331avs)
DRV - [2008/04/13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2007/05/02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007/05/02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007/05/02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007/04/23 16:28:56 | 000,018,432 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TClass2k.sys -- (TClass2k)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/03/19 09:15:10 | 000,475,136 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vvftav323.sys -- (vvftav323)
DRV - [2006/02/07 16:23:00 | 000,408,064 | ---- | M] (Philips Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CPWGU.sys -- (CPWGU(Philips)) Philips SNU5600 Wireless USB Adapter 11b/g(Philips)
DRV - [2005/08/29 16:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1085031214-682003330-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
IE - HKU\S-1-5-21-1085031214-682003330-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1085031214-682003330-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Malcolm2\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/12/19 10:54:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/02 13:45:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2011/08/05 16:16:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/12/19 10:54:23 | 000,000,000 | ---D | M]

[2010/07/30 20:31:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Malcolm2\Application Data\Mozilla\Extensions
[2009/11/13 16:38:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/11/14 18:43:43 | 000,000,000 | ---D | M] (Google Settings) -- C:\Program Files\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
[2008/01/04 16:36:50 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2008/01/04 16:36:50 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/09/22 20:14:04 | 000,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/01/04 16:36:50 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/08/13 22:52:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (PhotoPos Pro Toolbar) - {A057A204-BACC-4D26-9F9D-3BEFCFBE6E86} - C:\Program Files\photoposcomtbr\photoposcomtbr.dll (PhotoPos Pro inc)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (PhotoPos Pro Toolbar) - {A057A204-BACC-4D26-9F9D-3BEFCFBE6E86} - C:\Program Files\photoposcomtbr\photoposcomtbr.dll (PhotoPos Pro inc)
O3 - HKU\S-1-5-21-1085031214-682003330-1801674531-1004\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-1085031214-682003330-1801674531-1004\..\Toolbar\WebBrowser: (PhotoPos Pro Toolbar) - {A057A204-BACC-4D26-9F9D-3BEFCFBE6E86} - C:\Program Files\photoposcomtbr\photoposcomtbr.dll (PhotoPos Pro inc)
O4 - HKLM..\Run: [331BigDog] C:\WINDOWS\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation)
O4 - HKLM..\Run: [WTClient] C:\WINDOWS\System32\WTClient.exe (Tablet Driver)
O4 - HKU\S-1-5-21-1085031214-682003330-1801674531-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ReSchedHPSU.lnk = C:\HP\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\REALTEK 11n USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-682003330-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1085031214-682003330-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1085031214-682003330-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1085031214-682003330-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258576919625 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Malcolm2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Malcolm2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/08 16:55:43 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1085031214-682003330-1801674531-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/13 22:21:31 | 004,171,607 | R--- | C] (Swearware) -- C:\Documents and Settings\Malcolm2\Desktop\etavaresCF.exe
[2011/08/13 22:20:04 | 000,000,000 | ---D | C] -- C:\etavaresCF4308e
[2011/08/13 17:20:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/13 17:16:24 | 000,000,000 | ---D | C] -- C:\etavaresCF
[2011/08/13 13:19:08 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Malcolm2\Desktop\OTL.exe
[2011/08/12 22:29:58 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Malcolm2\Desktop\HijackThis.exe
[2011/08/12 16:41:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm2\Application Data\PCTools
[2011/08/12 09:31:46 | 009,545,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Malcolm2\Desktop\mbam-setup.exe
[2011/08/12 08:20:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm2\Desktop\gmer
[2011/08/07 09:28:00 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Malcolm2\Desktop\dds.scr
[2011/08/06 13:09:39 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/08/06 13:09:34 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/08/06 13:09:33 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/08/06 13:09:33 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/08/06 13:09:32 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/08/06 13:08:28 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/08/06 13:08:28 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/08/06 13:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/06 13:08:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2011/08/06 12:12:30 | 002,002,320 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Malcolm2\Desktop\HousecallLauncher.exe
[2011/08/06 09:47:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm2\Application Data\SUPERAntiSpyware.com
[2011/08/06 09:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\!SASCORE
[2011/08/06 09:47:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm2\Start Menu\Programs\SUPERAntiSpyware
[2011/08/06 09:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2011/08/06 09:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/06 08:08:45 | 000,069,392 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2011/08/06 08:08:45 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2011/08/06 08:08:44 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2011/08/05 17:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm2\Local Settings\Application Data\Threat Expert
[2011/08/05 16:16:32 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011/08/05 16:16:31 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/08/05 16:16:31 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/08/05 16:00:43 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2011/08/05 16:00:43 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2011/08/05 16:00:42 | 000,251,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/08/05 16:00:37 | 000,239,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/08/05 16:00:37 | 000,160,448 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/08/05 16:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\PC Tools Security
[2011/08/05 16:00:31 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/08/05 16:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/08/05 16:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/08/05 15:57:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2011/08/05 15:55:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
[2011/07/29 21:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\iTunes
[2007/10/02 04:23:00 | 000,131,072 | ---- | C] ( ) -- C:\WINDOWS\vm331Rmv.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/14 09:49:01 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/14 09:30:25 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-682003330-1801674531-1004.job
[2011/08/14 09:30:22 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-682003330-1801674531-1004.job
[2011/08/14 09:28:17 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/08/14 09:28:13 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/14 09:28:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/14 09:27:59 | 000,290,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/14 09:10:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/13 22:52:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/13 22:21:40 | 004,171,607 | R--- | M] (Swearware) -- C:\Documents and Settings\Malcolm2\Desktop\etavaresCF.exe
[2011/08/13 17:03:17 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\Malcolm2\Desktop\unhide.exe
[2011/08/13 13:41:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/13 13:19:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Malcolm2\Desktop\OTL.exe
[2011/08/13 10:43:37 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Malcolm2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/13 10:31:16 | 000,000,678 | ---- | M] () -- C:\Documents and Settings\Malcolm2\Desktop\Shortcut to iexplore.exe.lnk
[2011/08/12 22:29:58 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Malcolm2\Desktop\HijackThis.exe
[2011/08/12 14:04:05 | 000,236,041 | ---- | M] () -- C:\Documents and Settings\Malcolm2\Local Settings\Application Data\census.cache
[2011/08/12 14:04:04 | 000,224,445 | ---- | M] () -- C:\Documents and Settings\Malcolm2\Local Settings\Application Data\ars.cache
[2011/08/12 09:32:39 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/12 09:31:45 | 009,545,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Malcolm2\Desktop\mbam-setup.exe
[2011/08/11 13:59:46 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Safari.lnk
[2011/08/07 11:44:01 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LauncherAccess.dt
[2011/08/07 09:44:23 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Malcolm2\Desktop\gmer.zip
[2011/08/07 09:28:01 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Malcolm2\Desktop\dds.scr
[2011/08/07 09:26:22 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Malcolm2\Desktop\Defogger.exe
[2011/08/07 09:25:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Malcolm2\defogger_reenable
[2011/08/06 12:54:01 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Malcolm2\Local Settings\Application Data\housecall.guid.cache
[2011/08/06 12:44:27 | 000,009,830 | ---- | M] () -- C:\Documents and Settings\Malcolm2\Desktop\exefix.reg
[2011/08/06 12:12:30 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Malcolm2\Desktop\HousecallLauncher.exe
[2011/08/05 16:00:36 | 000,001,675 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Spyware Doctor.lnk
[2011/08/04 07:42:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/29 21:35:15 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Malcolm2\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/07/29 21:33:14 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/13 17:03:15 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\Malcolm2\Desktop\unhide.exe
[2011/08/13 10:31:16 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\Malcolm2\Desktop\Shortcut to iexplore.exe.lnk
[2011/08/12 09:32:39 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/07 11:38:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LauncherAccess.dt
[2011/08/07 09:44:23 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Malcolm2\Desktop\gmer.zip
[2011/08/07 09:26:22 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Malcolm2\Desktop\Defogger.exe
[2011/08/07 09:25:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Malcolm2\defogger_reenable
[2011/08/06 13:06:24 | 000,236,041 | ---- | C] () -- C:\Documents and Settings\Malcolm2\Local Settings\Application Data\census.cache
[2011/08/06 13:06:05 | 000,224,445 | ---- | C] () -- C:\Documents and Settings\Malcolm2\Local Settings\Application Data\ars.cache
[2011/08/06 12:54:01 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Malcolm2\Local Settings\Application Data\housecall.guid.cache
[2011/08/06 12:42:24 | 000,009,830 | ---- | C] () -- C:\Documents and Settings\Malcolm2\Desktop\exefix.reg
[2011/08/05 16:16:34 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/08/05 16:16:32 | 000,002,125 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2011/08/05 16:16:32 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2011/08/05 16:16:32 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2011/08/05 16:16:32 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2011/08/05 16:00:36 | 000,001,675 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Spyware Doctor.lnk
[2011/08/04 19:07:46 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-682003330-1801674531-1004.job
[2011/07/29 21:35:15 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Safari.lnk
[2011/07/29 21:35:15 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Malcolm2\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/07/29 21:33:14 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk
[2011/07/29 21:22:43 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/29 21:22:38 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Apple Software Update.lnk
[2011/05/15 16:25:04 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/15 16:25:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/15 16:25:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/15 16:25:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/15 16:25:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/22 14:13:07 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/22 14:13:07 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/12/25 11:40:42 | 000,065,548 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/24 16:38:21 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2010/05/15 11:15:35 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/05/01 20:12:29 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/03/29 20:00:59 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Malcolm2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/21 21:33:48 | 000,000,088 | -HS- | C] () -- C:\WINDOWS\System32\184083C501.sys
[2010/01/21 21:33:47 | 000,001,056 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/01/20 19:37:55 | 000,001,382 | ---- | C] () -- C:\WINDOWS\Tablet5500x4000.ini
[2010/01/17 15:08:16 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/12/26 16:53:31 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2009/12/26 16:52:55 | 000,039,095 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2009/11/18 20:10:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/17 12:27:52 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/11/17 12:27:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/11/17 12:03:09 | 000,133,246 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/11/17 11:05:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/11/17 10:58:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/11/17 10:45:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/11/17 10:44:06 | 000,290,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/18 18:15:32 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\WinTab32.dll
[2009/03/13 13:04:44 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\UCMfg.exe
[2009/03/03 13:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/06/04 08:01:10 | 000,001,295 | ---- | C] () -- C:\WINDOWS\vm331Rmv.ini
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 13:00:00 | 000,333,422 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 13:00:00 | 000,047,502 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/14 01:14:12 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/06/14 01:13:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/24 20:31:12 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\ucinst32.dll
[2006/11/02 21:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2002/10/30 04:53:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\PcHook.DLL
[2002/07/25 11:04:24 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\lhtool.exe
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[1999/01/22 19:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2011/08/05 13:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MALHOME\Application Data\GlarySoft
[2011/08/05 13:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MALHOME\Application Data\Windows Search
[2007/10/24 18:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2007/10/24 18:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/08/06 09:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\!SASCORE
[2010/04/24 20:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ACD Systems
[2010/11/08 20:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2011/08/06 13:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2009/11/18 23:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2011/07/09 12:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ErrorEND
[2010/05/17 21:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nokia
[2010/12/19 10:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NokiaInstallerCache
[2010/05/14 15:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\OviInstallerCache
[2010/05/14 16:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
[2011/06/28 18:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Radialpoint
[2011/07/09 12:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RegSERVO
[2011/02/08 21:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SBT
[2011/08/14 09:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2011/05/03 15:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Virgin Media
[2010/04/26 20:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\VirginMedia
[2010/12/25 09:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/07/23 22:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\360desktop
[2009/02/25 22:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\ACD Systems
[2009/03/25 21:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\Any Video Converter
[2008/08/21 18:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\Ashampoo
[2009/11/10 16:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\AVGTOOLBAR
[2009/10/01 23:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\Camfrog
[2007/11/07 19:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\DataLayer
[2009/11/02 02:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\FrostWire
[2008/08/03 00:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\LimeWire
[2008/01/16 17:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\MAGIX
[2007/12/24 20:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\Nokia
[2008/06/30 11:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\Nokia Multimedia Player
[2009/01/14 20:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\OfficeUpdate12
[2009/08/14 16:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\OpenCandy
[2007/11/05 17:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\PC Suite
[2009/01/05 22:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\SAMSUNG
[2008/04/08 17:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\System Tweaker
[2008/07/06 17:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\TuxPaint
[2008/04/08 16:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\Uniblue
[2007/11/07 16:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\WinBatch
[2008/10/27 22:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\Windows Desktop Search
[2008/11/06 21:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Patrick.MALHOME\Application Data\Windows Search
[2010/04/24 20:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\ACD Systems
[2010/05/14 16:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\Facebook
[2010/04/25 00:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\FrmMain
[2011/08/06 18:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\FrostWire
[2010/09/02 20:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\GlarySoft
[2009/11/18 17:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\InterTrust
[2010/05/17 20:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\Nokia
[2010/05/17 20:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\Nokia Ovi Suite
[2011/06/26 15:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\OpenCandy
[2010/05/14 16:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\PC Suite
[2011/08/12 16:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\PCTools
[2011/06/26 15:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\Philipp Winterberg
[2010/04/24 23:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\photoposcomtbr
[2010/05/15 11:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\Samsung
[2011/05/03 15:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\Virgin Media
[2009/11/18 22:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\Windows Desktop Search
[2009/11/19 00:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\Windows Search
[2011/08/14 09:28:17 | 000,000,318 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:430C6D84

< End of report >






aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-14 10:18:18
-----------------------------
10:18:18.546 OS Version: Windows 5.1.2600 Service Pack 3
10:18:18.546 Number of processors: 1 586 0x2F02
10:18:18.546 ComputerName: MALHOME UserName:
10:18:18.859 Initialize success
10:18:19.515 AVAST engine defs: 11071801
10:18:52.046 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-10
10:18:52.046 Disk 0 Vendor: ST320414A 3.05 Size: 19092MB BusType: 3
10:18:52.046 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-1b
10:18:52.062 Disk 1 Vendor: ST380011A 8.11 Size: 76319MB BusType: 3
10:18:54.078 Disk 1 MBR read successfully
10:18:54.078 Disk 1 MBR scan
10:18:54.562 Disk 1 Windows XP default MBR code
10:18:54.578 Disk 1 scanning sectors +156295440
10:18:55.250 Disk 1 scanning C:\WINDOWS\system32\drivers
10:19:13.343 Service scanning
10:19:13.843 Service Tablet2k C:\WINDOWS\"%SystemRoot%\System32\Drivers\Tablet2k.sys" **LOCKED** 123
10:19:14.390 Modules scanning
10:19:29.187 Disk 1 trace - called modules:
10:19:29.703 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:19:29.703 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x89d8fab8]
10:19:29.703 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> [0x89df4bb8]
10:19:29.703 5 PCTCore.sys[b9ed3099] -> nt!IofCallDriver -> \Device\00000069[0x89d9ae78]
10:19:29.703 7 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-1b[0x89d2b030]
10:19:30.156 AVAST engine scan C:\WINDOWS
10:19:44.593 AVAST engine scan C:\WINDOWS\system32
10:21:16.312 AVAST engine scan C:\WINDOWS\system32\drivers
10:21:27.015 AVAST engine scan C:\Documents and Settings\Malcolm2
10:23:13.234 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
10:24:13.562 Scan finished successfully
10:25:51.671 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Malcolm2\Desktop\MBR.dat"
10:25:51.687 The log file has been saved successfully to "C:\Documents and Settings\Malcolm2\Desktop\aswMBR.txt"

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:59 PM

Posted 14 August 2011 - 06:29 AM

Hello, malln2.

Yes, Combofix removed quite a bit on it's own, the the custom script fixed some more. Did you run unhide as instructed before? That should unhide your files automatically.

What antivirus software are you using?

Go ahead and install the Windows updates at this point.



Step 1

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Step 2

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 malln2

malln2
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 14 August 2011 - 09:44 AM

I have no virus software currently dure to not being able to download and run it before these posts.

MBAM log no threats found


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7463

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

14/08/2011 13:03:29
mbam-log-2011-08-14 (13-03-29).txt

Scan type: Quick scan
Objects scanned: 270425
Time elapsed: 3 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



ESET scan result

C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\pC01602OcOeB01602\pC01602OcOeB01602.exe.vir a variant of Win32/Kryptik.REQ trojan
C:\System Volume Information\_restore{5EAD0AF6-B269-460B-9576-4800B7554C28}\RP383\A0074339.exe a variant of Win32/Kryptik.REQ trojan
C:\System Volume Information\_restore{93D8C86B-CBBA-4A12-BC77-31C9748791B4}\RP219\A0063543.dll a variant of Win32/Adware.DoubleD.AE application

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:59 PM

Posted 14 August 2011 - 12:39 PM

OK, it's looking pretty good on my end. Let's get that antivirus installed. Install one of your choice. I personally use Avast; and others recommend Avira Antivir. There are others as well. Once you have it installed, please run an OTL Quick Scan and post the resulting log here. If you have no complaints and that goes well, we'll clean up in the next post.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 malln2

malln2
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 14 August 2011 - 02:02 PM

I had to uninstall the PCTools to get the Avast to install that works well now however, when I rebooted I got the cannot open ASWregSVR.exe, I have then had to run exefix followed by unhide again before I manually started Avast so I think something is switching off the exe's when I power down.
I am also having problems with internet explorer when I try to run from the desk top it generates a shortcut.


OTL logfile created on: 14/08/2011 19:54:57 - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Malcolm2\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 71.81% Memory free
3.19 Gb Paging File | 2.73 Gb Available in Paging File | 85.52% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.02 Gb Total Space | 32.96 Gb Free Space | 46.42% Space Free | Partition Type: NTFS
Drive D: | 18.64 Gb Total Space | 12.50 Gb Free Space | 67.04% Space Free | Partition Type: NTFS

Computer Name: MALHOME | User Name: Malcolm2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/13 13:19:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Malcolm2\desktop\OTL.exe
PRC - [2011/07/19 01:02:03 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/04 12:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 12:43:51 | 000,121,000 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2011/07/04 12:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
PRC - [2009/03/04 13:04:22 | 000,069,632 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\drivers\WTSrv.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/11 17:27:00 | 000,040,960 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\WTClient.exe
PRC - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe


========== Modules (SafeList) ==========

MOD - [2011/08/13 13:19:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Malcolm2\desktop\OTL.exe
MOD - [2011/07/04 12:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/19 01:02:03 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/04 12:43:51 | 000,121,000 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2011/07/04 12:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2010/06/14 16:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/03/04 13:04:22 | 000,069,632 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\WINDOWS\System32\Drivers\WTSRV.EXE -- (WinTabService)
SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/04 12:37:33 | 000,103,384 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2011/07/04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 12:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 12:36:18 | 000,194,264 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2011/07/04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 12:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 12:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 12:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 12:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/07/04 12:12:07 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2010/11/25 06:59:16 | 000,606,056 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010/02/26 15:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 15:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 15:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 15:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/03/25 07:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/01/05 22:02:10 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/09/08 15:10:23 | 000,014,848 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UCTblHid.sys -- (UCTblHid)
DRV - [2008/08/26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/04 12:17:14 | 001,681,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/06/16 02:58:00 | 000,476,160 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vvftUVC.sys -- (vvftUVC)
DRV - [2008/06/16 02:58:00 | 000,250,240 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VMUVC.sys -- (VMUVC)
DRV - [2008/05/28 10:54:28 | 000,972,544 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vm331avs.sys -- (vm331avs)
DRV - [2008/04/13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2007/05/02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007/05/02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007/05/02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007/04/23 16:28:56 | 000,018,432 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TClass2k.sys -- (TClass2k)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/03/19 09:15:10 | 000,475,136 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vvftav323.sys -- (vvftav323)
DRV - [2006/02/07 16:23:00 | 000,408,064 | ---- | M] (Philips Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CPWGU.sys -- (CPWGU(Philips)) Philips SNU5600 Wireless USB Adapter 11b/g(Philips)
DRV - [2005/08/29 16:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Malcolm2\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/12/19 10:54:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/02 13:45:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/12/19 10:54:23 | 000,000,000 | ---D | M]

[2010/07/30 20:31:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Malcolm2\Application Data\Mozilla\Extensions
[2009/11/13 16:38:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/11/14 18:43:43 | 000,000,000 | ---D | M] (Google Settings) -- C:\Program Files\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
[2008/01/04 16:36:50 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2008/01/04 16:36:50 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/09/22 20:14:04 | 000,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/01/04 16:36:50 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/08/13 22:52:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (PhotoPos Pro Toolbar) - {A057A204-BACC-4D26-9F9D-3BEFCFBE6E86} - C:\Program Files\photoposcomtbr\photoposcomtbr.dll (PhotoPos Pro inc)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (PhotoPos Pro Toolbar) - {A057A204-BACC-4D26-9F9D-3BEFCFBE6E86} - C:\Program Files\photoposcomtbr\photoposcomtbr.dll (PhotoPos Pro inc)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PhotoPos Pro Toolbar) - {A057A204-BACC-4D26-9F9D-3BEFCFBE6E86} - C:\Program Files\photoposcomtbr\photoposcomtbr.dll (PhotoPos Pro inc)
O4 - HKLM..\Run: [331BigDog] C:\WINDOWS\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation)
O4 - HKLM..\Run: [WTClient] C:\WINDOWS\System32\WTClient.exe (Tablet Driver)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\REALTEK 11n USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258576919625 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Malcolm2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Malcolm2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/08 16:55:43 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/14 19:34:15 | 000,103,384 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2011/08/14 19:33:16 | 000,194,264 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2011/08/14 19:33:10 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2011/08/14 19:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\avast! Internet Security
[2011/08/14 19:25:52 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/08/14 19:25:52 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/08/14 19:25:50 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/08/14 19:25:49 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/08/14 19:25:49 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/08/14 19:25:49 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/08/14 19:25:49 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/08/14 19:25:48 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/08/14 19:25:28 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/08/14 19:25:28 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/08/14 13:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/08/14 12:49:36 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/14 12:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/14 12:49:32 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/14 12:48:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/14 12:48:29 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Malcolm2\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/14 10:17:46 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Malcolm2\Desktop\aswMBR.exe
[2011/08/13 22:21:31 | 004,171,607 | R--- | C] (Swearware) -- C:\Documents and Settings\Malcolm2\Desktop\etavaresCF.exe
[2011/08/13 22:20:04 | 000,000,000 | ---D | C] -- C:\etavaresCF4308e
[2011/08/13 17:20:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/13 17:16:24 | 000,000,000 | ---D | C] -- C:\etavaresCF
[2011/08/13 13:19:08 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Malcolm2\Desktop\OTL.exe
[2011/08/12 22:29:58 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Malcolm2\Desktop\HijackThis.exe
[2011/08/12 16:41:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm2\Application Data\PCTools
[2011/08/12 08:20:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm2\Desktop\gmer
[2011/08/07 09:28:00 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Malcolm2\Desktop\dds.scr
[2011/08/06 13:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/06 13:08:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2011/08/06 12:12:30 | 002,002,320 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Malcolm2\Desktop\HousecallLauncher.exe
[2011/08/06 09:47:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm2\Application Data\SUPERAntiSpyware.com
[2011/08/06 09:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\!SASCORE
[2011/08/06 09:47:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm2\Start Menu\Programs\SUPERAntiSpyware
[2011/08/06 09:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2011/08/06 09:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/05 17:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm2\Local Settings\Application Data\Threat Expert
[2011/08/05 15:57:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2011/08/05 15:55:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
[2011/07/29 21:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\iTunes
[2007/10/02 04:23:00 | 000,131,072 | ---- | C] ( ) -- C:\WINDOWS\vm331Rmv.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/14 19:49:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/14 19:36:45 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-682003330-1801674531-1004.job
[2011/08/14 19:36:42 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-682003330-1801674531-1004.job
[2011/08/14 19:36:27 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/14 19:36:27 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/08/14 19:35:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/14 19:33:16 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/08/14 19:31:24 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Internet Security.lnk
[2011/08/14 18:59:30 | 080,899,376 | ---- | M] () -- C:\Documents and Settings\Malcolm2\Desktop\setup_ais.exe
[2011/08/14 12:49:37 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/14 12:48:28 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Malcolm2\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/14 10:25:51 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Malcolm2\Desktop\MBR.dat
[2011/08/14 10:17:49 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Malcolm2\Desktop\aswMBR.exe
[2011/08/14 09:27:59 | 000,290,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/14 09:10:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/13 22:52:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/13 22:21:40 | 004,171,607 | R--- | M] (Swearware) -- C:\Documents and Settings\Malcolm2\Desktop\etavaresCF.exe
[2011/08/13 17:03:17 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\Malcolm2\Desktop\unhide.exe
[2011/08/13 13:41:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/13 13:19:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Malcolm2\Desktop\OTL.exe
[2011/08/13 10:43:37 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Malcolm2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/12 22:29:58 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Malcolm2\Desktop\HijackThis.exe
[2011/08/12 14:04:05 | 000,236,041 | ---- | M] () -- C:\Documents and Settings\Malcolm2\Local Settings\Application Data\census.cache
[2011/08/12 14:04:04 | 000,224,445 | ---- | M] () -- C:\Documents and Settings\Malcolm2\Local Settings\Application Data\ars.cache
[2011/08/11 13:59:46 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Safari.lnk
[2011/08/07 11:44:01 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LauncherAccess.dt
[2011/08/07 09:44:23 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Malcolm2\Desktop\gmer.zip
[2011/08/07 09:28:01 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Malcolm2\Desktop\dds.scr
[2011/08/07 09:26:22 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Malcolm2\Desktop\Defogger.exe
[2011/08/07 09:25:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Malcolm2\defogger_reenable
[2011/08/06 12:54:01 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Malcolm2\Local Settings\Application Data\housecall.guid.cache
[2011/08/06 12:44:27 | 000,009,830 | ---- | M] () -- C:\Documents and Settings\Malcolm2\Desktop\exefix.reg
[2011/08/06 12:12:30 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Malcolm2\Desktop\HousecallLauncher.exe
[2011/08/04 07:42:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/29 21:35:15 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Malcolm2\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/07/29 21:33:14 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/14 19:31:24 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Internet Security.lnk
[2011/08/14 18:59:30 | 080,899,376 | ---- | C] () -- C:\Documents and Settings\Malcolm2\Desktop\setup_ais.exe
[2011/08/14 12:49:37 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/14 10:25:51 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Malcolm2\Desktop\MBR.dat
[2011/08/13 17:03:15 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\Malcolm2\Desktop\unhide.exe
[2011/08/07 11:38:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LauncherAccess.dt
[2011/08/07 09:44:23 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Malcolm2\Desktop\gmer.zip
[2011/08/07 09:26:22 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Malcolm2\Desktop\Defogger.exe
[2011/08/07 09:25:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Malcolm2\defogger_reenable
[2011/08/06 13:06:24 | 000,236,041 | ---- | C] () -- C:\Documents and Settings\Malcolm2\Local Settings\Application Data\census.cache
[2011/08/06 13:06:05 | 000,224,445 | ---- | C] () -- C:\Documents and Settings\Malcolm2\Local Settings\Application Data\ars.cache
[2011/08/06 12:54:01 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Malcolm2\Local Settings\Application Data\housecall.guid.cache
[2011/08/06 12:42:24 | 000,009,830 | ---- | C] () -- C:\Documents and Settings\Malcolm2\Desktop\exefix.reg
[2011/08/04 19:07:46 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-682003330-1801674531-1004.job
[2011/07/29 21:35:15 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Safari.lnk
[2011/07/29 21:35:15 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Malcolm2\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/07/29 21:33:14 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk
[2011/07/29 21:22:43 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/29 21:22:38 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Apple Software Update.lnk
[2011/05/15 16:25:04 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/15 16:25:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/15 16:25:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/15 16:25:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/15 16:25:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/22 14:13:07 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/22 14:13:07 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/12/25 11:40:42 | 000,065,548 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/24 16:38:21 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2010/05/15 11:15:35 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/05/01 20:12:29 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/03/29 20:00:59 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Malcolm2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/21 21:33:48 | 000,000,088 | -HS- | C] () -- C:\WINDOWS\System32\184083C501.sys
[2010/01/21 21:33:47 | 000,001,056 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/01/20 19:37:55 | 000,001,382 | ---- | C] () -- C:\WINDOWS\Tablet5500x4000.ini
[2010/01/17 15:08:16 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/12/26 16:53:31 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2009/12/26 16:52:55 | 000,039,095 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2009/11/18 20:10:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/17 12:27:52 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/11/17 12:27:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/11/17 12:03:09 | 000,133,246 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/11/17 11:05:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/11/17 10:58:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/11/17 10:45:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/11/17 10:44:06 | 000,290,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/18 18:15:32 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\WinTab32.dll
[2009/03/13 13:04:44 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\UCMfg.exe
[2009/03/03 13:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/06/04 08:01:10 | 000,001,295 | ---- | C] () -- C:\WINDOWS\vm331Rmv.ini
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 13:00:00 | 000,333,422 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 13:00:00 | 000,047,502 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/14 01:14:12 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/06/14 01:13:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/24 20:31:12 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\ucinst32.dll
[2006/11/02 21:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2002/10/30 04:53:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\PcHook.DLL
[2002/07/25 11:04:24 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\lhtool.exe
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[1999/01/22 19:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2011/08/06 09:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\!SASCORE
[2010/04/24 20:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ACD Systems
[2010/11/08 20:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2011/08/14 19:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2009/11/18 23:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2011/07/09 12:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ErrorEND
[2010/05/17 21:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nokia
[2010/12/19 10:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NokiaInstallerCache
[2010/05/14 15:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\OviInstallerCache
[2010/05/14 16:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
[2011/06/28 18:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Radialpoint
[2011/07/09 12:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RegSERVO
[2011/02/08 21:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SBT
[2011/08/14 18:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2011/05/03 15:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Virgin Media
[2010/04/26 20:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\VirginMedia
[2010/12/25 09:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/24 20:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\ACD Systems
[2010/05/14 16:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\Facebook
[2010/04/25 00:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\FrmMain
[2011/08/06 18:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\FrostWire
[2010/09/02 20:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\GlarySoft
[2009/11/18 17:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\InterTrust
[2010/05/17 20:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\Nokia
[2010/05/17 20:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\Nokia Ovi Suite
[2011/06/26 15:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\OpenCandy
[2010/05/14 16:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\PC Suite
[2011/08/12 16:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\PCTools
[2011/06/26 15:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\Philipp Winterberg
[2010/04/24 23:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\photoposcomtbr
[2010/05/15 11:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\Samsung
[2011/05/03 15:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\Virgin Media
[2009/11/18 22:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\Windows Desktop Search
[2009/11/19 00:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm2\Application Data\Windows Search
[2011/08/14 19:36:27 | 000,000,318 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users