Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help, Antivirus programs were being terminated, Internet can't connect


  • This topic is locked This topic is locked
25 replies to this topic

#1 TechnoBoob

TechnoBoob

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 27 August 2011 - 08:14 PM

Hello friendly helpers, first off, thank you a million times in advance. I've already sunk a lot of hours into trying to rid my computer of this impenetrable brand of electronic evil, and I don't want to fail. You're my last hope before the big reformat. And even then, I've been told a rootkit could still load up.

So, it started with saying I had "worm.blaster" infecting everything and I needed to buy a program to clean it up. No thank you. Then all my antivirus programs were being terminated on load and the permission/access to them changed so I couldn't re-open them. The error message is "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." In safe mode I could reinstall and get some scans running.

Now, it can't connect to the Internet and won't get past the registering my IP Address stage. The Firewall error message is: "Windows Firewall settings cannot be displayed because the associated service is not running. Do you want to start the Windows Firewall/Internet Connection Sharing (ICS) service?" Then on clicking Yes: "Windows cannot start the Windows Firewall/Internet Connection Service (ICS)."

Here are my DDS scans and Gmer scan. Let me know what else I can do to help you help me :) Thanks again.

..Ok turns out my Gmer scan file is too big to post. (631kb). Do you want me to split it into 2 different .txt files?


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_23
Run by Jim at 17:53:31 on 2011-08-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2309 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Outdated* {00000000-0000-0000-0000-000000000000}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Norton Security Suite *Enabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\UnHackMe\gwebupdate.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Google Update] "c:\documents and settings\jim\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [UnHackMe Monitor] c:\program files\unhackme\hackmon.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\antivir personaledition classic\avgnt.exe" /min
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\jim\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Acrobat Assistant.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Microsoft Office.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\NCProTray.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Sizer.lnk.disabled
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install-ie/alttiff.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jim\application data\mozilla\firefox\profiles\33jng3cz.default\
FF - plugin: c:\documents and settings\jim\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2011-8-16 14848]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-8-16 64512]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2011-8-16 32768]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 163840]
R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler;c:\program files\antivir personaledition classic\sched.exe [2011-8-16 33792]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2011-8-26 35816]
S2 AntiVirService;AntiVir PersonalEdition Classic Guard;c:\program files\antivir personaledition classic\avguard.exe [2011-8-16 191016]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-7-21 2151640]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1.tmp --> c:\windows\system32\1.tmp [?]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2011-8-27 24416]
S3 rkhdrv40;Rootkit Unhooker Driver; [x]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [2011-8-26 27192]
.
=============== Created Last 30 ================
.
2011-08-27 20:24:15 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2011-08-27 02:22:53 39192 ----a-w- c:\windows\system32\Partizan.exe
2011-08-27 02:22:53 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2011-08-27 02:22:46 2 --shatr- c:\windows\winstart.bat
2011-08-27 02:22:44 11040 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2011-08-27 02:22:40 -------- d-----w- c:\program files\UnHackMe
2011-08-26 20:41:23 27192 ----a-w- c:\windows\system32\drivers\rspSanity32.sys
2011-08-26 20:41:23 -------- d-----w- c:\program files\SanityCheck
2011-08-26 20:40:22 -------- d-----w- c:\program files\StuxnetRemover
2011-08-26 19:42:54 98816 ----a-w- c:\windows\sed.exe
2011-08-26 19:42:54 518144 ----a-w- c:\windows\SWREG.exe
2011-08-26 19:42:54 256000 ----a-w- c:\windows\PEV.exe
2011-08-26 19:42:54 208896 ----a-w- c:\windows\MBR.exe
2011-08-23 06:46:33 6144 ------w- c:\windows\system32\5.tmp
2011-08-23 06:46:08 6144 ------w- c:\windows\system32\4.tmp
2011-08-23 06:46:00 6144 ------w- c:\windows\system32\3.tmp
2011-08-23 06:09:24 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-23 06:09:21 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-23 06:09:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-22 09:29:13 -------- d-----w- c:\documents and settings\jim\application data\GetRightToGo
2011-08-17 21:46:14 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
2011-08-17 21:17:43 -------- d-----w- C:\TDSSKiller_Quarantine
2011-08-17 20:48:01 -------- d-----w- c:\documents and settings\jim\local settings\application data\Norman Malware Cleaner
2011-08-17 19:28:22 -------- d-----w- c:\documents and settings\jim\DoctorWeb
2011-08-17 03:04:17 6144 ------w- c:\windows\system32\E.tmp
2011-08-17 03:03:49 6144 ------w- c:\windows\system32\D.tmp
2011-08-17 03:03:40 6144 ------w- c:\windows\system32\C.tmp
2011-08-16 07:51:34 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-08-16 07:51:25 -------- d-----w- c:\program files\Lavasoft
2011-08-16 07:36:02 5607 ----a-w- c:\windows\~GLH0000.TMP
2011-08-16 07:36:02 104688 ----a-w- c:\windows\~GLC0000.TMP
2011-08-16 07:16:51 -------- d-----w- c:\documents and settings\all users\application data\AntiVir PersonalEdition Classic
2011-08-16 07:08:10 43408 --sha-w- c:\windows\system32\c_36130.nl_
.
==================== Find3M ====================
.
2011-08-17 21:18:43 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-06-02 17:53:02 94208 ----a-w- c:\windows\system32\dpl100.dll
.
============= FINISH: 17:53:46.18 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:39 AM

Posted 01 September 2011 - 08:12 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 TechnoBoob

TechnoBoob
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 01 September 2011 - 08:18 PM

Hi! Thanks for the help m0le. I'm subscribed to this thread and ready to fix my bleeping computer. Any help appreciated just let me know what I can do.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:39 AM

Posted 01 September 2011 - 08:27 PM

There's all the hallmarks of a rootkit here so let's try and find it.

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Now run the aswMBR scanning tool

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 TechnoBoob

TechnoBoob
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 01 September 2011 - 08:31 PM

Gotta run for a few hours, when I get back I'll get both those logs for you.

#6 TechnoBoob

TechnoBoob
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 03 September 2011 - 09:55 PM

Logs! Sorry for the delay, hope you can still help me. Here's TDSSKiller first:


2011/09/03 19:49:42.0703 3008 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/09/03 19:49:42.0750 3008 ================================================================================
2011/09/03 19:49:42.0750 3008 SystemInfo:
2011/09/03 19:49:42.0750 3008
2011/09/03 19:49:42.0750 3008 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/03 19:49:42.0750 3008 Product type: Workstation
2011/09/03 19:49:42.0750 3008 ComputerName: HAL
2011/09/03 19:49:42.0750 3008 UserName: Jim
2011/09/03 19:49:42.0750 3008 Windows directory: C:\WINDOWS
2011/09/03 19:49:42.0750 3008 System windows directory: C:\WINDOWS
2011/09/03 19:49:42.0750 3008 Processor architecture: Intel x86
2011/09/03 19:49:42.0750 3008 Number of processors: 2
2011/09/03 19:49:42.0750 3008 Page size: 0x1000
2011/09/03 19:49:42.0750 3008 Boot type: Normal boot
2011/09/03 19:49:42.0750 3008 ================================================================================
2011/09/03 19:49:43.0187 3008 Initialize success
2011/09/03 19:49:47.0609 2264 ================================================================================
2011/09/03 19:49:47.0609 2264 Scan started
2011/09/03 19:49:47.0609 2264 Mode: Manual;
2011/09/03 19:49:47.0609 2264 ================================================================================
2011/09/03 19:49:47.0921 2264 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/03 19:49:47.0968 2264 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/03 19:49:48.0062 2264 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/03 19:49:48.0390 2264 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/09/03 19:49:48.0531 2264 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/03 19:49:48.0546 2264 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/03 19:49:48.0734 2264 ati2mtag (e69b295083419e13521f01df76f35db0) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/09/03 19:49:48.0796 2264 AtiHdmiService (591a9eabb5ef5168e435c2f18b05dd76) C:\WINDOWS\system32\drivers\AtiHdmi.sys
2011/09/03 19:49:48.0812 2264 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/03 19:49:48.0843 2264 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/03 19:49:48.0890 2264 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/09/03 19:49:48.0921 2264 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/09/03 19:49:48.0953 2264 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/09/03 19:49:49.0000 2264 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/09/03 19:49:49.0031 2264 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/09/03 19:49:49.0046 2264 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/09/03 19:49:49.0093 2264 avgntdd (dbb742f7a678a071761648926a441672) C:\WINDOWS\system32\DRIVERS\avgntdd.sys
2011/09/03 19:49:49.0125 2264 avgntmgr (05edf0e1482625bd6953760a77656673) C:\WINDOWS\system32\drivers\avgntmgr.sys
2011/09/03 19:49:49.0140 2264 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/09/03 19:49:49.0171 2264 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/09/03 19:49:49.0281 2264 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/09/03 19:49:49.0343 2264 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/03 19:49:49.0484 2264 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/03 19:49:49.0546 2264 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/03 19:49:49.0578 2264 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/03 19:49:49.0609 2264 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/03 19:49:50.0171 2264 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/09/03 19:49:50.0312 2264 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/03 19:49:50.0375 2264 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/03 19:49:50.0406 2264 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/03 19:49:50.0437 2264 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/03 19:49:50.0484 2264 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/03 19:49:50.0515 2264 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/03 19:49:50.0546 2264 E100B (83403675cab29e7a4b885b11e7c855d8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/09/03 19:49:50.0578 2264 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/03 19:49:50.0609 2264 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/09/03 19:49:50.0640 2264 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/03 19:49:50.0656 2264 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/09/03 19:49:50.0687 2264 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/03 19:49:50.0750 2264 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/03 19:49:50.0765 2264 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/03 19:49:50.0781 2264 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/03 19:49:50.0828 2264 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/03 19:49:50.0921 2264 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/03 19:49:51.0015 2264 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/03 19:49:51.0109 2264 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/03 19:49:51.0156 2264 iastor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/09/03 19:49:51.0234 2264 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/03 19:49:51.0500 2264 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/03 19:49:51.0531 2264 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/03 19:49:51.0671 2264 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/03 19:49:51.0718 2264 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/03 19:49:51.0765 2264 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/03 19:49:51.0781 2264 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/03 19:49:51.0859 2264 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/03 19:49:51.0906 2264 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/03 19:49:51.0953 2264 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/03 19:49:51.0968 2264 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/03 19:49:52.0031 2264 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/03 19:49:52.0046 2264 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/03 19:49:52.0109 2264 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/09/03 19:49:52.0281 2264 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/09/03 19:49:52.0312 2264 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/03 19:49:52.0343 2264 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/03 19:49:52.0359 2264 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/03 19:49:52.0390 2264 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/03 19:49:52.0406 2264 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/03 19:49:52.0437 2264 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/03 19:49:52.0484 2264 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/03 19:49:52.0515 2264 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/03 19:49:52.0562 2264 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/03 19:49:52.0578 2264 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/03 19:49:52.0593 2264 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/03 19:49:52.0656 2264 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/03 19:49:52.0671 2264 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/03 19:49:52.0703 2264 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/03 19:49:52.0718 2264 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/03 19:49:52.0750 2264 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/03 19:49:52.0765 2264 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/03 19:49:52.0828 2264 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/03 19:49:52.0859 2264 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/03 19:49:53.0031 2264 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/09/03 19:49:53.0062 2264 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/03 19:49:53.0109 2264 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/03 19:49:53.0250 2264 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/09/03 19:49:53.0406 2264 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/03 19:49:53.0437 2264 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/03 19:49:53.0453 2264 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/03 19:49:53.0484 2264 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/09/03 19:49:53.0593 2264 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/03 19:49:53.0625 2264 Partizan (6ddcf3f801ec15fe698f6a215cf30a1f) C:\WINDOWS\system32\drivers\Partizan.sys
2011/09/03 19:49:53.0656 2264 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/03 19:49:53.0687 2264 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/03 19:49:53.0687 2264 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/03 19:49:53.0734 2264 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/03 19:49:53.0750 2264 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/03 19:49:53.0906 2264 Point32 (e5582e43e167cf367757d81e9727da2a) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/09/03 19:49:53.0921 2264 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/03 19:49:53.0937 2264 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/03 19:49:53.0968 2264 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/03 19:49:54.0078 2264 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/03 19:49:54.0093 2264 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/03 19:49:54.0125 2264 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/03 19:49:54.0140 2264 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/03 19:49:54.0156 2264 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/03 19:49:54.0171 2264 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/03 19:49:54.0203 2264 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/03 19:49:54.0234 2264 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/03 19:49:54.0265 2264 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/03 19:49:54.0296 2264 RegGuard (37ecebdd930395a9c399fb18a3c236d3) C:\WINDOWS\system32\Drivers\regguard.sys
2011/09/03 19:49:54.0359 2264 rspSanity (bcbf88fabf84f0f76fd7b11df65921fa) C:\WINDOWS\system32\DRIVERS\rspSanity32.sys
2011/09/03 19:49:54.0437 2264 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/09/03 19:49:54.0453 2264 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/09/03 19:49:54.0484 2264 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
2011/09/03 19:49:54.0593 2264 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/03 19:49:54.0625 2264 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/09/03 19:49:54.0718 2264 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/03 19:49:54.0968 2264 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/03 19:49:55.0156 2264 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/03 19:49:55.0203 2264 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/03 19:49:55.0296 2264 STHDA (6ad7569cc5e40b94932ec56097c5dccd) C:\WINDOWS\system32\drivers\sthda.sys
2011/09/03 19:49:55.0375 2264 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/03 19:49:55.0437 2264 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/03 19:49:55.0578 2264 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/03 19:49:55.0625 2264 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/03 19:49:55.0656 2264 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/03 19:49:55.0671 2264 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/03 19:49:55.0718 2264 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/03 19:49:55.0781 2264 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/03 19:49:55.0843 2264 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/03 19:49:55.0921 2264 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/03 19:49:55.0937 2264 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/03 19:49:55.0968 2264 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/03 19:49:55.0984 2264 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/03 19:49:56.0062 2264 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/03 19:49:56.0078 2264 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/03 19:49:56.0093 2264 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/03 19:49:56.0125 2264 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/03 19:49:56.0156 2264 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/03 19:49:56.0187 2264 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/03 19:49:56.0250 2264 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/09/03 19:49:56.0343 2264 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/03 19:49:56.0453 2264 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/03 19:49:56.0468 2264 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/03 19:49:56.0531 2264 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/09/03 19:49:56.0781 2264 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR11
2011/09/03 19:49:56.0843 2264 Boot (0x1200) (ba697a59c3f8586cebe9f3a2d9c39c25) \Device\Harddisk0\DR0\Partition0
2011/09/03 19:49:56.0921 2264 Boot (0x1200) (7fea6d135542c4c956a5b033a2603f97) \Device\Harddisk0\DR0\Partition1
2011/09/03 19:49:56.0937 2264 Boot (0x1200) (c39d88293891d194036ef0557baaae2d) \Device\Harddisk5\DR11\Partition0
2011/09/03 19:49:56.0953 2264 ================================================================================
2011/09/03 19:49:56.0953 2264 Scan finished
2011/09/03 19:49:56.0953 2264 ================================================================================
2011/09/03 19:49:56.0984 2248 Detected object count: 0
2011/09/03 19:49:56.0984 2248 Actual detected object count: 0

Here's the aswMBR log:


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-03 19:51:22
-----------------------------
19:51:22.921 OS Version: Windows 5.1.2600 Service Pack 3
19:51:22.921 Number of processors: 2 586 0x407
19:51:22.921 ComputerName: HAL UserName: Jim
19:51:23.531 Initialize success
19:51:39.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:51:39.515 Disk 0 Vendor: WDC_WD32 21.0 Size: 305245MB BusType: 3
19:51:39.531 Disk 0 MBR read successfully
19:51:39.531 Disk 0 MBR scan
19:51:39.531 Disk 0 Windows XP default MBR code
19:51:39.531 Disk 0 scanning sectors +625121280
19:51:39.609 Disk 0 scanning C:\WINDOWS\system32\drivers
19:51:45.515 Service scanning
19:51:46.578 Modules scanning
19:51:50.390 Disk 0 trace - called modules:
19:51:50.406 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:51:50.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89b9fab8]
19:51:50.406 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x89fa2040]
19:51:50.421 Scan finished successfully
19:52:03.328 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jim\Desktop\MBR.dat"
19:52:03.328 The log file has been saved successfully to "C:\Documents and Settings\Jim\Desktop\aswMBR.txt"

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:39 AM

Posted 04 September 2011 - 05:45 AM

That looks okay. Now we need to take a better look at the machine and we use OTL to do this

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#8 TechnoBoob

TechnoBoob
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 04 September 2011 - 01:28 PM

Okie dokie, here are the two OTL log reports:
OTL.txt:


OTL logfile created on: 9/4/2011 11:14:24 AM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Jim\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 79.05% Memory free
4.84 Gb Paging File | 4.38 Gb Available in Paging File | 90.57% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 293.87 Gb Total Space | 196.82 Gb Free Space | 66.98% Space Free | Partition Type: NTFS
Drive H: | 4.20 Gb Total Space | 1.33 Gb Free Space | 31.54% Space Free | Partition Type: FAT32

Computer Name: HAL | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jim\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Jim\Desktop\RRT.exe (Sergiwa - www.sergiwa.com)
PRC - C:\Program Files\UnHackMe\GWebUpdate.exe (Greais Software)
PRC - C:\Program Files\UnHackMe\hackmon.exe (Greatis Software)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe (H+BEDV Datentechnik GmbH)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()


========== Win32 Services (SafeList) ==========

SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- File not found
SRV - (MSFtpsvc) -- File not found
SRV - (IISADMIN) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe ()
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
SRV - (AntiVirScheduler) -- C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe ()


========== Driver Services (SafeList) ==========

DRV - (RegGuard) -- C:\WINDOWS\system32\drivers\regguard.sys (Greatis Software)
DRV - (Partizan) -- C:\WINDOWS\system32\drivers\Partizan.sys (Greatis Software)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (rspSanity) -- C:\WINDOWS\system32\drivers\rspSanity32.sys (Resplendence Software Projects Sp.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (avgntdd) -- C:\WINDOWS\system32\drivers\avgntdd.sys (AVIRA GmbH)
DRV - (avgntmgr) -- C:\WINDOWS\SYSTEM32\drivers\avgntmgr.sys (H+BEDV Datentechnik GmbH)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.19

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/04/25 09:32:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 14:36:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/29 00:09:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme

[2010/04/25 22:16:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Extensions
[2010/04/25 22:16:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/08/16 00:23:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\33jng3cz.default\extensions
[2010/04/30 23:42:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\33jng3cz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/14 18:38:16 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\33jng3cz.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
[2011/08/15 21:32:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\33jng3cz.default\extensions\trash
[2011/08/29 00:12:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/24 14:36:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/04/24 22:05:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2010/04/24 22:05:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010/04/24 22:05:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2010/04/24 22:05:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2010/04/24 22:05:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/04/24 22:05:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\33JNG3CZ.DEFAULT\EXTENSIONS\{02450954-CDD9-410F-B1DA-DB804E18C671}.XPI
[2011/06/24 14:36:49 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006/10/26 21:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2010/12/08 17:48:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2010/12/08 17:48:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2010/12/08 17:48:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2010/12/08 17:48:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2010/04/02 16:56:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2010/12/09 03:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2007/03/09 16:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2010/01/01 01:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 01:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2010/01/01 01:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010/01/01 01:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2010/01/01 01:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/08/28 22:44:34 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe (H+BEDV Datentechnik GmbH)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Broadcom Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RRT-Auto] C:\Documents and Settings\Jim\Desktop\RRT.exe (Sergiwa - www.sergiwa.com)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe (Greatis Software)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O4 - Startup: C:\Documents and Settings\Jim\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install-ie/alttiff.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 18:13:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (on\E) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/04 11:12:59 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe
[2011/09/03 19:45:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/03 19:45:48 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jim\Desktop\TDSSKiller.exe
[2011/09/03 19:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Desktop\BleepingComp Tools
[2011/09/03 19:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Desktop\Loggs
[2011/08/29 02:00:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Cache
[2011/08/29 02:00:32 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2011/08/29 02:00:32 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2011/08/29 02:00:32 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2011/08/29 02:00:32 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fcachdll.dll
[2011/08/29 02:00:32 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2011/08/29 02:00:32 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2011/08/29 02:00:32 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2011/08/29 02:00:32 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regtrace.exe
[2011/08/29 02:00:32 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2011/08/29 02:00:32 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpctrs.dll
[2011/08/29 02:00:32 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2011/08/29 02:00:32 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snprfdll.dll
[2011/08/29 02:00:32 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2011/08/29 02:00:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2011/08/29 02:00:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsiisex.dll
[2011/08/29 01:59:56 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2011/08/29 01:59:56 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2011/08/29 01:59:56 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2011/08/29 01:59:56 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2011/08/29 01:59:56 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftpctrs2.dll
[2011/08/29 01:59:56 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2011/08/29 01:59:55 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2011/08/29 01:59:55 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2011/08/29 01:59:55 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2011/08/29 01:59:55 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2011/08/29 01:59:55 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2011/08/29 01:59:55 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2011/08/29 01:59:55 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2011/08/29 01:59:55 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2011/08/29 01:59:54 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2011/08/29 01:59:54 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2011/08/29 01:59:54 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2011/08/29 01:59:54 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2011/08/29 01:59:54 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2011/08/29 01:59:54 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2011/08/29 01:59:54 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w3ctrs.dll
[2011/08/29 01:59:53 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2011/08/29 01:59:53 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2011/08/29 01:59:53 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aspperf.dll
[2011/08/29 01:59:53 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2011/08/29 01:59:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w3svapi.dll
[2011/08/29 01:59:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2011/08/29 01:59:52 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2011/08/29 01:59:52 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2011/08/29 01:59:52 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsloc.dll
[2011/08/29 01:59:52 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2011/08/29 01:59:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisreset.exe
[2011/08/29 01:59:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2011/08/29 01:59:52 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wamregps.dll
[2011/08/29 01:59:52 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2011/08/29 01:59:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftpsapi2.dll
[2011/08/29 01:59:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2011/08/29 01:59:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisrstap.dll
[2011/08/29 01:59:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2011/08/29 01:59:52 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iismui.dll
[2011/08/29 01:59:52 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2011/08/29 01:59:51 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2011/08/29 01:59:51 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\convlog.exe
[2011/08/29 01:59:51 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2011/08/29 01:59:51 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\infoctrs.dll
[2011/08/29 01:59:51 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2011/08/29 01:59:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2011/08/29 01:59:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\admxprox.dll
[2011/08/29 01:59:50 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\simptcp.dll
[2011/08/29 01:59:50 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2011/08/29 01:59:50 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2011/08/29 01:59:50 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2011/08/29 01:59:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2011/08/29 01:59:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2011/08/29 01:58:22 | 000,000,000 | ---D | C] -- C:\Inetpub
[2011/08/29 00:50:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/08/29 00:08:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jim\Recent
[2011/08/28 22:49:07 | 000,000,000 | ---D | C] -- C:\RRTVAULT
[2011/08/28 22:49:00 | 005,029,888 | ---- | C] (Sergiwa - www.sergiwa.com) -- C:\Documents and Settings\Jim\Desktop\RRT.exe
[2011/08/28 22:44:31 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Jim\Desktop\WinsockxpFix.exe
[2011/08/27 13:30:03 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Jim\Desktop\dds.scr
[2011/08/27 13:24:15 | 000,024,416 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2011/08/26 19:22:53 | 000,039,192 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2011/08/26 19:22:53 | 000,035,816 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2011/08/26 19:22:44 | 000,011,040 | ---- | C] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys
[2011/08/26 19:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\UnHackMe
[2011/08/26 19:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\regruninfo
[2011/08/26 19:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\My Documents\RegRun2
[2011/08/26 19:22:40 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2011/08/26 19:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Desktop\UnHackMe
[2011/08/26 18:55:59 | 000,347,944 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Jim\Desktop\MicrosoftFixit-portable.exe
[2011/08/26 13:41:23 | 000,027,192 | ---- | C] (Resplendence Software Projects Sp.) -- C:\WINDOWS\System32\drivers\rspSanity32.sys
[2011/08/26 13:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\SanityCheck
[2011/08/26 13:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\StuxnetRemover
[2011/08/26 13:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\StuxnetRemover
[2011/08/26 13:38:46 | 000,777,872 | ---- | C] (Resplendence Software Projects Sp. ) -- C:\Documents and Settings\Jim\Desktop\hookanlz.exe
[2011/08/26 13:38:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Desktop\stux
[2011/08/26 13:38:07 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Jim\Desktop\aswMBR.exe
[2011/08/26 12:42:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/26 12:42:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/26 12:42:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/26 12:42:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/26 12:41:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/26 12:40:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/26 12:39:53 | 004,184,273 | R--- | C] (Swearware) -- C:\Documents and Settings\Jim\Desktop\45454644.exe
[2011/08/22 23:09:24 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/22 23:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/22 23:09:21 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/22 23:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/22 23:06:38 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jim\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/22 02:29:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\GetRightToGo
[2011/08/22 02:22:44 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Jim\Desktop\spybotsd162.exe
[2011/08/22 02:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded TV
[2011/08/22 02:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\movie maker
[2011/08/22 02:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011/08/21 23:03:17 | 000,217,152 | ---- | C] (Kaspersky Lab.) -- C:\Documents and Settings\Jim\Desktop\klantifl.exe
[2011/08/21 23:03:17 | 000,171,344 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Jim\Desktop\kk.exe
[2011/08/21 23:03:17 | 000,171,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jim\Desktop\salitykiller.exe
[2011/08/21 23:03:17 | 000,138,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jim\Desktop\virutkiller.exe
[2011/08/21 23:03:17 | 000,123,392 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Jim\Desktop\digita_cure.exe
[2011/08/21 23:03:17 | 000,120,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Jim\Desktop\pmaxkiller.exe
[2011/08/21 23:03:17 | 000,108,368 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jim\Desktop\zbotkiller.exe
[2011/08/21 23:03:17 | 000,100,104 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Jim\Desktop\kateskiller.exe
[2011/08/21 23:03:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Desktop\Kaspersky Files
[2011/08/17 14:46:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/08/17 14:17:43 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/08/17 13:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Local Settings\Application Data\Norman Malware Cleaner
[2011/08/17 12:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\DoctorWeb
[2011/08/17 12:21:43 | 005,570,000 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Jim\Desktop\avg_free_stb_all_2011_1390_cnet.exe
[2011/08/17 12:21:32 | 006,394,688 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Jim\Desktop\HitmanPro35.exe
[2011/08/16 00:51:34 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/08/16 00:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/08/16 00:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/08/16 00:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/08/16 00:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AntiVir PersonalEdition Classic
[2011/08/16 00:16:51 | 000,057,344 | ---- | C] (H+BEDV Datentechnik GmbH) -- C:\WINDOWS\System32\avsda.dll
[2011/08/16 00:16:51 | 000,032,768 | ---- | C] (AVIRA GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/08/16 00:16:51 | 000,014,848 | ---- | C] (H+BEDV Datentechnik GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/08/16 00:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\AntiVir PersonalEdition Classic
[2011/08/16 00:16:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Jim\Desktop\*.tmp files -> C:\Documents and Settings\Jim\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/04 11:11:58 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe
[2011/09/04 11:09:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-838170752-682003330-1003UA.job
[2011/09/04 11:08:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/03 19:52:03 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\MBR.dat
[2011/09/03 19:38:50 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/09/03 19:38:50 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/03 19:38:07 | 000,013,690 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/29 02:01:15 | 000,489,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/29 02:01:15 | 000,090,162 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/29 01:38:48 | 000,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2011/08/28 22:49:06 | 000,005,036 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ihfeumzb.qzk
[2011/08/28 22:47:16 | 005,029,888 | ---- | M] (Sergiwa - www.sergiwa.com) -- C:\Documents and Settings\Jim\Desktop\RRT.exe
[2011/08/28 22:44:34 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/28 22:41:00 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Jim\Desktop\WinsockxpFix.exe
[2011/08/28 21:09:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-838170752-682003330-1003Core.job
[2011/08/27 13:16:36 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Jim\Desktop\dds.scr
[2011/08/26 19:22:53 | 000,039,192 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2011/08/26 19:22:53 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2011/08/26 19:22:46 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/08/26 19:22:46 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/08/26 19:22:46 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2011/08/26 19:22:44 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\UnHackMe.lnk
[2011/08/26 18:54:36 | 000,347,944 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Jim\Desktop\MicrosoftFixit-portable.exe
[2011/08/26 18:50:38 | 000,948,144 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\setup_542558.exe
[2011/08/26 13:41:23 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\SanityCheck.lnk
[2011/08/26 13:40:23 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Stuxnet Remover.lnk
[2011/08/26 13:35:36 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Jim\Desktop\aswMBR.exe
[2011/08/26 13:30:20 | 000,777,872 | ---- | M] (Resplendence Software Projects Sp. ) -- C:\Documents and Settings\Jim\Desktop\hookanlz.exe
[2011/08/26 13:22:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2011/08/26 12:32:40 | 004,184,273 | R--- | M] (Swearware) -- C:\Documents and Settings\Jim\Desktop\45454644.exe
[2011/08/23 00:51:06 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/08/22 23:09:25 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/22 23:04:54 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jim\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/22 15:48:36 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jim\Desktop\TDSSKiller.exe
[2011/08/22 02:38:21 | 000,744,853 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\PAVARK.exe
[2011/08/22 02:22:04 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Jim\Desktop\spybotsd162.exe
[2011/08/21 15:44:30 | 000,123,392 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Jim\Desktop\digita_cure.exe
[2011/08/21 15:44:24 | 000,217,152 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\Jim\Desktop\klantifl.exe
[2011/08/21 15:44:18 | 000,307,264 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\clrav.com
[2011/08/21 15:44:12 | 000,120,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Jim\Desktop\pmaxkiller.exe
[2011/08/21 15:44:06 | 000,138,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jim\Desktop\virutkiller.exe
[2011/08/21 15:43:58 | 000,100,104 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Jim\Desktop\kateskiller.exe
[2011/08/21 15:43:54 | 000,108,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jim\Desktop\zbotkiller.exe
[2011/08/21 15:43:44 | 000,171,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jim\Desktop\salitykiller.exe
[2011/08/21 15:43:10 | 000,171,344 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Jim\Desktop\kk.exe
[2011/08/21 12:27:06 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/17 14:05:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\1975307404
[2011/08/17 13:45:23 | 000,043,408 | -HS- | M] () -- C:\WINDOWS\System32\c_36130.nl_
[2011/08/17 12:05:12 | 006,394,688 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Jim\Desktop\HitmanPro35.exe
[2011/08/17 11:09:46 | 074,879,784 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\ub5u3s5z.exe
[2011/08/17 10:58:44 | 129,975,592 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Norman_Malware_Cleaner.exe
[2011/08/17 10:13:48 | 005,570,000 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Jim\Desktop\avg_free_stb_all_2011_1390_cnet.exe
[2011/08/16 00:51:36 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/08/16 00:16:54 | 000,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
[2011/08/15 18:43:11 | 128,168,140 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/08/11 23:38:34 | 000,193,690 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/08/09 18:19:58 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Google Chrome.lnk
[2011/08/09 18:19:58 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Jim\Desktop\*.tmp files -> C:\Documents and Settings\Jim\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/03 19:52:03 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\MBR.dat
[2011/09/03 19:38:50 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/09/03 19:38:50 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Jim\Start Menu\Programs\Windows Media Player.lnk
[2011/08/29 02:04:31 | 000,006,717 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\INETIN51.EX_
[2011/08/29 02:00:32 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2011/08/29 02:00:32 | 000,008,002 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.h
[2011/08/29 02:00:32 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2011/08/29 02:00:32 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.h
[2011/08/29 01:59:56 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2011/08/29 01:59:56 | 000,002,549 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.h
[2011/08/29 01:59:54 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2011/08/29 01:59:54 | 000,005,379 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.h
[2011/08/29 01:59:53 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2011/08/29 01:59:53 | 000,002,024 | ---- | C] () -- C:\WINDOWS\System32\axctrnm.h
[2011/08/29 01:59:51 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2011/08/29 01:59:51 | 000,003,276 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.h
[2011/08/29 01:59:50 | 000,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib
[2011/08/29 01:59:50 | 000,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib
[2011/08/29 01:59:50 | 000,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib
[2011/08/29 01:59:50 | 000,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib
[2011/08/29 01:59:49 | 000,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib
[2011/08/29 01:59:49 | 000,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib
[2011/08/29 01:59:49 | 000,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib
[2011/08/29 01:59:49 | 000,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib
[2011/08/29 01:59:49 | 000,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib
[2011/08/29 01:59:49 | 000,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib
[2011/08/29 01:59:49 | 000,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib
[2011/08/29 01:59:49 | 000,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib
[2011/08/29 01:59:49 | 000,000,698 | ---- | C] () -- C:\WINDOWS\System32\inetsrv.mib
[2011/08/29 01:59:49 | 000,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib
[2011/08/29 01:59:48 | 000,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib
[2011/08/29 01:59:48 | 000,020,079 | ---- | C] () -- C:\WINDOWS\System32\http.mib
[2011/08/29 01:59:48 | 000,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib
[2011/08/29 01:59:48 | 000,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib
[2011/08/29 01:59:48 | 000,006,179 | ---- | C] () -- C:\WINDOWS\System32\ftp.mib
[2011/08/29 01:59:48 | 000,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib
[2011/08/28 22:49:06 | 000,005,036 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ihfeumzb.qzk
[2011/08/27 13:30:16 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\gmer.exe
[2011/08/26 19:22:46 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2011/08/26 19:22:44 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\UnHackMe.lnk
[2011/08/26 18:52:38 | 000,948,144 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\setup_542558.exe
[2011/08/26 13:41:23 | 000,000,633 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\SanityCheck.lnk
[2011/08/26 13:40:23 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Stuxnet Remover.lnk
[2011/08/26 12:42:54 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/26 12:42:54 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/26 12:42:54 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/26 12:42:54 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/26 12:42:54 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/22 23:09:25 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/21 23:03:17 | 000,307,264 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\clrav.com
[2011/08/17 12:21:39 | 074,879,784 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\ub5u3s5z.exe
[2011/08/17 12:21:39 | 000,105,472 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\RunClubSanDisk.exe
[2011/08/17 12:21:32 | 129,975,592 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Norman_Malware_Cleaner.exe
[2011/08/16 01:57:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\1975307404
[2011/08/16 00:51:41 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/08/16 00:51:36 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/08/16 00:16:54 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
[2011/08/16 00:08:10 | 000,043,408 | -HS- | C] () -- C:\WINDOWS\System32\c_36130.nl_
[2011/08/04 00:22:10 | 000,001,518 | -HS- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\hw750w16jftl13756nft5r2mrmnkc01524d4lc8n0u
[2011/08/04 00:22:10 | 000,001,518 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hw750w16jftl13756nft5r2mrmnkc01524d4lc8n0u
[2011/02/22 00:38:43 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/12/15 05:00:32 | 000,002,554 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2010/12/15 05:00:30 | 000,000,190 | ---- | C] () -- C:\WINDOWS\SimTower.ini
[2010/12/15 03:39:09 | 000,107,520 | ---- | C] () -- C:\WINDOWS\System32\SIMANT.DLL
[2010/12/15 03:39:09 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\VERMONT1.DLL
[2010/12/15 03:39:09 | 000,012,416 | ---- | C] () -- C:\WINDOWS\System32\VRX1.DLL
[2010/11/15 13:45:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/15 01:30:57 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/11/15 01:30:57 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/11/15 01:30:57 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/04/30 20:26:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cid_store.dat
[2010/04/30 00:43:43 | 000,034,724 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/29 13:17:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2010/04/25 20:40:45 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/25 19:36:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Net-It Now! SE.INI
[2010/04/25 19:36:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\NILaunch.exe
[2010/04/25 19:36:36 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\NIUninstall.exe
[2010/04/25 18:16:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/25 16:23:16 | 000,058,616 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2010/04/25 15:41:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/04/25 14:49:00 | 000,000,070 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2010/04/25 13:32:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/04/25 13:27:56 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/04/24 21:11:42 | 000,004,096 | -H-- | C] () -- C:\Program Files\._WindowsUpdate
[2010/04/24 21:11:42 | 000,004,096 | -H-- | C] () -- C:\Program Files\._Uninstall Information
[2010/04/24 21:11:42 | 000,004,096 | -H-- | C] () -- C:\Program Files\._InstallShield Installation Information
[2010/04/24 21:11:42 | 000,004,096 | -H-- | C] () -- C:\Program Files\._CanonBJ
[2010/04/24 10:12:42 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\._String Ensemble
[2010/04/24 10:12:42 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\._String Comparison
[2010/04/24 10:12:42 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\._PKP_DLdw.DAT
[2010/04/24 10:12:42 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\._PKP_DLdu.DAT
[2010/04/24 10:12:42 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\._PKP_DLck.DAT
[2010/04/24 10:12:42 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\._PKP_DLbx.DAT
[2010/04/24 10:12:42 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\._Overdrive
[2010/04/24 10:12:42 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\._{CC8D4389-E989-40EE-AF09-2330B1EE8BF7}
[2010/04/24 10:12:42 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\String Ensemble
[2010/04/24 10:12:42 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\String Comparison
[2010/04/24 10:12:42 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/04/24 10:12:42 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2010/04/24 10:12:42 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/04/24 10:12:42 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
[2010/04/24 10:12:42 | 000,000,012 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Overdrive
[2010/04/24 10:12:41 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\._NetServices
[2010/04/24 10:12:41 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\._Metadata Importer
[2010/04/24 10:12:41 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\._Master
[2010/04/24 10:12:41 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\._KGyGaAvL.sys
[2010/04/24 10:12:41 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\._D85085A296.sys
[2010/04/24 10:12:41 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\._CanonIJSolutionMenu
[2010/04/24 10:12:41 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\._CanonIJMyPrinter
[2010/04/24 10:12:41 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\._CanonIJEPPEX
[2010/04/24 10:12:41 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\._CanonIJEGV
[2010/04/24 10:12:41 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\._CanonBJ
[2010/04/24 10:12:41 | 000,002,516 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/04/24 10:12:41 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Metadata Importer
[2010/04/24 10:12:41 | 000,000,012 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\NetServices
[2010/04/24 10:12:41 | 000,000,008 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\D85085A296.sys
[2010/04/23 00:49:39 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/04/23 00:49:39 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/04/23 00:49:39 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/04/23 00:20:09 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\fusioncache.dat
[2010/04/23 00:14:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/04/23 00:09:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/04/22 16:31:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/04/22 16:30:52 | 000,309,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/10 17:38:28 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/10/10 17:38:28 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/10/10 17:38:28 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/10/03 12:48:00 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2008/09/29 12:22:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/09/23 11:58:58 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\atibrtmon.exe
[2008/08/14 09:42:20 | 000,197,654 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/22 15:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 15:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 04:00:00 | 000,489,868 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 04:00:00 | 000,090,162 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/04/24 12:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2011/08/16 02:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
[2011/08/17 13:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/04/25 15:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/04/25 15:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/04/25 15:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
[2010/04/25 15:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2010/04/25 15:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2010/04/25 15:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\com.comcast.access
[2011/01/25 14:13:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/15 00:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/04/25 15:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/04/25 15:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2011/08/17 14:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/04/25 15:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Importer
[2010/04/25 15:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jazz
[2011/03/04 23:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/04/24 12:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/04/23 08:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NewsBin
[2010/04/24 12:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2010/04/25 16:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/04/24 12:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/04/24 12:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2010/04/24 12:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaskManager
[2011/02/12 22:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/25 16:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/04/24 12:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/25 16:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vso
[2010/04/25 16:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/04/25 16:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zoom Player
[2010/04/24 12:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/24 12:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/04/24 12:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/04/25 16:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CC8D4389-E989-40EE-AF09-2330B1EE8BF7}
[2010/04/25 20:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\ACD Systems
[2011/01/25 21:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\AVG
[2011/01/25 15:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\AVG10
[2011/08/16 00:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\BitTorrent
[2010/04/25 17:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2010/11/15 01:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\DAEMON Tools Lite
[2011/08/22 02:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\GetRightToGo
[2010/05/02 18:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\MxBoost
[2010/04/29 14:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Nik Software
[2010/04/29 13:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\NIKON
[2011/05/05 12:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\OpenOffice.org
[2011/02/13 20:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Safer Networking
[2010/12/23 23:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\ScummVM
[2010/04/25 16:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Stardock
[2010/04/25 18:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Thunderbird
[2010/11/14 18:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Tific
[2011/05/27 15:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\uPlayer
[2010/04/23 22:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Windows Desktop Search
[2010/04/25 17:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Windows Search
[2011/08/23 00:51:06 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 20 bytes -> C:\Documents and Settings\Jim\Desktop\PAVARK.exe:License
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

Extras.txt:


OTL Extras logfile created on: 9/4/2011 11:14:24 AM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Jim\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 79.05% Memory free
4.84 Gb Paging File | 4.38 Gb Available in Paging File | 90.57% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 293.87 Gb Total Space | 196.82 Gb Free Space | 66.98% Space Free | Partition Type: NTFS
Drive H: | 4.20 Gb Total Space | 1.33 Gb Free Space | 31.54% Space Free | Partition Type: FAT32

Computer Name: HAL | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Max2.Association.HTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\7.0\ACDSee7.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0
"UpdatesDisableNotify" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Standard
"{02FB40EA-C8AC-36F7-A546-B083E00AF3AA}" = Catalyst Control Center Core Implementation
"{052B4734-CD9B-468F-B25D-D1E136B2C95A}" = Ad-Aware
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_Pro9500_II_series" = Canon Pro9500 II series Printer Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C26CB-6D52-458C-A87F-1EE77F9625C6}" = Intel® PRO Network Connections
"{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}" = AVG 2011
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{4445BFF0-008A-8F5C-9D68-B0164F7E26FF}" = ccc-core-static
"{4D89AFAD-669B-514A-E150-7DA3208477DC}" = ccc-utility
"{4E47B686-8DFF-1AAD-3264-A537E2FC3833}" = Catalyst Control Center Graphics Previews Common
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7764393A-A48B-6BB2-28BC-A6B4EF3A95BC}" = Catalyst Control Center Graphics Full Existing
"{825DFF04-8FB0-3430-CB22-8725719B1A01}" = Catalyst Control Center Graphics Light
"{84430565-C205-B818-7D13-052F88707F70}" = CCC Help English
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A2AF890-B0CD-43DC-85F6-AA0B51024DFF}" = ATI MCE Transcode
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
"{D99667FF-4A9B-B278-9014-BEA2896F413F}" = ccc-core-preinstall
"{DBD86EB8-8536-DB02-EC42-31ED143497A8}" = Catalyst Control Center HydraVision Full
"{E9F882ED-C2B8-2716-0330-7FBA5C9C455B}" = Catalyst Control Center Graphics Full New
"{ECE0113B-23D0-4DD8-89E6-D2F026CABF03}" = ACDSee 7.0
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"All ATI Software" = ATI - Software Uninstall Utility
"AntiVir PersonalEdition Classic" = Avira AntiVir PersonalEdition Classic
"ATI Display Driver" = ATI Display Driver
"BitTorrent" = BitTorrent
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX Setup
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OUTLOOKR" = Microsoft Office Outlook 2007
"PokerStars" = PokerStars
"SanityCheck_is1" = SanityCheck 2.01
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"StuxnetRemover_is1" = StuxnetRemover
"UnHackMe_is1" = UnHackMe 5.99 release
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WET7Cable" = Windows Easy Transfer for Windows 7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/3/2011 10:38:03 PM | Computer Name = HAL | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/3/2011 10:38:03 PM | Computer Name = HAL | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/3/2011 10:38:03 PM | Computer Name = HAL | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/3/2011 10:38:03 PM | Computer Name = HAL | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/3/2011 10:38:07 PM | Computer Name = HAL | Source = Media Center Extender Services | ID = 36865
Description = ERROR: Device Service Listener - UDP networking failed. Error code
0x80072742.

Error - 9/4/2011 2:08:10 PM | Computer Name = HAL | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/4/2011 2:08:10 PM | Computer Name = HAL | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/4/2011 2:08:11 PM | Computer Name = HAL | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/4/2011 2:08:11 PM | Computer Name = HAL | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/4/2011 2:08:14 PM | Computer Name = HAL | Source = Media Center Extender Services | ID = 36865
Description = ERROR: Device Service Listener - UDP networking failed. Error code
0x80072742.

[ Media Center Events ]
Error - 5/20/2010 6:31:04 PM | Computer Name = HAL | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 5/20/2010 3:31:04 PM. You may need to reschedule your recordings.

[ System Events ]
Error - 9/4/2011 2:08:15 PM | Computer Name = HAL | Source = Service Control Manager | ID = 7001
Description = The Simple TCP/IP Services service depends on the AFD service which
failed to start because of the following error: %%31

Error - 9/4/2011 2:08:15 PM | Computer Name = HAL | Source = Service Control Manager | ID = 7001
Description = The Simple Mail Transfer Protocol (SMTP) service depends on the IIS
Admin service which failed to start because of the following error: %%2

Error - 9/4/2011 2:08:15 PM | Computer Name = HAL | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%10050

Error - 9/4/2011 2:08:15 PM | Computer Name = HAL | Source = Service Control Manager | ID = 7024
Description = The Media Center Extender Service service terminated with service-specific
error 2147549183 (0x8000FFFF).

Error - 9/4/2011 2:08:15 PM | Computer Name = HAL | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%2147952450

Error - 9/4/2011 2:08:20 PM | Computer Name = HAL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Imapi PxHelp20 sptd

Error - 9/4/2011 2:08:20 PM | Computer Name = HAL | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service IISADMIN with
arguments "" in order to run the server: {A9E69610-B80D-11D0-B9B9-00A0C922E750}

Error - 9/4/2011 2:08:20 PM | Computer Name = HAL | Source = Service Control Manager | ID = 7000
Description = The IIS Admin service failed to start due to the following error:
%%2

Error - 9/4/2011 2:09:02 PM | Computer Name = HAL | Source = Service Control Manager | ID = 7000
Description = The AFD service failed to start due to the following error: %%2

Error - 9/4/2011 2:09:02 PM | Computer Name = HAL | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the AFD service
which failed to start because of the following error: %%2


< End of report >

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:39 AM

Posted 04 September 2011 - 05:14 PM

There's scraps of malware in the log but I can see that you have also been running a number of tools, including Combofix. This means that I am missing quite a lot of info which will help me.

If you have Combofix still installed please find the log

Please go to Start >Run > and copy/paste the following, then press Enter

C:\QooBox\ComboFix-quarantined-files.txt

A log file should open. Please post that in your next reply.


Can you also tell me at what stage you lost the internet and what happened to stop the connection.
Posted Image
m0le is a proud member of UNITE

#10 TechnoBoob

TechnoBoob
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 05 September 2011 - 02:41 PM

I've thrown just about every program I can find at the infestation on my computer, like a blind man throwing darts hoping something would work. Dr. Web alone found like 30 trojans and everything seems to find something new. I didn't know about this board in time unfortunately.

So I lost Internet as soon as the virus appeared with that "worm.blaster" nonsense, the beginning of the infection. After I made a little headway and could use the comp again the Internet wouldn't connect. Most of the time I had it physically disconnected while running programs in safe mode. Even safe mode with networking wouldn't work. Now it just stops at the "Renewing your IP Address" stage

Here's the ComboFix quarantine file:


2022-04-03 08:02:24 . 2011-08-15 18:35:42 25,600 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB53062$\2362227829\U\@80000000.vir
2022-04-02 06:30:50 . 2011-08-15 08:12:22 33,280 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB53062$\2362227829\U\@800000c0.vir
2022-04-02 06:30:45 . 2011-08-15 08:12:40 1,536 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB53062$\2362227829\U\@000000cf.vir
2022-03-29 03:32:16 . 2011-08-15 08:12:21 41,360 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB53062$\2362227829\U\@00000001.vir
2022-03-27 23:41:24 . 2011-08-15 08:12:20 2,048 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB53062$\2362227829\U\@000000cb.vir
2022-03-27 23:41:24 . 2011-08-15 08:12:40 27,648 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB53062$\2362227829\U\@800000cb.vir
2022-03-27 23:41:24 . 2011-08-15 08:12:40 27,648 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB53062$\2362227829\U\@800000cf.vir
2022-03-26 00:03:45 . 2011-08-15 08:12:20 2,560 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB53062$\2362227829\U\@000000c0.vir
2011-08-26 20:07:40 . 2011-08-26 20:07:40 418 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Simtowerv1.0.reg.dat
2011-08-26 20:07:40 . 2011-08-26 20:07:40 410 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-SimAntv1.0.reg.dat
2011-08-26 20:07:30 . 2011-08-26 20:07:30 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-62250755.sys.reg.dat
2011-08-26 20:07:29 . 2011-08-26 20:07:29 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-14100671.sys.reg.dat
2011-08-26 20:07:29 . 2011-08-26 20:07:29 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-12129259.sys.reg.dat
2011-08-26 20:02:22 . 2004-09-13 19:15:24 53 ----a-w- C:\Qoobox\Quarantine\H\Autorun.inf.vir
2011-08-26 20:00:14 . 2011-08-26 20:00:14 115,217 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_flcss_.exe.zip
2011-08-26 20:00:13 . 2011-08-26 20:00:13 218 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_bride_.exe.zip
2011-08-26 20:00:12 . 2011-08-26 20:00:12 218 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_aavar_.pif.zip
2011-08-26 20:00:12 . 2011-08-26 20:00:12 218 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\_srv32_.exe.zip
2011-08-26 20:00:11 . 2011-08-26 20:00:11 222 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\_scrsvr_.exe.zip
2011-08-26 20:00:11 . 2011-08-26 20:00:11 222 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\_marco!_.scr.zip
2011-08-26 20:00:10 . 2011-08-26 20:00:10 222 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\_instit_.bat.zip
2011-08-26 20:00:09 . 2011-08-26 20:00:09 222 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\_brasil_.pif.zip
2011-08-26 20:00:09 . 2011-08-26 20:00:09 222 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\_brasil_.exe.zip
2011-08-26 20:00:08 . 2011-08-26 20:00:08 222 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\_alevir_.exe.zip
2011-08-26 19:59:32 . 2011-08-26 19:59:32 222 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB53062$\_3824069804_.zip
2011-08-26 19:59:25 . 2011-08-26 19:59:25 1,180 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_uixpyqoycabf.reg.dat
2011-08-26 19:59:25 . 2011-08-26 19:59:25 1,180 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_thgkrkexkuap.reg.dat
2011-08-26 19:59:25 . 2011-08-26 19:59:25 1,180 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pgqwsmlnghmp.reg.dat
2011-08-26 19:59:25 . 2011-08-26 19:59:25 838 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_uixpyqoycabf.reg.dat
2011-08-26 19:59:25 . 2011-08-26 19:59:25 838 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_thgkrkexkuap.reg.dat
2011-08-26 19:59:25 . 2011-08-26 19:59:25 838 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_pgqwsmlnghmp.reg.dat
2011-08-26 19:58:28 . 2011-08-26 19:58:28 3,896 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_KLAntiFL.reg.dat
2011-08-26 19:58:28 . 2011-08-26 19:58:28 1,276 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_KLANTIFL.reg.dat
2011-08-26 19:58:18 . 2011-08-29 07:46:43 6,663 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-08-26 19:41:08 . 2011-08-29 07:40:07 4,978 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-08-22 09:38:26 . 2011-08-22 09:38:17 8,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\pgqwsmlnghmp.sys.vir
2011-08-22 09:20:02 . 2011-08-26 19:49:14 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\alevir.exe.vir
2011-08-22 09:20:02 . 2011-08-26 19:49:14 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\srv32.exe.vir
2011-08-22 09:20:02 . 2011-08-26 19:49:14 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\instit.bat.vir
2011-08-22 09:20:02 . 2011-08-26 19:49:14 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\brasil.exe.vir
2011-08-22 09:20:02 . 2011-08-26 19:49:14 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\brasil.pif.vir
2011-08-22 09:20:02 . 2011-08-26 19:49:14 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\marco!.scr.vir
2011-08-22 09:20:02 . 2011-08-26 19:49:14 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\scrsvr.exe.vir
2011-08-22 09:20:02 . 2011-08-26 19:49:14 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\aavar.pif.vir
2011-08-22 09:20:02 . 2011-08-26 19:49:14 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\bride.exe.vir
2011-08-22 09:20:02 . 2011-08-26 19:59:40 135,232 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\flcss.exe.vir
2011-08-22 06:10:56 . 2011-08-22 06:10:56 135,232 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\flcss.bkp.vir
2011-08-22 06:10:56 . 2011-08-22 06:10:56 12,714 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\flcss.sys.vir
2011-08-17 21:28:48 . 2011-08-17 21:27:06 8,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\uixpyqoycabf.sys.vir
2011-08-17 21:21:32 . 2011-08-17 21:21:25 8,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\thgkrkexkuap.sys.vir
2011-08-15 08:16:11 . 2011-08-15 08:16:11 2,144 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB53062$\2362227829\click.tlb.vir
2011-08-15 08:16:10 . 2011-08-17 20:48:55 2,540 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB53062$\2362227829\loader.tlb.vir
2011-08-15 08:08:08 . 2011-08-17 20:45:24 2,048 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB53062$\2362227829\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}.vir
2011-08-15 08:08:08 . 2011-08-17 20:45:24 75,264 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB53062$\2362227829\L\nelybswr.vir
2011-08-04 07:22:10 . 2011-08-04 07:22:26 1,518 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jim\Templates\hw750w16jftl13756nft5r2mrmnkc01524d4lc8n0u.vir
2011-08-04 07:22:10 . 2011-08-04 07:22:10 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jim\Templates\umkm.exe.vir
2011-08-04 07:22:10 . 2011-08-04 07:22:10 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jim\Local Settings\Application Data\qebn.exe.vir
2011-08-04 07:22:10 . 2011-08-04 07:22:10 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jim\Templates\vrpq.exe.vir
2011-08-04 07:22:10 . 2011-08-04 07:22:10 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jim\Local Settings\Application Data\uxbg.exe.vir
2011-08-04 07:22:10 . 2011-08-04 07:22:10 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jim\Templates\nwqk.exe.vir
2011-08-04 07:22:10 . 2011-08-04 07:22:10 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jim\Local Settings\Application Data\osyt.exe.vir
2011-08-04 07:22:10 . 2011-08-04 07:22:10 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jim\Templates\rriw.exe.vir
2011-08-04 07:22:09 . 2011-08-04 07:22:09 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jim\Local Settings\Application Data\rbgs.exe.vir
2011-02-12 08:32:35 . 2010-04-23 15:38:16 4,096 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Administrator.HAL\Local Settings\Temporary Internet Files\._Content.IE5.vir
2011-02-12 08:32:35 . 2010-04-23 15:38:16 4,096 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Administrator.HAL\Local Settings\Temporary Internet Files\._desktop.ini.vir
2010-04-26 02:35:07 . 2010-04-26 02:35:07 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\winhelp.ini.vir
2010-04-25 21:46:10 . 2010-04-23 15:38:16 4,096 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Owner.Hal.JIM-6DEA5C921EF\Local Settings\Temporary Internet Files\._Content.IE5.vir
2010-04-25 21:46:10 . 2010-04-23 15:38:16 4,096 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Owner.Hal.JIM-6DEA5C921EF\Local Settings\Temporary Internet Files\._desktop.ini.vir
2010-04-24 17:40:21 . 2010-01-04 06:41:16 487,424 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Owner.HAL\Desktop\Setup.exe.vir
2010-04-24 17:39:39 . 2010-04-23 15:56:58 4,096 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Owner.HAL\Cookies\._index.dat.vir
2010-04-24 17:35:21 . 2009-01-18 06:15:42 1,906 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Owner.HAL\Application Data\MiniDm\history.dat.vir
2010-04-24 17:35:21 . 2009-01-18 06:15:42 457 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Owner.HAL\Application Data\MiniDm\conf.ini.vir
2010-04-24 17:34:37 . 2010-04-21 19:13:32 317 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Owner.HAL\Application Data\EurekaLog\EurekaLog.ini.vir
2010-04-24 17:24:33 . 2009-03-02 03:53:18 87,608 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Owner.HAL\Application Data\inst.exe.vir
2010-04-24 17:23:56 . 2010-04-23 15:39:18 4,096 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\._desktop.ini.vir
2010-04-24 17:23:56 . 2010-04-23 15:39:18 4,096 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\._Content.IE5.vir
2010-04-24 17:23:52 . 2010-04-23 15:38:38 4,096 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\._desktop.ini.vir
2010-04-24 17:23:52 . 2010-04-23 15:38:38 4,096 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\._Content.IE5.vir
2010-04-24 17:12:41 . 2009-07-18 08:04:16 268 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\master.vir
2010-04-24 17:12:38 . 2010-04-23 15:11:44 4,096 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\._desktop.ini.vir

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:39 AM

Posted 05 September 2011 - 08:25 PM

Okay, we do need to update Combofix and rerun it at this stage.

The loss of the internet is usually caused by what is called a LSP being removed from a chain. Malware adds these in and when they are removed it breaks the chain and you lose your connection. This can be fixed by using winsockxp but I see you have already tried this, which means that either this is not the cause or there is still infection in your machine.


Please delete your copy of Combofix and download and run as shown below

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#12 TechnoBoob

TechnoBoob
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 05 September 2011 - 09:02 PM

From comfix (ComboFix) it says I don't have the "Microsoft Windows recovery console" installed, and because I can't get on the Internet I ran the scan without it. If it's possible to get this another way and you want me to use it let me know. I'm transferring everything right now from a laptop to the infected computer. Here's the log file:

ComboFix 11-09-05.05 - Jim 09/05/2011 18:49:09.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2507 [GMT -7:00]
Running from: c:\documents and settings\Jim\Desktop\comfix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Outdated* {00000000-0000-0000-0000-000000000000}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Norton Security Suite *Enabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator.HAL\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Administrator.HAL\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.17d07ae.ini
c:\documents and settings\Administrator.HAL\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.2179782a.ini
c:\documents and settings\Administrator.HAL\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.81b697dd.ini
c:\documents and settings\Administrator.HAL\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.b84f5a9f.ini
c:\documents and settings\Administrator.HAL\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Administrator.HAL\Local Settings\Application Data\ApplicationHistory\RegisterMCEApp.exe.19d07aaf.ini
c:\documents and settings\Administrator.HAL\Local Settings\Application Data\ApplicationHistory\SL99.tmp.30493629.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.17d07ae.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.2179782a.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.81b697dd.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.b84f5a9f.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\RegisterMCEApp.exe.19d07aaf.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL99.tmp.30493629.ini
c:\documents and settings\Jim\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Jim\Local Settings\Application Data\ApplicationHistory\ehshell.exe.a87fcbb.ini
c:\documents and settings\Jim\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.65079473.ini
c:\documents and settings\Jim\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Jim\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini
c:\documents and settings\Jim\Local Settings\Application Data\ApplicationHistory\RegisterMCEApp.exe.19d07aaf.ini
c:\documents and settings\Jim\Local Settings\Application Data\ApplicationHistory\SL92.tmp.e86ddc3f.ini
c:\documents and settings\Owner.Hal.JIM-6DEA5C921EF\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Owner.Hal.JIM-6DEA5C921EF\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.17d07ae.ini
c:\documents and settings\Owner.Hal.JIM-6DEA5C921EF\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.2179782a.ini
c:\documents and settings\Owner.Hal.JIM-6DEA5C921EF\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.81b697dd.ini
c:\documents and settings\Owner.Hal.JIM-6DEA5C921EF\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.b84f5a9f.ini
c:\documents and settings\Owner.Hal.JIM-6DEA5C921EF\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Owner.Hal.JIM-6DEA5C921EF\Local Settings\Application Data\ApplicationHistory\RegisterMCEApp.exe.19d07aaf.ini
c:\documents and settings\Owner.Hal.JIM-6DEA5C921EF\Local Settings\Application Data\ApplicationHistory\SL99.tmp.30493629.ini
c:\documents and settings\Owner.HAL\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Owner.HAL\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini
c:\documents and settings\Owner.HAL\Local Settings\Application Data\ApplicationHistory\MBKInstaller.exe.7de71b57.ini
c:\documents and settings\Owner.HAL\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.17d07ae.ini
c:\documents and settings\Owner.HAL\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.2179782a.ini
c:\documents and settings\Owner.HAL\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.81b697dd.ini
c:\documents and settings\Owner.HAL\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.b84f5a9f.ini
c:\documents and settings\Owner.HAL\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Owner.HAL\Local Settings\Application Data\ApplicationHistory\RegisterMCEApp.exe.19d07aaf.ini
c:\documents and settings\Owner.HAL\Local Settings\Application Data\ApplicationHistory\SL99.tmp.30493629.ini
c:\windows\kb913800.exe
c:\windows\system32\Cache
.
.
((((((((((((((((((((((((( Files Created from 2011-08-06 to 2011-09-06 )))))))))))))))))))))))))))))))
.
.
2011-08-29 08:59 . 2001-08-23 12:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2011-08-29 08:58 . 2011-08-29 09:00 -------- d-----w- C:\Inetpub
2011-08-29 05:49 . 2011-08-29 05:49 -------- d-----w- C:\RRTVAULT
2011-08-27 20:24 . 2011-08-29 08:38 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2011-08-27 02:22 . 2011-08-27 02:22 39192 ----a-w- c:\windows\system32\Partizan.exe
2011-08-27 02:22 . 2011-08-27 02:22 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2011-08-27 02:22 . 2011-08-27 02:22 2 --shatr- c:\windows\winstart.bat
2011-08-27 02:22 . 2011-07-27 20:59 11040 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2011-08-27 02:22 . 2011-08-27 02:22 -------- d-----w- c:\program files\UnHackMe
2011-08-26 20:41 . 2011-08-26 20:41 -------- d-----w- c:\program files\SanityCheck
2011-08-26 20:41 . 2010-08-24 00:07 27192 ----a-w- c:\windows\system32\drivers\rspSanity32.sys
2011-08-26 20:40 . 2011-08-26 20:40 -------- d-----w- c:\program files\StuxnetRemover
2011-08-23 06:46 . 2010-05-26 18:39 6144 ------w- c:\windows\system32\5.tmp
2011-08-23 06:46 . 2010-05-26 18:39 6144 ------w- c:\windows\system32\4.tmp
2011-08-23 06:46 . 2010-05-26 18:39 6144 ------w- c:\windows\system32\3.tmp
2011-08-23 06:09 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-23 06:09 . 2011-08-23 06:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-23 06:09 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 09:29 . 2011-08-22 09:29 -------- d-----w- c:\documents and settings\Jim\Application Data\GetRightToGo
2011-08-22 09:20 . 2011-08-22 09:20 -------- d-----w- c:\program files\microsoft frontpage
2011-08-17 21:46 . 2011-08-17 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-08-17 21:17 . 2011-08-17 21:17 -------- d-----w- C:\TDSSKiller_Quarantine
2011-08-17 20:48 . 2011-08-17 20:48 -------- d-----w- c:\documents and settings\Jim\Local Settings\Application Data\Norman Malware Cleaner
2011-08-17 19:28 . 2011-08-22 03:32 -------- d-----w- c:\documents and settings\Jim\DoctorWeb
2011-08-17 04:13 . 2011-08-17 04:13 -------- d-----w- c:\documents and settings\Administrator.HAL\Pavark
2011-08-17 03:04 . 2010-05-26 18:39 6144 ------w- c:\windows\system32\E.tmp
2011-08-17 03:03 . 2010-05-26 18:39 6144 ------w- c:\windows\system32\D.tmp
2011-08-17 03:03 . 2010-05-26 18:39 6144 ------w- c:\windows\system32\C.tmp
2011-08-16 07:51 . 2011-07-21 21:59 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-08-16 07:51 . 2011-08-16 07:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-08-16 07:51 . 2011-08-16 07:51 -------- d-----w- c:\program files\Lavasoft
2011-08-16 07:36 . 2011-08-16 07:36 5607 ----a-w- c:\windows\~GLH0000.TMP
2011-08-16 07:36 . 2011-08-16 07:36 104688 ----a-w- c:\windows\~GLC0000.TMP
2011-08-16 07:16 . 2011-08-16 09:00 -------- d-----w- c:\documents and settings\All Users\Application Data\AntiVir PersonalEdition Classic
2011-08-16 07:16 . 2006-02-24 00:17 32768 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-08-16 07:16 . 2005-07-04 18:58 14848 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-08-16 07:11 . 2011-08-16 07:11 -------- d-----w- c:\documents and settings\Administrator.HAL\Application Data\Windows Search
2011-08-16 07:08 . 2011-08-17 20:45 43408 --sha-w- c:\windows\system32\c_36130.nl_
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-17 21:18 . 2004-08-10 11:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-06-24 21:36 . 2011-05-03 18:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-26_20.02.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-23 08:14 . 2008-04-14 00:12 39936 c:\windows\system32\wbem\snmpthrd.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 10240 c:\windows\system32\wbem\snmpstup.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 15872 c:\windows\system32\wbem\snmp\smierrsm.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 33280 c:\windows\system32\snmp.exe
+ 2011-08-29 09:00 . 2001-08-18 05:36 12288 c:\windows\system32\smtpctrs.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 18944 c:\windows\system32\simptcp.dll
+ 2011-08-29 09:00 . 2001-08-18 05:36 23040 c:\windows\system32\regtrace.exe
+ 2004-08-10 11:00 . 2011-08-29 09:01 90162 c:\windows\system32\perfc009.dat
+ 2010-04-23 08:14 . 2008-04-14 00:11 33792 c:\windows\system32\lmmib2.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 35328 c:\windows\system32\iprip.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 13312 c:\windows\system32\infoadmn.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 53248 c:\windows\system32\inetsrv\wamreg.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 76800 c:\windows\system32\inetsrv\wam.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 73728 c:\windows\system32\inetsrv\w3ext.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 33792 c:\windows\system32\inetsrv\tools.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 46592 c:\windows\system32\inetsrv\svcext.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 16896 c:\windows\system32\inetsrv\status.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 46592 c:\windows\system32\inetsrv\sspifilt.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 45056 c:\windows\system32\inetsrv\ssinc.dll
+ 2011-08-29 09:00 . 2001-08-18 05:36 26112 c:\windows\system32\inetsrv\seos.dll
+ 2011-08-29 09:00 . 2001-08-18 05:36 57856 c:\windows\system32\inetsrv\scripto.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 20992 c:\windows\system32\inetsrv\PermChk.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 31744 c:\windows\system32\inetsrv\PageCnt.dll
+ 2011-08-29 09:00 . 2001-08-18 05:36 38912 c:\windows\system32\inetsrv\ntfsdrv.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 44544 c:\windows\system32\inetsrv\nsepm.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 53248 c:\windows\system32\inetsrv\NEXTLINK.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 85504 c:\windows\system32\inetsrv\metadata.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 26624 c:\windows\system32\inetsrv\mdsync.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 37888 c:\windows\system32\inetsrv\md5filt.dll
+ 2011-08-29 09:00 . 2001-08-18 05:36 65536 c:\windows\system32\inetsrv\mailmsg.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 13312 c:\windows\system32\inetsrv\lonsint.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 22016 c:\windows\system32\inetsrv\logscrpt.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 26624 c:\windows\system32\inetsrv\iscomlog.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 68608 c:\windows\system32\inetsrv\isatq.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 30720 c:\windows\system32\inetsrv\iisrstas.exe
+ 2010-04-23 08:14 . 2008-04-14 00:11 79872 c:\windows\system32\inetsrv\iislog.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 19456 c:\windows\system32\inetsrv\iiscrmap.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 60928 c:\windows\system32\inetsrv\iisclex4.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 25088 c:\windows\system32\inetsrv\iisadmin.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 61440 c:\windows\system32\inetsrv\httpodbc.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 32256 c:\windows\system32\inetsrv\gzip.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 42496 c:\windows\system32\inetsrv\davcdata.exe
+ 2011-08-29 08:59 . 2001-08-23 12:00 20480 c:\windows\system32\inetsrv\counters.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 33792 c:\windows\system32\inetsrv\ContRot.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 24064 c:\windows\system32\inetsrv\compfilt.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 46592 c:\windows\system32\inetsrv\coadmin.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 45568 c:\windows\system32\inetsrv\browscap.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 29184 c:\windows\system32\inetsrv\asptxn.dll
+ 2011-08-29 09:00 . 2001-08-18 05:36 45056 c:\windows\system32\inetsrv\aqadmin.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 49664 c:\windows\system32\inetsrv\ADROT.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 29696 c:\windows\system32\inetsrv\admexs.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 19968 c:\windows\system32\inetsloc.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 14336 c:\windows\system32\iisreset.exe
+ 2010-04-23 08:14 . 2008-04-14 00:11 64512 c:\windows\system32\iismap.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 68608 c:\windows\system32\iisext.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 39936 c:\windows\system32\hostmib.dll
+ 2011-08-29 09:00 . 2001-08-18 05:36 43520 c:\windows\system32\fcachdll.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 14336 c:\windows\system32\exstrace.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 92160 c:\windows\system32\evntwin.exe
+ 2010-04-23 08:14 . 2008-04-14 00:12 24064 c:\windows\system32\evntcmd.exe
+ 2010-04-23 08:14 . 2008-04-14 00:12 53248 c:\windows\system32\dllcache\wamreg51.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 76800 c:\windows\system32\dllcache\wam51.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 73728 c:\windows\system32\dllcache\w3ext.dll
- 2010-04-23 07:14 . 2004-08-10 11:00 73728 c:\windows\system32\dllcache\w3ext.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 33792 c:\windows\system32\dllcache\tools.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 46592 c:\windows\system32\dllcache\svcext51.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 16896 c:\windows\system32\dllcache\status.dll
- 2010-04-23 07:14 . 2004-08-10 11:00 16896 c:\windows\system32\dllcache\status.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 46592 c:\windows\system32\dllcache\sspifilt.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 45056 c:\windows\system32\dllcache\ssinc51.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 39936 c:\windows\system32\dllcache\snmpthrd.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 10240 c:\windows\system32\dllcache\snmpstup.dll
- 2010-04-23 07:14 . 2004-08-10 11:00 10240 c:\windows\system32\dllcache\snmpstup.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 33280 c:\windows\system32\dllcache\snmp.exe
+ 2010-04-23 08:14 . 2008-04-14 00:12 10752 c:\windows\system32\dllcache\smtpapi.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 15872 c:\windows\system32\dllcache\smierrsm.dll
- 2010-04-23 07:14 . 2004-08-10 11:00 15872 c:\windows\system32\dllcache\smierrsm.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 18944 c:\windows\system32\dllcache\simptcp.dll
- 2010-04-23 07:14 . 2004-08-10 11:00 18944 c:\windows\system32\dllcache\simptcp.dll
- 2010-04-23 07:13 . 2004-08-10 11:00 20992 c:\windows\system32\dllcache\permchk.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 20992 c:\windows\system32\dllcache\permchk.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 31744 c:\windows\system32\dllcache\pagecnt.dll
- 2010-04-23 07:13 . 2004-08-10 11:00 31744 c:\windows\system32\dllcache\pagecnt.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 44544 c:\windows\system32\dllcache\nsepm.dll
- 2010-04-23 07:13 . 2004-08-10 11:00 53248 c:\windows\system32\dllcache\nextlink.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 53248 c:\windows\system32\dllcache\nextlink.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 85504 c:\windows\system32\dllcache\metada51.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 26624 c:\windows\system32\dllcache\mdsync.dll
- 2010-04-23 07:13 . 2004-08-10 11:00 26624 c:\windows\system32\dllcache\mdsync.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 37888 c:\windows\system32\dllcache\md5filt.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 13312 c:\windows\system32\dllcache\lonsint.dll
- 2010-04-23 07:13 . 2004-08-10 11:00 22016 c:\windows\system32\dllcache\logscrpt.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 22016 c:\windows\system32\dllcache\logscrpt.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 33792 c:\windows\system32\dllcache\lmmib2.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 26624 c:\windows\system32\dllcache\iscomlog.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 68608 c:\windows\system32\dllcache\isatq.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 35328 c:\windows\system32\dllcache\iprip.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 13312 c:\windows\system32\dllcache\infoadmn.dll
- 2010-04-23 07:12 . 2004-08-10 11:00 19968 c:\windows\system32\dllcache\inetsloc.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 19968 c:\windows\system32\dllcache\inetsloc.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 30720 c:\windows\system32\dllcache\iisrstas.exe
- 2010-04-23 07:12 . 2004-08-10 11:00 14336 c:\windows\system32\dllcache\iisreset.exe
+ 2011-08-29 08:59 . 2001-08-23 12:00 14336 c:\windows\system32\dllcache\iisreset.exe
+ 2010-04-23 08:14 . 2008-04-14 00:11 64512 c:\windows\system32\dllcache\iismap.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 79872 c:\windows\system32\dllcache\iislog51.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 68608 c:\windows\system32\dllcache\iisext51.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 19456 c:\windows\system32\dllcache\iiscrmap.dll
- 2010-04-23 07:13 . 2004-08-10 11:00 19456 c:\windows\system32\dllcache\iiscrmap.dll
- 2010-04-23 07:13 . 2004-08-10 11:00 60928 c:\windows\system32\dllcache\iisclex4.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 60928 c:\windows\system32\dllcache\iisclex4.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 25088 c:\windows\system32\dllcache\iisadmin.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 61440 c:\windows\system32\dllcache\httpod51.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 39936 c:\windows\system32\dllcache\hostmib.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 32256 c:\windows\system32\dllcache\gzip.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 14336 c:\windows\system32\dllcache\exstrace.dll
- 2010-04-23 07:14 . 2001-08-18 05:36 12288 c:\windows\system32\dllcache\EXCH_smtpctrs.dll
+ 2011-08-29 09:00 . 2001-08-18 05:36 12288 c:\windows\system32\dllcache\EXCH_smtpctrs.dll
- 2010-04-23 07:14 . 2001-08-18 05:36 26112 c:\windows\system32\dllcache\EXCH_seos.dll
+ 2011-08-29 09:00 . 2001-08-18 05:36 26112 c:\windows\system32\dllcache\EXCH_seos.dll
- 2010-04-23 07:14 . 2001-08-18 05:36 57856 c:\windows\system32\dllcache\EXCH_scripto.dll
+ 2011-08-29 09:00 . 2001-08-18 05:36 57856 c:\windows\system32\dllcache\EXCH_scripto.dll
- 2010-04-23 07:14 . 2001-08-18 05:36 23040 c:\windows\system32\dllcache\EXCH_regtrace.exe
+ 2011-08-29 09:00 . 2001-08-18 05:36 23040 c:\windows\system32\dllcache\EXCH_regtrace.exe
- 2010-04-23 07:13 . 2001-08-18 05:36 38912 c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
+ 2011-08-29 09:00 . 2001-08-18 05:36 38912 c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
- 2010-04-23 07:13 . 2001-08-18 05:36 65536 c:\windows\system32\dllcache\EXCH_mailmsg.dll
+ 2011-08-29 09:00 . 2001-08-18 05:36 65536 c:\windows\system32\dllcache\EXCH_mailmsg.dll
- 2010-04-23 07:13 . 2001-08-18 05:36 43520 c:\windows\system32\dllcache\EXCH_fcachdll.dll
+ 2011-08-29 09:00 . 2001-08-18 05:36 43520 c:\windows\system32\dllcache\EXCH_fcachdll.dll
- 2010-04-23 07:13 . 2001-08-18 05:36 45056 c:\windows\system32\dllcache\EXCH_aqadmin.dll
+ 2011-08-29 09:00 . 2001-08-18 05:36 45056 c:\windows\system32\dllcache\EXCH_aqadmin.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 92160 c:\windows\system32\dllcache\evntwin.exe
+ 2010-04-23 08:14 . 2008-04-14 00:12 24064 c:\windows\system32\dllcache\evntcmd.exe
+ 2010-04-23 08:14 . 2008-04-14 00:12 42496 c:\windows\system32\dllcache\davcdata.exe
- 2010-04-23 07:13 . 2004-08-10 11:00 20480 c:\windows\system32\dllcache\counters.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 20480 c:\windows\system32\dllcache\counters.dll
- 2010-04-23 07:13 . 2004-08-10 11:00 56320 c:\windows\system32\dllcache\convlog.exe
+ 2011-08-29 08:59 . 2001-08-23 12:00 56320 c:\windows\system32\dllcache\convlog.exe
+ 2011-08-29 08:59 . 2001-08-23 12:00 33792 c:\windows\system32\dllcache\controt.dll
- 2010-04-23 07:13 . 2004-08-10 11:00 33792 c:\windows\system32\dllcache\controt.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 24064 c:\windows\system32\dllcache\compfilt.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 46592 c:\windows\system32\dllcache\coadmin.dll
- 2010-04-23 07:13 . 2004-08-10 11:00 45568 c:\windows\system32\dllcache\browscap.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 45568 c:\windows\system32\dllcache\browscap.dll
- 2010-04-23 07:13 . 2004-08-10 11:00 29184 c:\windows\system32\dllcache\asptxn.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 29184 c:\windows\system32\dllcache\asptxn.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 10240 c:\windows\system32\dllcache\aspperf.dll
- 2010-04-23 07:13 . 2004-08-10 11:00 10240 c:\windows\system32\dllcache\aspperf.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 49664 c:\windows\system32\dllcache\adrot.dll
- 2010-04-23 07:13 . 2004-08-10 11:00 49664 c:\windows\system32\dllcache\adrot.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 43520 c:\windows\system32\dllcache\admwprox.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 29696 c:\windows\system32\dllcache\admexs.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 56320 c:\windows\system32\convlog.exe
+ 2011-08-29 08:59 . 2001-08-23 12:00 10240 c:\windows\system32\aspperf.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 43520 c:\windows\system32\admwprox.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 5632 c:\windows\system32\wbem\snmp\smimsgif.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 5632 c:\windows\system32\wbem\snmp\smierrsy.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 7168 c:\windows\system32\wamregps.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 5632 c:\windows\system32\w3svapi.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 4608 c:\windows\system32\w3ctrs.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 8192 c:\windows\system32\staxmem.dll
+ 2011-08-29 09:00 . 2001-08-18 05:36 7168 c:\windows\system32\snprfdll.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 8704 c:\windows\system32\snmptrap.exe
+ 2010-04-23 08:14 . 2008-04-14 00:12 6144 c:\windows\system32\snmpmib.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 8704 c:\windows\system32\infoctrs.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 9216 c:\windows\system32\inetsrv\wamps.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 4096 c:\windows\system32\inetsrv\rpcref.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 7680 c:\windows\system32\inetsrv\pwsdata.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 9216 c:\windows\system32\inetsrv\iwrps.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 7168 c:\windows\system32\inetsrv\isapips.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 7680 c:\windows\system32\inetsrv\inetmgr.exe
+ 2011-08-29 08:59 . 2001-08-23 12:00 6656 c:\windows\system32\inetsrv\iissync.exe
+ 2010-04-23 08:14 . 2008-04-14 00:11 7168 c:\windows\system32\inetsrv\iisfecnv.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 8192 c:\windows\system32\inetsrv\httpmib.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 6144 c:\windows\system32\inetsrv\ftpmib.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 9216 c:\windows\system32\inetsrv\authfilt.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 5632 c:\windows\system32\iisrstap.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 3584 c:\windows\system32\iismui.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 6144 c:\windows\system32\ftpsapi2.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 7680 c:\windows\system32\ftpctrs2.dll
- 2010-04-23 07:13 . 2004-08-10 11:00 7168 c:\windows\system32\dllcache\wamregps.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 7168 c:\windows\system32\dllcache\wamregps.dll
- 2010-04-23 07:14 . 2004-08-10 11:00 5632 c:\windows\system32\dllcache\w3svapi.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 5632 c:\windows\system32\dllcache\w3svapi.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 4608 c:\windows\system32\dllcache\w3ctrs51.dll
- 2010-04-23 07:14 . 2004-08-10 11:00 4608 c:\windows\system32\dllcache\w3ctrs51.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 8192 c:\windows\system32\dllcache\staxmem.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 8704 c:\windows\system32\dllcache\snmptrap.exe
+ 2010-04-23 08:14 . 2008-04-14 00:12 6144 c:\windows\system32\dllcache\snmpmib.dll
- 2010-04-23 07:14 . 2004-08-10 11:00 5632 c:\windows\system32\dllcache\smimsgif.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 5632 c:\windows\system32\dllcache\smimsgif.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 5632 c:\windows\system32\dllcache\smierrsy.dll
- 2010-04-23 07:14 . 2004-08-10 11:00 5632 c:\windows\system32\dllcache\smierrsy.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 9728 c:\windows\system32\dllcache\rwnh.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 4096 c:\windows\system32\dllcache\rpcref.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 7680 c:\windows\system32\dllcache\pwsdata.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 9216 c:\windows\system32\dllcache\iwrps.dll
- 2010-04-23 07:13 . 2004-08-10 11:00 9216 c:\windows\system32\dllcache\iwrps.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 7168 c:\windows\system32\dllcache\isapips.dll
- 2010-04-23 07:13 . 2004-08-10 11:00 7168 c:\windows\system32\dllcache\isapips.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 8704 c:\windows\system32\dllcache\infoctrs.dll
- 2010-04-23 07:13 . 2004-08-10 11:00 8704 c:\windows\system32\dllcache\infoctrs.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 7680 c:\windows\system32\dllcache\inetmgr.exe
- 2010-04-23 07:12 . 2004-08-10 11:00 7680 c:\windows\system32\dllcache\inetmgr.exe
+ 2011-08-29 08:59 . 2001-08-23 12:00 6656 c:\windows\system32\dllcache\iissync.exe
- 2010-04-23 07:13 . 2004-08-10 11:00 6656 c:\windows\system32\dllcache\iissync.exe
+ 2011-08-29 08:59 . 2001-08-23 12:00 5632 c:\windows\system32\dllcache\iisrstap.dll
- 2010-04-23 07:12 . 2004-08-10 11:00 5632 c:\windows\system32\dllcache\iisrstap.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 3584 c:\windows\system32\dllcache\iismui.dll
- 2010-04-23 07:13 . 2004-08-10 11:00 3584 c:\windows\system32\dllcache\iismui.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 7168 c:\windows\system32\dllcache\iisfecnv.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 8192 c:\windows\system32\dllcache\httpmb51.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 6144 c:\windows\system32\dllcache\ftpsapi2.dll
- 2010-04-23 07:12 . 2004-08-10 11:00 6144 c:\windows\system32\dllcache\ftpsapi2.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 6144 c:\windows\system32\dllcache\ftpmib.dll
- 2010-04-23 07:13 . 2004-08-10 11:00 7680 c:\windows\system32\dllcache\ftpctrs2.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 7680 c:\windows\system32\dllcache\ftpctrs2.dll
+ 2011-08-29 09:00 . 2001-08-18 05:36 7168 c:\windows\system32\dllcache\EXCH_snprfdll.dll
- 2010-04-23 07:14 . 2001-08-18 05:36 7168 c:\windows\system32\dllcache\EXCH_snprfdll.dll
+ 2011-08-29 09:00 . 2001-08-18 05:36 5632 c:\windows\system32\dllcache\EXCH_adsiisex.dll
- 2010-04-23 07:13 . 2001-08-18 05:36 5632 c:\windows\system32\dllcache\EXCH_adsiisex.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 9216 c:\windows\system32\dllcache\authfilt.dll
- 2010-04-23 07:13 . 2004-08-10 11:00 9216 c:\windows\system32\dllcache\authfilt.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 6144 c:\windows\system32\dllcache\admxprox.dll
- 2010-04-23 07:13 . 2004-08-10 11:00 6144 c:\windows\system32\dllcache\admxprox.dll
+ 2011-08-29 09:00 . 2001-08-18 05:36 5632 c:\windows\system32\adsiisex.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 6144 c:\windows\system32\admxprox.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 188416 c:\windows\system32\wbem\snmpsmir.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 358400 c:\windows\system32\wbem\snmpincl.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 259072 c:\windows\system32\wbem\snmpcl.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 236544 c:\windows\system32\wbem\snmp\smi2smir.exe
+ 2004-08-10 11:00 . 2011-08-29 09:01 489868 c:\windows\system32\perfh009.dat
+ 2010-04-23 08:14 . 2008-04-14 00:12 364032 c:\windows\system32\inetsrv\w3svc.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 103424 c:\windows\system32\inetsrv\uihelper.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 456192 c:\windows\system32\inetsrv\smtpsvc.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 257024 c:\windows\system32\inetsrv\infocomm.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 829440 c:\windows\system32\inetsrv\inetmgr.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 169984 c:\windows\system32\inetsrv\iisui.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 145408 c:\windows\system32\inetsrv\iischema.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 268288 c:\windows\system32\inetsrv\httpext.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 125952 c:\windows\system32\inetsrv\ftpsvc2.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 369664 c:\windows\system32\inetsrv\asp.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 331264 c:\windows\system32\inetsrv\aqueue.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 108544 c:\windows\system32\inetsrv\AppConf.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 133632 c:\windows\system32\iisRtl.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 101888 c:\windows\system32\evntagnt.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 364032 c:\windows\system32\dllcache\w3svc.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 103424 c:\windows\system32\dllcache\uihelper.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 188416 c:\windows\system32\dllcache\snmpsmir.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 358400 c:\windows\system32\dllcache\snmpincl.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 259072 c:\windows\system32\dllcache\snmpcl.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 456192 c:\windows\system32\dllcache\smtpsvc.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 189440 c:\windows\system32\dllcache\smtpadm.dll
+ 2010-04-23 08:14 . 2008-04-14 00:12 236544 c:\windows\system32\dllcache\smi2smir.exe
+ 2010-04-23 08:14 . 2008-04-14 00:12 221696 c:\windows\system32\dllcache\seo.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 257024 c:\windows\system32\dllcache\infocomm.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 829440 c:\windows\system32\dllcache\inetmgr.dll
- 2010-04-23 07:12 . 2004-08-10 11:00 169984 c:\windows\system32\dllcache\iisui.dll
+ 2011-08-29 08:59 . 2001-08-23 12:00 169984 c:\windows\system32\dllcache\iisui.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 133632 c:\windows\system32\dllcache\iisrtl.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 145408 c:\windows\system32\dllcache\iische51.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 268288 c:\windows\system32\dllcache\httpext.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 125952 c:\windows\system32\dllcache\ftpsv251.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 101888 c:\windows\system32\dllcache\evntagnt.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 369664 c:\windows\system32\dllcache\asp51.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 331264 c:\windows\system32\dllcache\aqueue.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 108544 c:\windows\system32\dllcache\appconf.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 290816 c:\windows\system32\dllcache\adsiis51.dll
+ 2010-04-23 08:14 . 2008-04-14 00:11 290816 c:\windows\system32\adsiis.dll
+ 2011-08-29 08:47 . 2011-07-23 05:02 178678 c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
+ 2010-04-23 08:14 . 2008-04-14 00:12 2134528 c:\windows\system32\dllcache\smtpsnap.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"UnHackMe Monitor"="c:\program files\UnHackMe\hackmon.exe" [2011-07-27 594192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-11 413696]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-12 1282048]
"avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2006-01-18 229416]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"RRT-Auto"="c:\documents and settings\Jim\Desktop\RRT.exe" [2011-08-29 5029888]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
._desktop.ini [2010-4-23 4096]
.
c:\documents and settings\Owner.Hal.JIM-6DEA5C921EF\Start Menu\Programs\Startup\
._desktop.ini [2010-4-23 4096]
.
c:\documents and settings\Administrator.HAL\Start Menu\Programs\Startup\
._desktop.ini [2010-4-23 4096]
.
c:\documents and settings\Owner.HAL\Start Menu\Programs\Startup\
._AutorunsDisabled [2010-4-23 4096]
._desktop.ini [2010-4-23 4096]
OneNote 2007 Screen Clipper and Launcher.lnk.disabled [2009-1-12 947]
.
c:\documents and settings\Owner.HAL\Start Menu\Programs\Startup\AutorunsDisabled
ImpulseNow.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [N/A]
.
c:\documents and settings\Jim\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
._desktop.ini [2010-4-23 4096]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Net-It Launcher"=c:\windows\system32\NILaunch.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 22992]
R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [8/16/2011 12:16 AM 14848]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/16/2011 12:51 AM 64512]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 5:12 AM 248656]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [8/16/2011 12:16 AM 32768]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 2:19 PM 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/10/2004 4:00 AM 14336]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [8/26/2011 7:22 PM 35816]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 12:03 PM 163840]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/21/2011 2:59 PM 2151640]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/3/2010 4:23 PM 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/3/2010 4:23 PM 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/3/2010 4:23 PM 27216]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1.tmp --> c:\windows\system32\1.tmp [?]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [8/27/2011 1:24 PM 24416]
S3 rkhdrv40;Rootkit Unhooker Driver; [x]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [8/26/2011 1:41 PM 27192]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - UnHackMeDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-07-21 21:59]
.
2011-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-838170752-682003330-1003Core.job
- c:\documents and settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-18 19:17]
.
2011-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-838170752-682003330-1003UA.job
- c:\documents and settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-18 19:17]
.
2011-06-17 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-05-26 19:16]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\33jng3cz.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-05 18:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1614895754-838170752-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(948)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\System32\BCMLogon.dll
.
Completion time: 2011-09-05 18:57:06
ComboFix-quarantined-files.txt 2011-09-06 01:56
ComboFix2.txt 2011-08-26 20:23
ComboFix3.txt 2011-08-26 20:08
.
Pre-Run: 211,284,160,512 bytes free
Post-Run: 211,272,654,848 bytes free
.
- - End Of File - - 140F84C474FCC5A962CCD00AA366E1D3

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:39 AM

Posted 06 September 2011 - 01:36 PM

I count four antiviruses running on the machine. Please uninstall or disable three of them.

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.


When you have done that please run MBAM

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#14 TechnoBoob

TechnoBoob
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 06 September 2011 - 02:54 PM

I uninstalled the other antivirus programs, it seems to say Norton is still there while it isn't. I was just using AVG for overall antivirus protection.

Is there a way I can update MBAM on another computer and transfer it to the infected one? I can't connect to the Internet on the infected computer.

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:39 AM

Posted 06 September 2011 - 03:16 PM

If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.


Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users