Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help removing this virus from my PC - Win32:Bredolab-AQ [Trj]


  • Please log in to reply

#1
illsun00

illsun00

    New Member

  • Member
  • Pip
  • 4 posts
Good Evening,

Please Help.

I have followed the Malware Removal Guide and performed Avast scans to no avail, below are the Log reports and details.

Win32:Bredolab-AQ [Trj] pops up roughly every 8-10 minutes and my PC is moving slower and slower.

OS - Windows XP
Security - Avast
Infection - Win32:Bredolab-AQ [Trj]



Logs:

Malwarebytes Anti-Malware
Malwarebytes' Anti-Malware 1.41
Database version: 3101
Windows 5.1.2600 Service Pack 3

11/4/2009 5:50:33 PM
mbam-log-2009-11-04 (17-50-33).txt

Scan type: Quick Scan
Objects scanned: 97943
Time elapsed: 4 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



RootRepeal
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/04 18:02
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9D15000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF89E3000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA90BA000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\documents and settings\user\application data\utorrent\resume.dat
Status: Size mismatch (API: 283594, Raw: 282352)

Path: C:\Documents and Settings\User\Application Data\uTorrent\resume.dat.old
Status: Could not get file information (Error 0xc0000008)

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9ec96b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9ec9574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9ec9a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9ec914c

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9ec964e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9ec908c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9ec90f0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9ec976e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9ec972e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9ec98ae

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys" at address 0xf8b44812

==EOF==


OTL
OTL logfile created on: 11/4/2009 6:34:03 PM - Run 2
OTL by OldTimer - Version 3.1.2.2 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.07 Mb Total Physical Memory | 99.87 Mb Available Physical Memory | 19.89% Memory free
1.20 Gb Paging File | 0.64 Gb Available in Paging File | 53.74% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 49.84 Gb Free Space | 66.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-A9A4C96CD5
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/02 11:43:35 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2009/10/30 18:02:05 | 00,788,368 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/10/30 18:01:54 | 01,179,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/10/25 19:16:44 | 00,289,072 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/09/15 06:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/09/15 06:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/09/15 06:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/09/15 06:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/09/15 06:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/07/30 14:44:27 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/07/30 14:44:25 | 00,122,368 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/07/10 12:59:22 | 00,195,072 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2009/05/26 20:06:32 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2009/05/12 10:36:18 | 00,623,888 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/02/06 16:02:14 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/01/28 20:46:29 | 01,404,928 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2009/01/12 08:54:02 | 00,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/12/24 17:39:20 | 01,540,288 | ---- | M] (Leader Technologies Inc.) -- C:\Program Files\LTCM Client\ltcmClient.exe
PRC - [2008/12/08 14:50:04 | 00,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe
PRC - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/11 21:43:26 | 00,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/11 04:25:42 | 06,731,312 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
PRC - [2007/05/30 07:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
PRC - [2006/08/14 07:41:28 | 00,114,688 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2006/08/14 07:39:08 | 00,098,304 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2006/08/14 07:38:08 | 00,094,208 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2006/03/20 16:34:50 | 00,213,936 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2005/05/11 23:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2005/05/11 22:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2004/08/04 00:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/10/30 18:01:54 | 01,179,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) [Auto | Running]
SRV - [2009/09/15 06:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) [Auto | Running]
SRV - [2009/09/15 06:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) [On_Demand | Running]
SRV - [2009/09/15 06:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) [On_Demand | Running]
SRV - [2009/09/15 06:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) [Auto | Running]
SRV - [2009/08/28 19:49:45 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) [On_Demand | Stopped]
SRV - [2009/07/30 14:44:19 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) [On_Demand | Stopped]
SRV - [2009/02/06 16:02:14 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) [Auto | Running]
SRV - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) [Auto | Running]
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) [On_Demand | Stopped]
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) [Unknown | Stopped]
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) [Disabled | Stopped]
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [On_Demand | Stopped]
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state) [On_Demand | Stopped]
SRV - [2008/04/14 05:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc) [Auto | Running]
SRV - [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) [Auto | Stopped]
SRV - [2007/05/30 07:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard) [Auto | Running]
SRV - [2003/07/28 14:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) [On_Demand | Stopped]


========== Modules (SafeList) ==========

MOD - [2009/11/02 11:43:35 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
MOD - [2008/04/14 05:42:52 | 01,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/14 05:41:58 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll
MOD - [2008/04/14 05:41:54 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2007/05/30 07:29:58 | 00,079,408 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.mmaweekly.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/28 22:10:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/03 09:16:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/03 09:16:00 | 00,000,000 | ---D | M]

[2009/07/24 11:18:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8zdfubfx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/02 22:56:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8zdfubfx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/02 23:06:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8zdfubfx.default\extensions
[2009/06/13 23:19:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/13 23:19:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2009/06/13 23:19:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2009/06/13 23:19:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/02 23:06:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8zdfubfx.default\extensions
[2009/11/02 22:56:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8zdfubfx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/24 11:18:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8zdfubfx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/03 09:16:00 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/13 15:33:51 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/13 15:33:51 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/03 09:16:00 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/03 09:15:53 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/03 09:15:53 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/11/03 09:15:55 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/02/27 11:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/08/02 23:52:59 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/02 23:52:59 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/08/02 23:52:59 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/02 23:52:59 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/08/02 23:52:59 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/08/02 23:52:59 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/02 23:52:59 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (767 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4431.1036\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [EPSON NX510 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFIA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: download.com ([]https in Trusted sites)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/13 15:10:28 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/06/13 15:09:57 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/11/02 12:56:17 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/11/02 12:56:17 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/11/02 12:56:16 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/11/02 12:56:14 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/11/02 12:56:13 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/11/02 12:56:13 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/11/02 12:56:12 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/11/02 12:56:12 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/11/02 12:55:50 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/11/02 11:43:35 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2009/11/02 11:34:59 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\User\Desktop\RootRepeal.exe
[2009/11/02 10:18:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/02 10:17:43 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/02 10:02:38 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\User\Desktop\erunt_setup.exe
[2009/11/02 09:58:25 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\User\Desktop\SysRestorePoint.exe
[2009/11/02 09:23:30 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\TFC.exe
[2009/10/31 15:04:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Grisoft
[2009/10/31 15:04:06 | 00,010,872 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgAsCln.sys
[2009/10/31 15:04:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/10/31 15:04:01 | 00,000,000 | ---D | C] -- C:\Program Files\Grisoft
[2009/10/31 15:02:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Registry Backup
[2009/10/31 15:01:42 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2009/10/31 14:57:22 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/10/30 18:02:58 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/10/28 18:21:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2009/10/28 18:21:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/10/27 21:56:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Research In Motion
[2009/10/27 17:59:31 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/10/27 16:13:46 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/27 16:13:04 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/10/27 16:13:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/10/27 15:39:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2009/10/27 15:39:01 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/27 15:38:59 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/27 15:38:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/27 15:38:58 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/27 14:18:55 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/27 02:07:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/10/27 02:07:09 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/10/27 02:07:00 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/10/27 02:06:20 | 00,000,000 | ---D | C] -- C:\d5a5232f601e89a43b3b559baaec
[2009/10/27 02:05:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/10/26 13:19:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2009/10/26 13:19:41 | 00,027,136 | R--- | C] (Research in Motion Ltd) -- C:\WINDOWS\System32\drivers\RimSerial.sys
[2009/10/26 13:18:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2009/10/26 13:18:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2009/10/26 13:17:55 | 00,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/04 18:00:07 | 00,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/11/04 17:40:45 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/11/04 17:36:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/04 17:35:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/04 17:34:01 | 02,883,584 | -H-- | M] () -- C:\Documents and Settings\User\NTUSER.DAT
[2009/11/04 17:34:01 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini
[2009/11/04 09:36:08 | 00,200,704 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/04 00:33:00 | 00,000,414 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2009/11/02 12:56:18 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/11/02 12:56:13 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/11/02 11:43:35 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2009/11/02 11:36:25 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\User\Desktop\settings.dat
[2009/11/02 11:34:59 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\User\Desktop\RootRepeal.exe
[2009/11/02 10:17:44 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\User\Desktop\NTREGOPT.lnk
[2009/11/02 10:17:44 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ERUNT.lnk
[2009/11/02 10:02:38 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\User\Desktop\erunt_setup.exe
[2009/11/02 09:58:25 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\User\Desktop\SysRestorePoint.exe
[2009/11/02 09:23:30 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\TFC.exe
[2009/11/01 12:03:04 | 00,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 12:03:04 | 00,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/01 12:03:03 | 00,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/31 16:01:01 | 07,651,451 | ---- | M] () -- C:\WINDOWS\System32\ZGRUT
[2009/10/31 15:04:09 | 00,000,849 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Spyware.lnk
[2009/10/31 14:57:24 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\User\Desktop\CCleaner.lnk
[2009/10/31 13:49:57 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\User\Desktop\to remove an infection.doc
[2009/10/28 18:21:59 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/10/27 17:30:25 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/10/27 16:13:45 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/10/27 15:39:08 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/27 14:18:56 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk
[2009/10/27 08:05:23 | 00,044,424 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/27 02:30:45 | 02,074,144 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/26 13:18:48 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/02 12:56:18 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/11/02 12:55:50 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/11/02 11:36:25 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\User\Desktop\settings.dat
[2009/11/02 10:17:44 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\User\Desktop\NTREGOPT.lnk
[2009/11/02 10:17:44 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ERUNT.lnk
[2009/10/31 15:58:56 | 07,651,451 | ---- | C] () -- C:\WINDOWS\System32\ZGRUT
[2009/10/31 15:04:09 | 00,000,849 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Spyware.lnk
[2009/10/31 14:57:23 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\User\Desktop\CCleaner.lnk
[2009/10/28 18:21:59 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/10/27 18:46:32 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/10/27 18:06:05 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/27 16:18:34 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\User\Desktop\to remove an infection.doc
[2009/10/27 16:13:45 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/10/27 15:39:08 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/27 14:18:56 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk
[2009/10/26 13:18:48 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2009/10/05 17:41:11 | 00,041,181 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2009/10/05 17:41:11 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/09/22 20:58:59 | 00,000,026 | ---- | C] () -- C:\WINDOWS\FPKPMSV.INI
[2009/09/22 20:51:23 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2009/09/22 11:56:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2009/09/22 10:10:44 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/09/22 10:05:28 | 00,000,079 | ---- | C] () -- C:\WINDOWS\EPNX510.ini
[2009/08/31 19:12:45 | 00,000,838 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/31 19:08:43 | 00,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2009/08/31 19:08:39 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/08/01 23:20:31 | 18,015,723 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.0.1-win32.exe
[2009/06/27 12:38:22 | 00,044,424 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/06/17 21:07:55 | 16,742,799 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-0.9.9-win32.exe
[2009/06/15 08:19:33 | 00,000,141 | ---- | C] () -- C:\Documents and Settings\User\Application Data\default.pls
[2009/06/14 13:06:25 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/14 13:06:24 | 00,200,704 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/13 15:47:20 | 05,366,768 | -H-- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2009/06/13 15:38:32 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/13 15:20:39 | 00,192,512 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll
[2009/06/13 15:16:32 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\User\Application Data\desktop.ini
[2009/06/13 08:02:28 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2004/08/04 00:00:00 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 00:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 17:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/08/27 13:15:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/09/22 10:15:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/10/31 15:04:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/08/27 13:13:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/10/27 16:13:55 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/07/14 15:23:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/22 20:49:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Downloaded Installations
[2009/08/27 13:14:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DriverCure
[2009/10/02 14:57:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Epson
[2009/10/31 15:04:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Grisoft
[2009/09/22 20:58:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Kinko's
[2009/09/24 02:07:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leader Technologies
[2009/09/22 10:35:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2009/10/27 21:56:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Research In Motion
[2009/11/04 18:35:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent
[2009/11/04 17:40:45 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2004/08/04 00:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/04 18:00:07 | 00,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2009/11/04 00:33:00 | 00,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
[2009/11/04 17:36:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2008/04/14 05:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2008/04/14 05:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[1 C:\WINDOWS\system32\dllcache\*.tmp files -> C:\WINDOWS\system32\dllcache\*.tmp -> ]

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2008/04/14 05:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
[2008/04/14 05:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[1 C:\WINDOWS\system32\dllcache\*.tmp files -> C:\WINDOWS\system32\dllcache\*.tmp -> ]

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2008/04/14 05:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2008/04/14 05:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[1 C:\WINDOWS\system32\dllcache\*.tmp files -> C:\WINDOWS\system32\dllcache\*.tmp -> ]

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2008/04/14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< %SYSTEMDRIVE%\ldeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP