Please Help.
I have followed the Malware Removal Guide and performed Avast scans to no avail, below are the Log reports and details.
Win32:Bredolab-AQ [Trj] pops up roughly every 8-10 minutes and my PC is moving slower and slower.
OS - Windows XP
Security - Avast
Infection - Win32:Bredolab-AQ [Trj]
Logs:
Malwarebytes Anti-Malware
Malwarebytes' Anti-Malware 1.41
Database version: 3101
Windows 5.1.2600 Service Pack 3
11/4/2009 5:50:33 PM
mbam-log-2009-11-04 (17-50-33).txt
Scan type: Quick Scan
Objects scanned: 97943
Time elapsed: 4 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
RootRepeal
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/04 18:02
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9D15000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF89E3000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA90BA000 Size: 49152 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: c:\documents and settings\user\application data\utorrent\resume.dat
Status: Size mismatch (API: 283594, Raw: 282352)
Path: C:\Documents and Settings\User\Application Data\uTorrent\resume.dat.old
Status: Could not get file information (Error 0xc0000008)
SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9ec96b8
#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9ec9574
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9ec9a52
#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9ec914c
#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9ec964e
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9ec908c
#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9ec90f0
#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9ec976e
#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9ec972e
#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9ec98ae
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys" at address 0xf8b44812
==EOF==
OTL
OTL logfile created on: 11/4/2009 6:34:03 PM - Run 2
OTL by OldTimer - Version 3.1.2.2 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
502.07 Mb Total Physical Memory | 99.87 Mb Available Physical Memory | 19.89% Memory free
1.20 Gb Paging File | 0.64 Gb Available in Paging File | 53.74% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 49.84 Gb Free Space | 66.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: USER-A9A4C96CD5
Current User Name: User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/11/02 11:43:35 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2009/10/30 18:02:05 | 00,788,368 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/10/30 18:01:54 | 01,179,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/10/25 19:16:44 | 00,289,072 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/09/15 06:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/09/15 06:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/09/15 06:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/09/15 06:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/09/15 06:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/07/30 14:44:27 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/07/30 14:44:25 | 00,122,368 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/07/10 12:59:22 | 00,195,072 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2009/05/26 20:06:32 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2009/05/12 10:36:18 | 00,623,888 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/02/06 16:02:14 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/01/28 20:46:29 | 01,404,928 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2009/01/12 08:54:02 | 00,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/12/24 17:39:20 | 01,540,288 | ---- | M] (Leader Technologies Inc.) -- C:\Program Files\LTCM Client\ltcmClient.exe
PRC - [2008/12/08 14:50:04 | 00,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe
PRC - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/11 21:43:26 | 00,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/11 04:25:42 | 06,731,312 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
PRC - [2007/05/30 07:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
PRC - [2006/08/14 07:41:28 | 00,114,688 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2006/08/14 07:39:08 | 00,098,304 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2006/08/14 07:38:08 | 00,094,208 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2006/03/20 16:34:50 | 00,213,936 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2005/05/11 23:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2005/05/11 22:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2004/08/04 00:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
========== Win32 Services (SafeList) ==========
SRV - [2009/10/30 18:01:54 | 01,179,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) [Auto | Running]
SRV - [2009/09/15 06:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) [Auto | Running]
SRV - [2009/09/15 06:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) [On_Demand | Running]
SRV - [2009/09/15 06:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) [On_Demand | Running]
SRV - [2009/09/15 06:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) [Auto | Running]
SRV - [2009/08/28 19:49:45 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) [On_Demand | Stopped]
SRV - [2009/07/30 14:44:19 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) [On_Demand | Stopped]
SRV - [2009/02/06 16:02:14 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) [Auto | Running]
SRV - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) [Auto | Running]
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) [On_Demand | Stopped]
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) [Unknown | Stopped]
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) [Disabled | Stopped]
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [On_Demand | Stopped]
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state) [On_Demand | Stopped]
SRV - [2008/04/14 05:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc) [Auto | Running]
SRV - [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) [Auto | Stopped]
SRV - [2007/05/30 07:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard) [Auto | Running]
SRV - [2003/07/28 14:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) [On_Demand | Stopped]
========== Modules (SafeList) ==========
MOD - [2009/11/02 11:43:35 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
MOD - [2008/04/14 05:42:52 | 01,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/14 05:41:58 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll
MOD - [2008/04/14 05:41:54 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2007/05/30 07:29:58 | 00,079,408 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.mmaweekly.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/28 22:10:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/03 09:16:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/03 09:16:00 | 00,000,000 | ---D | M]
[2009/07/24 11:18:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8zdfubfx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/02 22:56:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8zdfubfx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/02 23:06:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8zdfubfx.default\extensions
[2009/06/13 23:19:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/13 23:19:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2009/06/13 23:19:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2009/06/13 23:19:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/02 23:06:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8zdfubfx.default\extensions
[2009/11/02 22:56:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8zdfubfx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/24 11:18:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8zdfubfx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/03 09:16:00 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/13 15:33:51 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/13 15:33:51 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/03 09:16:00 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/03 09:15:53 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/03 09:15:53 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/11/03 09:15:55 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/02/27 11:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/08/02 23:52:59 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/02 23:52:59 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/08/02 23:52:59 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/02 23:52:59 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/08/02 23:52:59 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/08/02 23:52:59 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/02 23:52:59 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml
O1 HOSTS File: (767 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4431.1036\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [EPSON NX510 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFIA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: download.com ([]https in Trusted sites)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/13 15:10:28 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/06/13 15:09:57 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ==========
[2009/11/02 12:56:17 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/11/02 12:56:17 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/11/02 12:56:16 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/11/02 12:56:14 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/11/02 12:56:13 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/11/02 12:56:13 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/11/02 12:56:12 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/11/02 12:56:12 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/11/02 12:55:50 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/11/02 11:43:35 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2009/11/02 11:34:59 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\User\Desktop\RootRepeal.exe
[2009/11/02 10:18:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/02 10:17:43 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/02 10:02:38 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\User\Desktop\erunt_setup.exe
[2009/11/02 09:58:25 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\User\Desktop\SysRestorePoint.exe
[2009/11/02 09:23:30 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\TFC.exe
[2009/10/31 15:04:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Grisoft
[2009/10/31 15:04:06 | 00,010,872 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgAsCln.sys
[2009/10/31 15:04:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/10/31 15:04:01 | 00,000,000 | ---D | C] -- C:\Program Files\Grisoft
[2009/10/31 15:02:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Registry Backup
[2009/10/31 15:01:42 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2009/10/31 14:57:22 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/10/30 18:02:58 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/10/28 18:21:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2009/10/28 18:21:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/10/27 21:56:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Research In Motion
[2009/10/27 17:59:31 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/10/27 16:13:46 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/27 16:13:04 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/10/27 16:13:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/10/27 15:39:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2009/10/27 15:39:01 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/27 15:38:59 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/27 15:38:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/27 15:38:58 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/27 14:18:55 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/27 02:07:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/10/27 02:07:09 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/10/27 02:07:00 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/10/27 02:06:20 | 00,000,000 | ---D | C] -- C:\d5a5232f601e89a43b3b559baaec
[2009/10/27 02:05:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/10/26 13:19:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2009/10/26 13:19:41 | 00,027,136 | R--- | C] (Research in Motion Ltd) -- C:\WINDOWS\System32\drivers\RimSerial.sys
[2009/10/26 13:18:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2009/10/26 13:18:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2009/10/26 13:17:55 | 00,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2009/11/04 18:00:07 | 00,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/11/04 17:40:45 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/11/04 17:36:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/04 17:35:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/04 17:34:01 | 02,883,584 | -H-- | M] () -- C:\Documents and Settings\User\NTUSER.DAT
[2009/11/04 17:34:01 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini
[2009/11/04 09:36:08 | 00,200,704 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/04 00:33:00 | 00,000,414 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2009/11/02 12:56:18 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/11/02 12:56:13 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/11/02 11:43:35 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2009/11/02 11:36:25 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\User\Desktop\settings.dat
[2009/11/02 11:34:59 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\User\Desktop\RootRepeal.exe
[2009/11/02 10:17:44 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\User\Desktop\NTREGOPT.lnk
[2009/11/02 10:17:44 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ERUNT.lnk
[2009/11/02 10:02:38 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\User\Desktop\erunt_setup.exe
[2009/11/02 09:58:25 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\User\Desktop\SysRestorePoint.exe
[2009/11/02 09:23:30 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\TFC.exe
[2009/11/01 12:03:04 | 00,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 12:03:04 | 00,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/01 12:03:03 | 00,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/31 16:01:01 | 07,651,451 | ---- | M] () -- C:\WINDOWS\System32\ZGRUT
[2009/10/31 15:04:09 | 00,000,849 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Spyware.lnk
[2009/10/31 14:57:24 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\User\Desktop\CCleaner.lnk
[2009/10/31 13:49:57 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\User\Desktop\to remove an infection.doc
[2009/10/28 18:21:59 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/10/27 17:30:25 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/10/27 16:13:45 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/10/27 15:39:08 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/27 14:18:56 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk
[2009/10/27 08:05:23 | 00,044,424 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/27 02:30:45 | 02,074,144 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/26 13:18:48 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
========== Files Created - No Company Name ==========
[2009/11/02 12:56:18 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/11/02 12:55:50 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/11/02 11:36:25 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\User\Desktop\settings.dat
[2009/11/02 10:17:44 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\User\Desktop\NTREGOPT.lnk
[2009/11/02 10:17:44 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ERUNT.lnk
[2009/10/31 15:58:56 | 07,651,451 | ---- | C] () -- C:\WINDOWS\System32\ZGRUT
[2009/10/31 15:04:09 | 00,000,849 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Spyware.lnk
[2009/10/31 14:57:23 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\User\Desktop\CCleaner.lnk
[2009/10/28 18:21:59 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/10/27 18:46:32 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/10/27 18:06:05 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/27 16:18:34 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\User\Desktop\to remove an infection.doc
[2009/10/27 16:13:45 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/10/27 15:39:08 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/27 14:18:56 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk
[2009/10/26 13:18:48 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2009/10/05 17:41:11 | 00,041,181 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2009/10/05 17:41:11 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/09/22 20:58:59 | 00,000,026 | ---- | C] () -- C:\WINDOWS\FPKPMSV.INI
[2009/09/22 20:51:23 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2009/09/22 11:56:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2009/09/22 10:10:44 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/09/22 10:05:28 | 00,000,079 | ---- | C] () -- C:\WINDOWS\EPNX510.ini
[2009/08/31 19:12:45 | 00,000,838 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/31 19:08:43 | 00,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2009/08/31 19:08:39 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/08/01 23:20:31 | 18,015,723 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.0.1-win32.exe
[2009/06/27 12:38:22 | 00,044,424 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/06/17 21:07:55 | 16,742,799 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-0.9.9-win32.exe
[2009/06/15 08:19:33 | 00,000,141 | ---- | C] () -- C:\Documents and Settings\User\Application Data\default.pls
[2009/06/14 13:06:25 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/14 13:06:24 | 00,200,704 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/13 15:47:20 | 05,366,768 | -H-- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2009/06/13 15:38:32 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/13 15:20:39 | 00,192,512 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll
[2009/06/13 15:16:32 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\User\Application Data\desktop.ini
[2009/06/13 08:02:28 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2004/08/04 00:00:00 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 00:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 17:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2009/08/27 13:15:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/09/22 10:15:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/10/31 15:04:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/08/27 13:13:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/10/27 16:13:55 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/07/14 15:23:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/22 20:49:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Downloaded Installations
[2009/08/27 13:14:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DriverCure
[2009/10/02 14:57:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Epson
[2009/10/31 15:04:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Grisoft
[2009/09/22 20:58:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Kinko's
[2009/09/24 02:07:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leader Technologies
[2009/09/22 10:35:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2009/10/27 21:56:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Research In Motion
[2009/11/04 18:35:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent
[2009/11/04 17:40:45 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2004/08/04 00:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/04 18:00:07 | 00,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2009/11/04 00:33:00 | 00,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
[2009/11/04 17:36:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2008/04/14 05:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2008/04/14 05:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[1 C:\WINDOWS\system32\dllcache\*.tmp files -> C:\WINDOWS\system32\dllcache\*.tmp -> ]
< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2008/04/14 05:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
[2008/04/14 05:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[1 C:\WINDOWS\system32\dllcache\*.tmp files -> C:\WINDOWS\system32\dllcache\*.tmp -> ]
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2008/04/14 05:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2008/04/14 05:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[1 C:\WINDOWS\system32\dllcache\*.tmp files -> C:\WINDOWS\system32\dllcache\*.tmp -> ]
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
< %SYSTEMDRIVE%\sceclt.dll /s /md5 >
< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >
< %SYSTEMDRIVE%\logevent.dll /s /md5 >
< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2008/04/14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5 -- C:\WINDOWS\system32\drivers\atapi.sys
< %SYSTEMDRIVE%\ldeChnDr.sys /s /md5 >
< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
< End of report >