HijackThis Anaylsis Needed! Please Help! [Solved]

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

HijackThis Anaylsis Needed! Please Help! [Solved]

#1 charles blake

Group: Member
Posts: 19
Joined: 27-April 10

Posted 27 April 2010 - 04:20 PM

My computer was hit with like a million viruses, but I cleared most of it with an antivirus program from the internet (AVAST)
Now I only have a few things left.. occasional pop ups, loss of volume control, and google redirecting. I ran hijackthis to see if i could find anything, but i dont know how to analyze it. Can someone help me figure out what to delete?

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [Aim6] "c:\program files\aim6\aim6 .exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcSCardSvrShellHWDetection (mnmsrvcSCardSvrShellHWDetection) - Unknown owner - C:\WINDOWS\System32\1028v.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\System32\GameMon.des.exe (file missing)
O23 - Service: Smart Card Helper SCardDrvSAVScan (SCardDrvSAVScan) - Unknown owner - C:\WINDOWS\System32\adsntb.exe (file missing)
O23 - Service: Smart Card SCardSvrShellHWDetection (SCardSvrShellHWDetection) - Unknown owner - C:\WINDOWS\System32\actmoviep.exe (file missing)
O23 - Service: Windows Image Acquisition (WIA) stisvcShellHWDetection (stisvcShellHWDetection) - Unknown owner - C:\WINDOWS\System32\adsldpcy.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 3764 bytes

#2 SweetTech

Group: Moderator
Posts: 7,649
Joined: 28-April 09

Posted 27 April 2010 - 04:53 PM

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems. I'd be grateful if you would note the following:

Logs from malware removal programs (DDS is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
Please make sure to carefully read any instruction that I give you.
Reading too lightly will cause you to miss important steps, which could have destructive effects.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days) and you need an explanation. If that's the case, just send me a message on here.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

OTL Custom Scan

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
- You may need two posts to fit them both in.

NEXT:

Scanning with GMER

Please download GMER from one of the following locations and save it to your desktop:

Main Mirror
This version will download a randomly named file (Recommended)
Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.

NEXT:

Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The logs that were produced after running the OTL scans. (OTL.txt & Extras.txt)
3. The log that was produced after running GMER
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

#3 charles blake

Group: Member
Posts: 19
Joined: 27-April 10

Posted 28 April 2010 - 05:43 PM

1. Thanks for responding to my post, I'm glad you're here to help. What exactly do these logs mean?

2. OTL logfile created on: 4/28/2010 5:18:54 AM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 211.00 Mb Available Physical Memory | 47.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.96 Gb Total Space | 72.73 Gb Free Space | 50.17% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 0.59 Gb Free Space | 14.59% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Unable to calculate disk information.
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOURSIQUOT
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\Ares\Ares.exe (Ares Development Group)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (stisvcShellHWDetection) Windows Image Acquisition (WIA) -- File not found
SRV - (SCardSvrShellHWDetection) -- File not found
SRV - (SCardDrvSAVScan) -- File not found
SRV - (npggsvc) -- File not found
SRV - (mnmsrvcSCardSvrShellHWDetection) -- File not found
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (MSHUSBVideo) -- C:\WINDOWS\system32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (NPPTNT2) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (TIEHDUSB) -- C:\WINDOWS\system32\drivers\tiehdusb.sys (Texas Instruments Incorporated)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (fasttx2k) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (SISAGP) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.10
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {0A328249-98DF-476C-9D25-3853C961DAB9}:1.0
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 7171

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/01 17:12:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/31 12:57:50 | 000,000,000 | ---D | M]

[2008/12/02 17:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/04/27 08:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bsjzbvga.default\extensions
[2009/12/29 10:12:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bsjzbvga.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/18 09:43:53 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bsjzbvga.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/10/07 14:57:28 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bsjzbvga.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2008/12/16 17:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bsjzbvga.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2008/12/16 18:14:59 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bsjzbvga.default\searchplugins\ask.xml
[2010/04/27 07:58:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/13 17:31:27 | 000,000,000 | ---D | M] (SpaceQuery) -- C:\Program Files\Mozilla Firefox\extensions\{0A328249-98DF-476C-9D25-3853C961DAB9}
[2006/09/29 16:44:48 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/07/17 04:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2009/05/20 01:49:50 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2009/01/28 23:08:04 | 000,132,528 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
[2009/08/17 07:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2007/06/01 17:51:16 | 000,069,632 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
[2006/10/09 22:56:29 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2009/10/07 14:54:23 | 000,000,002 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Mirar) - {3F9B6E1C-C4DC-4127-A5BE-485C5C9D5C8F} - C:\WINDOWS\System32\3578.dll File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKCU..\Run: [Aim6] c:\program files\aim6\aim6 .exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 1
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.130 167.206.245.129
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/02 04:03:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 03:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/12/30 15:56:00 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2010/04/28 05:13:38 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/04/23 04:33:34 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2010/04/22 15:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools AntiVirus
[2010/04/22 15:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/04/22 01:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\XDelBox
[2010/04/21 06:07:41 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/21 06:07:40 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/21 06:07:35 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/21 06:07:33 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/21 06:07:26 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/21 06:07:26 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/21 06:07:24 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/21 06:06:16 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/21 06:06:16 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/21 06:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/21 06:06:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/20 22:19:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Desktop\Brian's Virus Removal
[2010/04/20 22:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/04/20 22:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2010/04/20 22:10:03 | 002,131,808 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Owner\Desktop\avg_free_stb_all_9_114_cnet.exe
[2010/04/20 22:06:13 | 010,702,992 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\fwinstall.exe
[2010/04/20 22:05:28 | 009,017,408 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Owner\Desktop\tfinstall.exe
[2010/04/20 22:04:23 | 046,664,160 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Owner\Desktop\avinstall.exe
[2010/04/20 19:55:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Ares
[2010/04/18 21:32:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Identities
[2010/04/17 03:05:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/04/16 23:11:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/04/15 19:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/15 19:16:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/13 22:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer
[2010/04/13 19:13:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
[2010/04/13 17:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AOL OCP
[2010/04/13 17:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AOL
[2010/04/13 17:11:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google
[2010/04/13 00:01:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/13 00:01:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/12 02:11:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/04/12 02:11:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/12 02:11:29 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/12 02:11:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/12 02:11:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/12 02:05:35 | 001,086,856 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Owner\Desktop\m8x4RF7CC.exe
[2010/04/12 02:03:58 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\fjljlakfd.exe
[2010/04/11 23:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\B1E0E6B3F0DA66AFAED50F452F6BBC79
[6 C:\*.tmp files -> C:\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[20 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/28 05:13:39 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/04/28 05:13:24 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\k6c56yft.exe
[2010/04/27 21:04:57 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\brian virus instructions 1.doc
[2010/04/27 07:00:00 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\gduxrhue.job
[2010/04/27 06:44:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/27 06:44:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/27 06:44:22 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/26 23:57:53 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/04/26 23:57:53 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/04/26 19:28:45 | 002,246,557 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ACT-So 2009 043.jpg
[2010/04/26 19:28:42 | 000,055,639 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ACTSO30+084.jpg
[2010/04/23 19:39:49 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\lab # 20.doc
[2010/04/23 19:39:43 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\lab #15.doc
[2010/04/23 15:00:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan.job
[2010/04/23 07:47:47 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\List of St. Jerome Bible Class.doc
[2010/04/23 05:20:45 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\government homework april 22.doc
[2010/04/23 04:33:34 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2010/04/22 01:17:49 | 000,899,695 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\XDelBox.zip
[2010/04/22 01:03:24 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\brian boursiquot resume.doc
[2010/04/22 01:02:22 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\workshop physical.doc
[2010/04/22 00:45:24 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\brian rotary finch.doc
[2010/04/22 00:40:28 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\brian rotary speech.doc
[2010/04/21 06:07:44 | 000,001,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/21 06:07:28 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/20 23:59:06 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\BAB.doc
[2010/04/20 23:49:25 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My quotes.doc
[2010/04/20 23:08:06 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Dear Venus.doc
[2010/04/20 22:12:26 | 048,417,032 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\setup_av_free.exe
[2010/04/20 22:11:00 | 046,664,160 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Owner\Desktop\avinstall.exe
[2010/04/20 22:10:39 | 002,131,808 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Owner\Desktop\avg_free_stb_all_9_114_cnet.exe
[2010/04/20 22:08:22 | 044,089,584 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe
[2010/04/20 22:07:53 | 010,702,992 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\fwinstall.exe
[2010/04/20 22:06:36 | 009,017,408 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Owner\Desktop\tfinstall.exe
[2010/04/20 21:57:53 | 000,000,032 | --S- | M] () -- C:\WINDOWS\System32\791403268.dat
[2010/04/20 06:49:41 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\government hw april 19.doc
[2010/04/19 20:42:30 | 000,001,384 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\GSk38k4
[2010/04/19 01:14:47 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\naacp actso Brief Autobiography of Brian Boursiquot.doc
[2010/04/19 01:08:33 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\brian rotary scholarship.doc
[2010/04/18 20:03:39 | 000,059,904 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\naacp actso 2009.doc
[2010/04/18 18:04:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13317.exe
[2010/04/18 17:44:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18205.exe
[2010/04/18 17:24:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21791.exe
[2010/04/18 17:04:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30265.exe
[2010/04/18 16:44:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\25876.exe
[2010/04/18 16:20:51 | 000,000,664 | ---- | M] () -- C:\Security essentials 2010.lnk
[2010/04/17 22:38:50 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mottos.doc
[2010/04/17 19:50:15 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\beak lab.doc
[2010/04/17 14:38:31 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\lab # 16.doc
[2010/04/17 14:18:55 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\lab # 17.doc
[2010/04/17 13:42:47 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\lab # 13.doc
[2010/04/17 12:34:38 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$mottos.doc
[2010/04/17 12:04:27 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\lab # 10.doc
[2010/04/17 10:59:41 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/17 10:59:41 | 000,000,021 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/17 10:59:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/04/16 22:03:33 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\lab # 9.doc
[2010/04/16 18:10:34 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/16 06:41:16 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\physics lenses and mirrors.doc
[2010/04/15 22:20:48 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Brendan Boursiquot 4.doc
[2010/04/15 20:38:34 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$ak lab.doc
[2010/04/14 21:11:44 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\punnett lab.doc
[2010/04/14 20:42:48 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\blood lab.doc
[2010/04/14 12:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/14 12:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/14 12:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/14 12:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/14 12:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/14 12:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/14 12:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/14 12:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/14 12:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/13 18:14:56 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\brian nhs.doc
[2010/04/13 18:06:34 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\brian nhs 2.doc
[2010/04/13 13:08:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/12 18:58:23 | 000,012,936 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\RN1bHtl5c
[2010/04/12 18:58:23 | 000,012,936 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\RN1bHtl5c
[2010/04/12 07:07:48 | 000,012,940 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\1506408538
[2010/04/12 07:07:48 | 000,012,940 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1506408538
[2010/04/12 06:49:37 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/12 06:47:56 | 000,008,224 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2010/04/12 06:47:45 | 000,000,004 | ---- | M] () -- C:\Program Files\294859.dat
[2010/04/12 06:47:44 | 000,000,004 | ---- | M] () -- C:\Program Files\294359.dat
[2010/04/12 03:17:40 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gfgs.lnk
[2010/04/12 02:11:03 | 000,000,478 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to fjljlakfd.lnk
[2010/04/12 02:05:35 | 001,086,856 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\Owner\Desktop\m8x4RF7CC.exe
[2010/04/12 02:04:03 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\fjljlakfd.exe
[2010/04/11 15:32:47 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Brian Boursiquot scholarship negro.doc
[2010/04/11 15:30:18 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Brian Boursiquot csea.doc
[2010/04/11 14:32:08 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\shawny.doc
[2010/04/08 22:55:41 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\King Faggot.doc
[2010/04/08 18:39:21 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\brian math induction.doc
[2010/04/07 23:06:05 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\government federalism hw.doc
[2010/04/04 14:24:58 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\300px-Exodus_006.jpg
[2010/04/02 19:28:51 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\altar server meeting schedule.doc
[2010/04/02 19:25:33 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\altar server meeting flyer 2.doc
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[6 C:\*.tmp files -> C:\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[20 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/28 05:13:23 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\k6c56yft.exe
[2010/04/27 21:04:56 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\brian virus instructions 1.doc
[2010/04/26 19:28:41 | 000,055,639 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ACTSO30+084.jpg
[2010/04/26 19:28:37 | 002,246,557 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ACT-So 2009 043.jpg
[2010/04/23 19:39:15 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\lab #15.doc
[2010/04/23 05:20:36 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\government homework april 22.doc
[2010/04/22 01:17:44 | 000,899,695 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\XDelBox.zip
[2010/04/21 23:57:55 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\brian rotary speech.doc
[2010/04/21 23:11:54 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\brian rotary finch.doc
[2010/04/21 06:07:44 | 000,001,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/21 05:48:48 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\workshop physical.doc
[2010/04/20 22:08:43 | 048,417,032 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\setup_av_free.exe
[2010/04/20 22:03:56 | 044,089,584 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe
[2010/04/20 20:58:30 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Dear Venus.doc
[2010/04/20 06:49:41 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\government hw april 19.doc
[2010/04/19 20:42:29 | 000,001,384 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\GSk38k4
[2010/04/19 20:42:29 | 000,001,384 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\GSk38k4
[2010/04/19 01:08:33 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\brian rotary scholarship.doc
[2010/04/18 20:36:43 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\naacp actso Brief Autobiography of Brian Boursiquot.doc
[2010/04/18 18:04:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\13317.exe
[2010/04/18 17:44:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18205.exe
[2010/04/18 17:24:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\21791.exe
[2010/04/18 17:04:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\30265.exe
[2010/04/18 16:44:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\25876.exe
[2010/04/18 16:20:23 | 000,000,664 | ---- | C] () -- C:\Security essentials 2010.lnk
[2010/04/17 14:38:31 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\lab # 16.doc
[2010/04/17 14:18:55 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\lab # 17.doc
[2010/04/17 14:01:42 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\lab # 20.doc
[2010/04/17 13:42:47 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\lab # 13.doc
[2010/04/17 12:34:38 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$mottos.doc
[2010/04/17 12:04:26 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\lab # 10.doc
[2010/04/16 22:45:51 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\mottos.doc
[2010/04/16 22:03:30 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\lab # 9.doc
[2010/04/16 05:09:43 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\physics lenses and mirrors.doc
[2010/04/15 22:20:45 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Brendan Boursiquot 4.doc
[2010/04/15 20:38:34 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$ak lab.doc
[2010/04/14 21:26:49 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\beak lab.doc
[2010/04/14 21:11:44 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\punnett lab.doc
[2010/04/14 20:04:29 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\blood lab.doc
[2010/04/13 18:06:34 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\brian nhs 2.doc
[2010/04/12 23:09:25 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\brian nhs.doc
[2010/04/12 06:47:46 | 000,012,940 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\1506408538
[2010/04/12 06:47:46 | 000,012,940 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1506408538
[2010/04/12 06:47:45 | 000,000,004 | ---- | C] () -- C:\Program Files\294859.dat
[2010/04/12 06:47:44 | 000,000,004 | ---- | C] () -- C:\Program Files\294359.dat
[2010/04/12 03:17:40 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gfgs.lnk
[2010/04/12 02:11:36 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/12 02:11:02 | 000,000,478 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to fjljlakfd.lnk
[2010/04/11 23:54:13 | 000,012,936 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\RN1bHtl5c
[2010/04/11 23:54:13 | 000,012,936 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\RN1bHtl5c
[2010/04/08 18:34:26 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\brian math induction.doc
[2010/04/08 17:54:07 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\King Faggot.doc
[2010/04/06 22:49:04 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\government federalism hw.doc
[2010/04/04 14:24:43 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\300px-Exodus_006.jpg
[2010/03/29 20:09:08 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\altar server meeting schedule.doc
[2010/03/29 19:36:46 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\altar server meeting flyer 2.doc
[2009/12/29 02:18:41 | 000,941,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\CAMTHWDM.sys
[2009/12/20 14:57:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2009/12/20 14:57:30 | 000,002,412 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2009/11/06 20:28:53 | 000,000,832 | ---- | C] () -- C:\WINDOWS\System32\wininit.dll
[2008/12/30 19:54:35 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/12/30 19:54:35 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/12/30 19:54:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/12/30 19:54:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/12/30 19:54:35 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/12/30 19:54:35 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/12/09 21:16:06 | 000,000,152 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/08 23:33:46 | 000,000,069 | ---- | C] () -- C:\WINDOWS\usrsvpia.ini
[2007/08/02 12:28:28 | 000,077,312 | ---- | C] () -- C:\WINDOWS\ua2.dll
[2006/12/21 16:24:54 | 000,000,053 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2006/06/23 14:16:05 | 000,000,042 | ---- | C] () -- C:\WINDOWS\Kbpiano2.ini
[2006/05/19 23:15:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/03/29 18:20:10 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/29 17:36:10 | 000,000,037 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/04/03 04:18:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/04/03 03:36:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/04/03 03:36:39 | 000,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/04/02 20:19:03 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/04/02 20:18:38 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/04/02 20:18:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/04/02 20:15:40 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/04/02 20:00:40 | 000,027,752 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/04/02 20:00:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/04/02 06:01:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/02 05:52:33 | 000,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/04/02 05:14:52 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/04/02 04:43:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/02 04:34:53 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/04/02 04:34:53 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/04/02 04:34:35 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/04/02 04:08:11 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/04/02 02:52:53 | 000,000,553 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/08 02:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/12/30 18:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/01/11 20:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica
[2010/04/21 06:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2006/02/20 21:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/08/19 14:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IJJIGame
[2008/02/15 22:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software
[2008/02/15 22:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
[2009/12/20 14:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2008/07/27 19:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2006/09/16 18:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/04/22 16:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/30 18:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/06/21 03:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2010/02/16 17:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Audacity
[2010/04/21 19:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\B1E0E6B3F0DA66AFAED50F452F6BBC79
[2010/04/21 20:24:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\ijjigame
[2008/07/30 18:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2009/08/09 23:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/03/13 19:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2009/05/29 16:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NetMedia Providers
[2009/12/29 00:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ooVoo Details
[2009/05/29 16:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Publish Providers
[2009/12/30 19:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\quickhit.football.QHFootball.4D5206CA741FBF5FD6AAD1A97F5076E917382B34.1
[2009/11/07 13:45:05 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Owner\Application Data\S85-36SDHH18KAS-28920GDSG-BLAZE-672
[2004/04/02 21:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2009/05/29 16:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
[2009/01/06 02:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2009/11/19 19:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TigerPlayer
[2008/11/15 20:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity
[2009/01/16 21:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2009/12/29 02:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Webcammax
[2010/04/27 07:00:00 | 000,000,310 | ---- | M] () -- C:\WINDOWS\Tasks\gduxrhue.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/12/21 12:52:34 | 000,000,002 | ---- | M] () -- C:\-1269054478
[2007/08/17 15:17:55 | 000,000,000 | ---- | M] () -- C:\14467218
[2008/01/15 21:21:55 | 000,333,824 | ---- | M] () -- C:\7d81f1415312130.bup
[2008/01/15 21:22:01 | 000,333,824 | ---- | M] () -- C:\7d81f1415381670.bup
[2008/01/15 21:25:39 | 000,006,656 | ---- | M] () -- C:\7d81f1419272de0.bup
[2004/04/02 04:03:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/12/30 17:10:04 | 000,000,194 | RHS- | M] () -- C:\BOOT.BAK
[2010/04/17 10:59:41 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2008/04/11 16:48:15 | 000,022,526 | ---- | M] () -- C:\check_LSA7.txt
[2007/02/03 18:32:47 | 000,020,827 | ---- | M] () -- C:\Close up.jpg
[2004/02/12 00:25:00 | 000,245,920 | RHS- | M] () -- C:\cmldr
[2004/04/02 04:03:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/08/16 16:57:46 | 000,021,263 | ---- | M] () -- C:\debug.log
[2007/04/24 22:08:54 | 000,006,704 | ---- | M] () -- C:\debug.txt
[2008/04/28 21:36:23 | 000,021,302 | ---- | M] () -- C:\drwtsn32.log
[2010/04/27 06:44:22 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys
[2003/12/08 13:15:56 | 000,028,672 | R--- | M] ( ) -- C:\hpqimgrc.resources.dll
[2009/12/29 16:06:25 | 000,055,700 | ---- | M] () -- C:\ijjiFFPlugin.log
[2007/11/10 17:10:58 | 001,149,576 | ---- | M] () -- C:\Install
[2004/04/02 04:03:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/07/11 16:55:46 | 000,003,409 | -H-- | M] () -- C:\IPH.PH
[2004/04/02 04:03:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/12/28 23:54:08 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/12/28 23:54:08 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/04/27 23:02:49 | 954,204,160 | -HS- | M] () -- C:\pagefile.sys
[2006/03/18 14:49:18 | 000,005,486 | ---- | M] () -- C:\players.txt
[2006/05/22 13:54:05 | 002,139,206 | ---- | M] () -- C:\powerfootball.log
[2006/01/31 19:24:27 | 000,000,000 | ---- | M] () -- C:\sbo.14
[2010/04/18 16:20:51 | 000,000,664 | ---- | M] () -- C:\Security essentials 2010.lnk
[2008/06/24 21:06:47 | 000,000,190 | ---- | M] () -- C:\Shortcut to PRESARIO_RP (D).lnk
[2008/04/18 20:03:52 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/04/20 13:22:31 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/04/20 20:11:17 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/04/20 20:55:40 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/04/20 20:57:48 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2008/04/21 22:36:13 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2008/04/22 21:04:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2008/04/22 21:05:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2008/04/22 21:49:17 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/04/22 22:17:30 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/04/22 22:19:10 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/04/22 22:22:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/04/22 22:24:13 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/04/22 22:25:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/04/22 22:26:49 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/04/22 22:27:10 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2008/04/22 22:31:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2008/04/22 23:10:57 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2008/06/12 19:53:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2008/04/18 19:51:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2008/04/18 20:03:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/04/20 13:22:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/04/20 20:11:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/04/20 20:55:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/04/20 20:57:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008/04/21 22:36:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008/04/22 21:04:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008/04/22 21:05:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008/04/22 21:49:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008/04/22 22:17:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/04/22 22:19:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/04/22 22:22:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/04/22 22:24:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/04/22 22:25:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/04/22 22:26:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/04/22 22:27:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008/04/22 22:31:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008/04/22 23:10:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2008/06/12 19:53:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008/04/18 19:51:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2006/01/05 17:43:43 | 000,000,299 | -H-- | M] () -- C:\T4Metrics.log
[2007/08/02 12:13:57 | 000,006,144 | -HS- | M] () -- C:\Thumbs.db
[2010/04/15 07:11:19 | 000,000,136 | ---- | M] () -- C:\VundoFix.txt
[2006/05/22 13:43:50 | 000,004,633 | ---- | M] () -- C:\webdriver0.log
[2006/09/29 18:11:07 | 000,002,334 | ---- | M] () -- C:\_Sid.txt
[6 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/04/01 19:55:44 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/04/01 19:55:44 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/04/01 19:55:44 | 000,393,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/14 12:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010/04/14 12:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010/04/14 12:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010/04/14 12:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010/04/14 12:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010/04/14 12:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010/04/14 12:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

========== Files - Unicode (All) ==========
[2008/02/26 17:51:56 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?curity) -- C:\Program Files\Common Files\sеcurity
[2008/01/15 17:19:29 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?icrosoft.NET) -- C:\Program Files\Common Files\Μicrosoft.NET
[2007/12/26 15:18:50 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?icrosoft.NET\?icrosoft.NET) -- C:\Program Files\Common Files\Μicrosoft.NET\Μicrosoft.NET
[2007/12/22 17:36:57 | 000,000,000 | ---D | M](C:\Program Files\Common Files\M?crosoft.NET) -- C:\Program Files\Common Files\Mіcrosoft.NET
[2006/11/26 13:23:42 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ymbols) -- C:\Program Files\Common Files\ѕymbols
[2006/11/23 13:09:03 | 000,000,000 | ---D | M](C:\WINDOWS\?ecurity) -- C:\WINDOWS\ѕecurity
[2006/11/23 13:06:07 | 000,000,000 | ---D | C](C:\WINDOWS\?ecurity) -- C:\WINDOWS\ѕecurity
[2006/11/23 13:05:35 | 000,000,000 | ---D | M](C:\WINDOWS\??mbols) -- C:\WINDOWS\ѕуmbols
[2006/11/23 12:49:38 | 000,000,000 | ---D | C](C:\WINDOWS\??mbols) -- C:\WINDOWS\ѕуmbols
(C:\Program Files\Common Files\s?curity) -- C:\Program Files\Common Files\sеcurity
(C:\Program Files\Common Files\M?crosoft.NET) -- C:\Program Files\Common Files\Mіcrosoft.NET
(C:\Program Files\Common Files\?ymbols) -- C:\Program Files\Common Files\ѕymbols
(C:\Program Files\Common Files\?icrosoft.NET) -- C:\Program Files\Common Files\Μicrosoft.NET

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#4 charles blake

Group: Member
Posts: 19
Joined: 27-April 10

Posted 28 April 2010 - 05:47 PM

2. Continued...)

OTL Extras logfile created on: 4/28/2010 5:18:54 AM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 211.00 Mb Available Physical Memory | 47.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.96 Gb Total Space | 72.73 Gb Free Space | 50.17% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 0.59 Gb Free Space | 14.59% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Unable to calculate disk information.
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOURSIQUOT
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"443:TCP" = 443:TCP:*:Enabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Enabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Enabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Enabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Enabled:ooVoo UDP port 37675
"15331:TCP" = 15331:TCP:*:Enabled:BitComet 15331 TCP
"15331:UDP" = 15331:UDP:*:Enabled:BitComet 15331 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo -- (ooVoo LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- File not found
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe" = C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- ()
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet -- (www.BitComet.com)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{1C4C5C53-D960-4E1C-96A6-F6B52EA43A45}" = ACID Xpress 7.0
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{29A41D4C-4843-121B-967E-E6598ED10D90}" = Quick Hit - Football
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{3F9B6E1C-C4DC-4127-A5BE-485C5C9D5C8F}" = Mirar
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}" = iTunes
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" =
"{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}" = Soldier Front
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A260B422-70E1-41E2-957D-F76FA21266D5}" = Apple Software Update
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = Compaq Organize
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"0254DF9A-618A-4A2C-A5ED-FA7115988B02" = Word Symphony from Compaq (remove only)
"05E21449-3BA3-42BF-BBDA-95205F4EA40A" = Polar Bowler from Compaq (remove only)
"26DC0ED6-93A7-43C1-8DC5-EC16079580F9" = Orbital from Compaq (remove only)
"29FF6D07-4A15-41F1-9D5E-E0F3A58012C6" = Bounce Symphony from Compaq (remove only)
"2FDCC229-354D-4279-ABEF-CE17E355BFFA" = Five Card Frenzy from Compaq (remove only)
"66195170-D19D-46C5-8FB7-8A4630071ADC" = Tradewinds from Compaq (remove only)
"75528D5F-DD82-402E-BA7C-045B7DC6A712" = Blasterball 2 from Compaq (remove only)
"8A225900-C06D-41DD-B66C-43840D472758" = Otto from Compaq (remove only)
"8BA6F58B-7A91-461F-95F8-E34F8BD8AA4E" = Slyder from Compaq (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AIM_6" = AIM 6
"Audacity_is1" = Audacity 1.2.6
"avast5" = avast! Free Antivirus
"BackWeb-1940576 Uninstaller" = Compaq Connections
"BitComet" = BitComet 1.15
"C43D84CD-EBFC-48D3-A330-7868C8AD415A" = Crystal Maze from Compaq (remove only)
"Compaq Instant Support" = Compaq Instant Support
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"F07504C6-20C5-4BFE-83A0-523FB2455E72" = Blackhawk Striker from Compaq (remove only)
"FA7F5211-C629-4711-BD82-7DFFB08CB518" = Overball from Compaq (remove only)
"FL Studio 9" = FL Studio 9
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.2
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"LiveUpdate" = LiveUpdate 1.90 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MpcStar" = MpcStar 4.2
"NVIDIA" =
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"quickhit.football.QHFootball.4D5206CA741FBF5FD6AAD1A97F5076E917382B34.1" = Quick Hit - Football
"RealPlayer 6.0" = RealOne Player
"S3" = VIA/S3G Display Driver
"UnityWebPlayer" = Unity Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"wcmdmgr.exe" = WildTangent Updater
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"WMFDist11" = Windows Media Format 11 runtime

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ijji FireFox Launcher" = ijji FireFox Launcher 1.0
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

#5 charles blake

Group: Member
Posts: 19
Joined: 27-April 10

Posted 28 April 2010 - 05:48 PM

#6 charles blake

Group: Member
Posts: 19
Joined: 27-April 10

Posted 28 April 2010 - 05:55 PM

3. GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-28 19:40:20
Windows 5.1.2600 Service Pack 2
Running: k6c56yft.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fwrcipob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF478FC08]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF478FAC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xF4790078]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF478FFA2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF478F69A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF478FB9E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF478F5DA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF478F63E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF478FCBE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xF4790146]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF478FC7E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF478FDFE]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xF479C50A]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xF479C32E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xF479C468]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ObInsertObject 80564423 2 Bytes JMP F479997E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ObInsertObject + 3 80564426 2 Bytes [23, 74]
PAGE ntoskrnl.exe!NtCreateSection 8056469B 7 Bytes JMP F479C332 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 80581EFE 7 Bytes JMP F479C50E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A1132 5 Bytes JMP F47984AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805A40FA 7 Bytes JMP F479C46C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.rsrc C:\WINDOWS\System32\drivers\afd.sys entry point in ".rsrc" section [0xF492CC14]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[1932] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A0000A
.text C:\WINDOWS\Explorer.EXE[1932] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A6000A
.text C:\WINDOWS\Explorer.EXE[1932] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 009F000C
.text C:\WINDOWS\System32\svchost.exe[2340] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0079000A
.text C:\WINDOWS\System32\svchost.exe[2340] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 007A000A
.text C:\WINDOWS\System32\svchost.exe[2340] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0078000C
.text C:\WINDOWS\System32\svchost.exe[2340] USER32.dll!GetCursorPos 7E41BD76 3 Bytes JMP 00CD000A
.text C:\WINDOWS\System32\svchost.exe[2340] USER32.dll!GetCursorPos + 4 7E41BD7A 1 Byte [82]
.text C:\WINDOWS\System32\svchost.exe[2340] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 00CC000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[720] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[720] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device -> \Driver\atapi \Device\Harddisk0\DR0 84879AC8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\System32\drivers\afd.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

4. There are still popups, no sound, and google redirect. Sometimes the computer slows down for a few seconds too..

#7 charles blake

Group: Member
Posts: 19
Joined: 27-April 10

Posted 28 April 2010 - 05:57 PM

for some reason i cant post all of my extras log because it gives me an error when i try to post

#8 SweetTech

Group: Moderator
Posts: 7,649
Joined: 28-April 09

Posted 28 April 2010 - 06:06 PM

Hello,

Don't worry about the rest of the Extras log. I have what I need for right now.

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox. Do not include the word "Code"

:Services
:OTL
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 7171
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKCU..\Run: [Aim6] c:\program files\aim6\aim6 .exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 1
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
[2010/04/12 02:05:35 | 001,086,856 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Owner\Desktop\m8x4RF7CC.exe
[2010/04/12 02:03:58 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\fjljlakfd.exe
[6 C:\*.tmp files -> C:\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[20 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[2010/04/28 05:13:24 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\k6c56yft.exe
[2010/04/27 07:00:00 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\gduxrhue.job
[2010/04/20 22:12:26 | 048,417,032 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\setup_av_free.exe
[2010/04/20 22:11:00 | 046,664,160 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Owner\Desktop\avinstall.exe
[2010/04/20 22:10:39 | 002,131,808 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Owner\Desktop\avg_free_stb_all_9_114_cnet.exe
[2010/04/20 22:08:22 | 044,089,584 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe
[2010/04/20 22:07:53 | 010,702,992 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\fwinstall.exe
[2010/04/20 22:06:36 | 009,017,408 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Owner\Desktop\tfinstall.exe
[2010/04/20 21:57:53 | 000,000,032 | --S- | M] () -- C:\WINDOWS\System32\791403268.dat
[2010/04/19 20:42:30 | 000,001,384 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\GSk38k4
[2010/04/18 18:04:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13317.exe
[2010/04/18 17:44:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18205.exe
[2010/04/18 17:24:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21791.exe
[2010/04/18 17:04:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30265.exe
[2010/04/18 16:44:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\25876.exe
[2010/04/12 18:58:23 | 000,012,936 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\RN1bHtl5c
[2010/04/12 18:58:23 | 000,012,936 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\RN1bHtl5c
[2010/04/12 07:07:48 | 000,012,940 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\1506408538
[2010/04/12 07:07:48 | 000,012,940 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1506408538
[2010/04/12 06:47:45 | 000,000,004 | ---- | M] () -- C:\Program Files\294859.dat
[2010/04/12 06:47:44 | 000,000,004 | ---- | M] () -- C:\Program Files\294359.dat
[2010/04/12 03:17:40 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gfgs.lnk
[2010/04/12 02:11:03 | 000,000,478 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to fjljlakfd.lnk
[2010/04/12 02:05:35 | 001,086,856 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\Owner\Desktop\m8x4RF7CC.exe
[2010/04/12 02:04:03 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\fjljlakfd.exe
[2010/04/28 05:13:23 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\k6c56yft.exe
[2010/04/12 06:47:46 | 000,012,940 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\1506408538
[2010/04/12 06:47:46 | 000,012,940 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1506408538
[2010/04/12 06:47:45 | 000,000,004 | ---- | C] () -- C:\Program Files\294859.dat
[2010/04/12 06:47:44 | 000,000,004 | ---- | C] () -- C:\Program Files\294359.dat
[2010/04/12 03:17:40 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gfgs.lnk
[2010/04/12 02:11:02 | 000,000,478 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to fjljlakfd.lnk
[2010/04/11 23:54:13 | 000,012,936 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\RN1bHtl5c
[2010/04/27 07:00:00 | 000,000,310 | ---- | M] () -- C:\WINDOWS\Tasks\gduxrhue.job
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
:Files

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click .
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

NEXT:

Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the OTL fix.
3. The log that was produced after running the ComboFix scan.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

#9 charles blake

Group: Member
Posts: 19
Joined: 27-April 10

Posted 28 April 2010 - 07:20 PM

1. So what now?

2. All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "localhost" removed from network.proxy.http
Prefs.js: 7171 removed from network.proxy.http_port
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Aim6 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCMD deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCMD deleted successfully.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Documents and Settings\Owner\Desktop\m8x4RF7CC.exe moved successfully.
C:\Documents and Settings\Owner\Desktop\fjljlakfd.exe moved successfully.
C:\3.tmp deleted successfully.
C:\41.tmp deleted successfully.
C:\5.tmp deleted successfully.
C:\6.tmp deleted successfully.
C:\7.tmp deleted successfully.
C:\8.tmp deleted successfully.
C:\WINDOWS\002226_.tmp deleted successfully.
C:\WINDOWS\002300_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\Documents and Settings\Owner\My Documents\~WRL0001.tmp deleted successfully.
C:\Documents and Settings\Owner\My Documents\~WRL0003.tmp deleted successfully.
C:\Documents and Settings\Owner\My Documents\~WRL0004.tmp deleted successfully.
C:\Documents and Settings\Owner\My Documents\~WRL0331.tmp deleted successfully.
C:\Documents and Settings\Owner\My Documents\~WRL0362.tmp deleted successfully.
C:\Documents and Settings\Owner\My Documents\~WRL0370.tmp deleted successfully.
C:\Documents and Settings\Owner\My Documents\~WRL0465.tmp deleted successfully.
C:\Documents and Settings\Owner\My Documents\~WRL0561.tmp deleted successfully.
C:\Documents and Settings\Owner\My Documents\~WRL0913.tmp deleted successfully.
C:\Documents and Settings\Owner\My Documents\~WRL1070.tmp deleted successfully.
C:\Documents and Settings\Owner\My Documents\~WRL1568.tmp deleted successfully.
C:\Documents and Settings\Owner\My Documents\~WRL1908.tmp deleted successfully.
C:\Documents and Settings\Owner\My Documents\~WRL2010.tmp deleted successfully.
C:\Documents and Settings\Owner\My Documents\~WRL2112.tmp deleted successfully.
C:\Documents and Settings\Owner\My Documents\~WRL2238.tmp deleted successfully.
C:\Documents and Settings\Owner\My Documents\~WRL2511.tmp deleted successfully.
C:\Documents and Settings\Owner\My Documents\~WRL2575.tmp deleted successfully.
C:\Documents and Settings\Owner\My Documents\~WRL3227.tmp deleted successfully.
C:\Documents and Settings\Owner\My Documents\~WRL3829.tmp deleted successfully.
C:\Documents and Settings\Owner\My Documents\~WRL3873.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\Fonts\uninst58.tmp deleted successfully.
C:\Documents and Settings\Owner\Desktop\k6c56yft.exe moved successfully.
C:\WINDOWS\tasks\gduxrhue.job moved successfully.
C:\Documents and Settings\Owner\Desktop\setup_av_free.exe moved successfully.
C:\Documents and Settings\Owner\Desktop\avinstall.exe moved successfully.
C:\Documents and Settings\Owner\Desktop\avg_free_stb_all_9_114_cnet.exe moved successfully.
C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe moved successfully.
C:\Documents and Settings\Owner\Desktop\fwinstall.exe moved successfully.
C:\Documents and Settings\Owner\Desktop\tfinstall.exe moved successfully.
C:\WINDOWS\system32\791403268.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\GSk38k4 moved successfully.
C:\WINDOWS\system32\13317.exe moved successfully.
C:\WINDOWS\system32\18205.exe moved successfully.
C:\WINDOWS\system32\21791.exe moved successfully.
C:\WINDOWS\system32\30265.exe moved successfully.
C:\WINDOWS\system32\25876.exe moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RN1bHtl5c moved successfully.
C:\Documents and Settings\All Users\Application Data\RN1bHtl5c moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\1506408538 moved successfully.
C:\Documents and Settings\All Users\Application Data\1506408538 moved successfully.
C:\Program Files\294859.dat moved successfully.
C:\Program Files\294359.dat moved successfully.
C:\Documents and Settings\Owner\Desktop\gfgs.lnk moved successfully.
C:\Documents and Settings\Owner\Desktop\Shortcut to fjljlakfd.lnk moved successfully.
File C:\Documents and Settings\Owner\Desktop\m8x4RF7CC.exe not found.
File C:\Documents and Settings\Owner\Desktop\fjljlakfd.exe not found.
File C:\Documents and Settings\Owner\Desktop\k6c56yft.exe not found.
File C:\Documents and Settings\Owner\Local Settings\Application Data\1506408538 not found.
File C:\Documents and Settings\All Users\Application Data\1506408538 not found.
File C:\Program Files\294859.dat not found.
File C:\Program Files\294359.dat not found.
File C:\Documents and Settings\Owner\Desktop\gfgs.lnk not found.
File C:\Documents and Settings\Owner\Desktop\Shortcut to fjljlakfd.lnk not found.
File C:\Documents and Settings\All Users\Application Data\RN1bHtl5c not found.
File C:\WINDOWS\Tasks\gduxrhue.job not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== FILES ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
C:\WINDOWS\ѕecurity folder moved successfully.
C:\WINDOWS\ѕуmbols folder moved successfully.
C:\Program Files\Common Files\Mіcrosoft.NET folder moved successfully.
C:\Program Files\Common Files\Μicrosoft.NET\Μicrosoft.NET folder moved successfully.
C:\Program Files\Common Files\Μicrosoft.NET folder moved successfully.
C:\Program Files\Common Files\sеcurity folder moved successfully.
C:\Program Files\Common Files\ѕymbols folder moved successfully.

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41044 bytes

User: Guest
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 339821 bytes
->Temporary Internet Files folder emptied: 14975090 bytes
->Flash cache emptied: 14183 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 96502 bytes
->Flash cache emptied: 22128 bytes

User: Owner
->Temp folder emptied: 99627 bytes
->Temporary Internet Files folder emptied: 2626067 bytes
->Java cache emptied: 52474191 bytes
->FireFox cache emptied: 40279023 bytes
->Flash cache emptied: 2372512 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 35848111 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23982646 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1306700 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 166.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Guest

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.3.0 log created on 04282010_201623

Files\Folders moved on Reboot...
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WT6781AB\ShootingGallery4[1].png moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O1UROHYZ\favicon[1].ico moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PQN09AB\1264808[1].xml moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PQN09AB\program_info;sz=535x75;ord=1272387930953[1].asx moved successfully.
File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!
File\Folder C:\WINDOWS\temp\fla110.tmp not found!
File\Folder C:\WINDOWS\temp\fla3F.tmp not found!

Registry entries deleted on Reboot...

3. ComboFix 10-04-28.03 - Owner 04/28/2010 20:34:35.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.212 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\c.cgm
c:\documents and settings\Owner\Application Data\B1E0E6B3F0DA66AFAED50F452F6BBC79
c:\documents and settings\Owner\Application Data\B1E0E6B3F0DA66AFAED50F452F6BBC79\enemies-names.txt
c:\documents and settings\Owner\Application Data\B1E0E6B3F0DA66AFAED50F452F6BBC79\lsrslt.ini
c:\documents and settings\Owner\Application Data\iniasd.txt
c:\progra~1\COMMON~1\{B45BC~1
c:\recycler\S-1-5-21-2857506692-3657068529-1952210963-1003
c:\recycler\S-1-5-21-2857506692-3657068529-1952210963-500
c:\recycler\S-1-5-21-3049333205-1056798015-1285688041-1003
c:\recycler\S-1-5-21-3049333205-1056798015-1285688041-500
c:\recycler\S-1-5-21-4245372200-3720798831-4117357717-1003
c:\temp\0c2
c:\temp\0c2\tmpFF.log
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\brr
c:\temp\brr\tmpZTF.log
c:\temp\tn3
C:\Thumbs.db
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Fonts\a.zip
c:\windows\system32\576749190.dat
c:\windows\system32\regsvr32 .exe
c:\windows\system32\vttimer .exe
c:\windows\system32\wininit.dll
D:\Autorun.inf

Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected
Restored copy from - Kitty had a snack

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_MNMSRVCSCARDSVRSHELLHWDETECTION
-------\Legacy_PRAGMARTFPOVFQHE
-------\Legacy_SCARDSVRSHELLHWDETECTION
-------\Legacy_STISVCSHELLHWDETECTION
-------\Service_6to4
-------\Service_mnmsrvcSCardSvrShellHWDetection
-------\Service_PRAGMArtfpovfqhe
-------\Service_SCardSvrShellHWDetection
-------\Service_stisvcShellHWDetection

((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-29 )))))))))))))))))))))))))))))))
.

2010-04-29 00:16 . 2010-04-29 00:16 -------- d-----w- C:\_OTL
2010-04-27 21:12 . 2010-04-27 21:12 -------- d-s---w- c:\documents and settings\LocalService\UserData
2010-04-22 19:48 . 2010-04-22 21:51 -------- d-----w- c:\program files\PC Tools AntiVirus
2010-04-22 19:48 . 2010-04-22 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-04-21 10:07 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-21 10:07 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-21 10:07 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-21 10:07 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-21 10:07 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-21 10:07 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-21 10:07 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-21 10:06 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-21 10:06 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-21 10:06 . 2010-04-21 10:06 -------- d-----w- c:\program files\Alwil Software
2010-04-21 10:06 . 2010-04-21 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-21 02:11 . 2010-04-21 02:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-04-21 02:11 . 2010-04-21 02:11 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-04-20 23:55 . 2010-04-20 23:58 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Ares
2010-04-19 01:32 . 2010-04-19 01:32 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Identities
2010-04-17 03:11 . 2010-04-17 03:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-04-15 23:16 . 2010-04-16 00:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-14 02:58 . 2010-04-14 02:58 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2010-04-13 23:13 . 2010-04-14 12:34 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Adobe
2010-04-13 21:22 . 2010-04-13 21:22 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AOL OCP
2010-04-13 21:22 . 2010-04-13 21:22 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AOL
2010-04-13 21:11 . 2010-04-13 21:58 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Google
2010-04-13 10:32 . 2010-04-13 10:32 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-04-12 10:47 . 2010-04-12 10:47 8224 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-04-12 06:11 . 2010-04-12 06:11 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-04-12 06:11 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-12 06:11 . 2010-04-23 09:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-12 06:11 . 2010-04-12 06:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-12 06:11 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-22 20:43 . 2008-12-21 18:30 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools
2010-04-22 20:07 . 2007-04-11 21:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-22 00:24 . 2009-02-22 18:07 -------- d--h--w- c:\documents and settings\Owner\Application Data\ijjigame
2010-04-21 23:24 . 2004-04-02 10:04 -------- d-----w- c:\program files\QuickTime
2010-04-21 23:24 . 2009-12-29 07:16 -------- d-----w- c:\program files\Microsoft LifeCam
2010-04-21 23:24 . 2006-12-10 03:19 -------- d-----w- c:\program files\AIM6
2010-04-21 10:26 . 2004-04-03 08:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-21 10:15 . 2004-04-03 08:04 -------- d-----w- c:\program files\Symantec
2010-04-21 10:14 . 2004-04-03 08:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-17 15:27 . 2009-12-29 08:26 375032 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-17 13:25 . 2010-02-12 01:01 -------- d-----w- c:\program files\Image-Line
2010-03-26 14:33 . 2010-04-29 00:14 1496064 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\bsjzbvga.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 14:33 . 2010-04-29 00:14 43008 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\bsjzbvga.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 14:33 . 2010-04-29 00:14 339456 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\bsjzbvga.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 14:32 . 2010-04-29 00:14 346112 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\bsjzbvga.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-03-22 04:33 . 2006-11-27 22:10 -------- d-----w- c:\program files\BitComet
2010-03-14 00:16 . 2008-12-30 20:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-13 23:21 . 2008-06-22 06:02 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2010-03-06 03:35 . 2009-10-11 00:25 44232 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-19 16:55 . 2009-04-25 23:38 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-07 20:59 . 2009-10-06 03:35 69 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences2.dat
2010-02-07 20:59 . 2008-09-21 20:29 39 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences.dat
2009-10-04 14:28 . 2009-10-04 14:28 11775 ----a-w- c:\program files\Common Files\zyruqykux.bat
2009-10-04 14:28 . 2009-10-04 14:28 11360 ----a-w- c:\program files\Common Files\ylutov.dll
2009-10-04 14:28 . 2009-10-04 14:28 11180 ----a-w- c:\program files\Common Files\eboxijanoh.ban
2009-10-04 14:28 . 2009-10-04 14:28 10252 ----a-w- c:\program files\Common Files\afomufoxer.ban
2006-01-16 01:51 . 2006-01-16 01:51 560 ----a-w- c:\program files\Global.sw
.

<pre>
c:\program files\AIM6\aim6  .exe
c:\program files\Common Files\Symantec Shared\ccapp .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\Microsoft LifeCam\lifeexp .exe
c:\program files\QuickTime\qttask							 .exe
c:\windows\PCHealth\HelpCtr\Binaries\msconfig .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-12-29 03:02 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^IMStart.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\IMStart.lnk
backup=c:\windows\pss\IMStart.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^scandisk.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\scandisk.lnk
backup=c:\windows\pss\scandisk.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SYSDLL]
SYSDLL [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 07:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_Reader]
c:\program files\internet explorer\wmpscfgs.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-06-29 14:06 88363 ----a-w- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
c:\program files\AIM6\aim6.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 18:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\calc]
c:\windows\system32\calc.dll [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-08 00:04 52736 ----a-w- c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-06-01 21:51 257088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
c:\hp\KBD\KBD.EXE [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
c:\program files\Microsoft LifeCam\LifeExp.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
c:\program files\Messenger\msmsgs.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
c:\program files\Common Files\Symantec Shared\CfgWiz.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2003-09-13 03:13 98304 ----a-w- c:\windows\system32\ps2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\qttask.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2004-04-14 04:43 233472 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2003-12-18 07:31 118784 ----a-w- c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-01-18 17:39 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-12-29 03:02 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2004-04-02 09:43 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
2003-09-23 23:49 20480 ----a-w- c:\windows\wt\updater\wcmdmgrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:ooVoo TCP port 443
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675
"15331:TCP"= 15331:TCP:BitComet 15331 TCP
"15331:UDP"= 15331:UDP:BitComet 15331 UDP

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/21/2010 6:07 AM 162768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/22/2008 12:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 12:05 PM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/21/2010 6:07 AM 19024]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/30/2008 6:39 PM 24652]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [12/29/2009 12:45 AM 30560]
S0 aybupech;aybupech; [x]
S2 mrtRate;mrtRate; [x]
S2 SCardDrvSAVScan;Smart Card Helper SCardDrvSAVScan;c:\windows\System32\adsntb.exe srv --> c:\windows\System32\adsntb.exe srv [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\System32\GameMon.des -service --> c:\windows\System32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 12:06 PM 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 19:42]

2010-04-23 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-09-19 04:42]

2004-04-03 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-04-03 08:17]
.
.
------- Supplementary Scan -------
.
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{3F9B6E1C-C4DC-4127-A5BE-485C5C9D5C8F} - c:\windows\system32\3578.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-28 20:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\System32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(2968)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2010-04-28 21:03:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-29 01:03

Pre-Run: 96,563,539,968 bytes free
Post-Run: 99,858,227,200 bytes free

- - End Of File - - A0340E5CD7DF3E8BF3CAE7763B3C1EFC

4. Google redirecting virus is fixed!! Thank you! And I haven't had a pop up yet.. However my sound is still not working, but maybe the volume control will show up after rebooting again.

#10 SweetTech

Group: Moderator
Posts: 7,649
Joined: 28-April 09

Posted 28 April 2010 - 07:27 PM

Hello,

Glad to hear that the Google redirect issue is fixed. We still have some additional work to do. It's getting late on my end, so this will be my last post to you for the evening. I should have new instructions for you tomorrow sometime.

ST.

#11 charles blake

Group: Member
Posts: 19
Joined: 27-April 10

Posted 28 April 2010 - 08:45 PM

I realized that i can actually hear sounds now, and can access volume control from control panel, i just don't have the icon in the taskbar (its been gone since this virus thing started)

#12 SweetTech

Group: Moderator
Posts: 7,649
Joined: 28-April 09

Posted 29 April 2010 - 08:50 AM

Hello,

ComboFix Script

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.geekstogo.com/forum/HijackThis-Anaylsis-Needed-Please-Help-t275392.html&view=findpost&p=1818447#entry1818447
KillAll::

Collect::
c:\program files\Common Files\zyruqykux.bat
c:\program files\Common Files\ylutov.dll
c:\program files\Common Files\eboxijanoh.ban
c:\program files\Common Files\afomufoxer.ban
c:\windows\System32\adsntb.exe srv

Driver::
aybupech
mrtRate
SCardDrvSAVScan

Registry::
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=-
"NoActiveDesktopChanges"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SYSDLL]

RenV::
c:\program files\AIM6\aim6  .exe
c:\program files\Common Files\Symantec Shared\ccapp .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\Microsoft LifeCam\lifeexp .exe
c:\program files\QuickTime\qttask							 .exe
c:\windows\PCHealth\HelpCtr\Binaries\msconfig .exe

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you.
Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT:

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform quick scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT:

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

NEXT:

OTL Custom Scan

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Extra Registry select Use Safe List
Under Custom Scan paste this in

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
- You may need two posts to fit them both in.

NEXT:

Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the ComboFix fix.
3. The log that was produced after running the updated MalwareBytes' Anti-Malware scan.
4. The log that was produced after running the ESET Online Virus Scanner.
5. The logs that were produced after running the OTL scan.
6. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

#13 charles blake

Group: Member
Posts: 19
Joined: 27-April 10

Posted 29 April 2010 - 08:25 PM

1. I did the combofix scan, and left the computer on while it was running. My dad saw the scan was complete and closed the window after it was done soI did not get a chance to save the log. What should I do about this? However, I'll continue with the rest of the steps..

#14 charles blake

Group: Member
Posts: 19
Joined: 27-April 10

Posted 30 April 2010 - 04:27 AM

2. no log available, my dad closed it

3. Malwarebytes found nothing

4. C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe probably a variant of Win32/Agent trojan
C:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\Desktop.htt Win32/TrojanDownloader.FakeAlert.AUD trojan
C:\hp\recovery\wizard\fscommand\AppRecoveryLink_ret.exe probably a variant of Win32/Spy.Agent trojan
C:\hp\recovery\wizard\fscommand\CDLogic_ret.exe probably a variant of Win32/Spy.Agent trojan
C:\hp\recovery\wizard\fscommand\CreatorLink_ret.exe probably a variant of Win32/Spy.Agent trojan
C:\hp\recovery\wizard\fscommand\RestoreLink_ret.exe probably a variant of Win32/Spy.Agent trojan
C:\hp\recovery\wizard\fscommand\RTCDLink_ret.exe probably a variant of Win32/Spy.Agent trojan
C:\hp\recovery\wizard\fscommand\RunLink_ret.exe probably a variant of Win32/Spy.Agent trojan
C:\hp\recovery\wizard\fscommand\SysRecoveryLink_ret.exe probably a variant of Win32/Spy.Agent trojan
C:\hp\recovery\wizard\fscommand\WizardLink_ret.exe probably a variant of Win32/Spy.Agent trojan
C:\Program Files\BackWeb\BackWeb Client\6.2.3.66L\Program\runner.exe probably a variant of Win32/Agent trojan
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe probably a variant of Win32/Agent trojan
C:\Qoobox\Quarantine\C\WINDOWS\Fonts\a.zip.vir Win32/TrojanDropper.VB.NAI trojan
C:\VundoFix Backups\kjkkj.bak1.bad Win32/Adware.Virtumonde.NEO application
C:\VundoFix Backups\kjkkj.ini.bad Win32/Adware.Virtumonde.NEO application
C:\VundoFix Backups\ttvwa.ini.bad Win32/Adware.Virtumonde.NEO application

#15 charles blake

Group: Member
Posts: 19
Joined: 27-April 10

Posted 30 April 2010 - 04:38 AM

5. OTL logfile created on: 4/30/2010 6:30:09 AM - Run 2
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 74.00 Mb Available Physical Memory | 16.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.96 Gb Total Space | 92.72 Gb Free Space | 63.96% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 0.59 Gb Free Space | 14.59% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Unable to calculate disk information.
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOURSIQUOT
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstc10.exe (HP)
PRC - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (npggsvc) -- File not found
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (MSHUSBVideo) -- C:\WINDOWS\system32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (NPPTNT2) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (TIEHDUSB) -- C:\WINDOWS\system32\drivers\tiehdusb.sys (Texas Instruments Incorporated)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (fasttx2k) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (SISAGP) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.10
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {0A328249-98DF-476C-9D25-3853C961DAB9}:1.0
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/01 17:12:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/31 12:57:50 | 000,000,000 | ---D | M]

[2008/12/02 17:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/04/29 20:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bsjzbvga.default\extensions
[2009/12/29 10:12:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bsjzbvga.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/28 20:14:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bsjzbvga.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/10/07 14:57:28 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bsjzbvga.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2008/12/16 17:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bsjzbvga.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2008/12/16 18:14:59 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bsjzbvga.default\searchplugins\ask.xml
[2010/04/29 20:30:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/13 17:31:27 | 000,000,000 | ---D | M] (SpaceQuery) -- C:\Program Files\Mozilla Firefox\extensions\{0A328249-98DF-476C-9D25-3853C961DAB9}
[2006/09/29 16:44:48 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/07/17 04:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2009/05/20 01:49:50 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2009/01/28 23:08:04 | 000,132,528 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
[2009/08/17 07:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2007/06/01 17:51:16 | 000,069,632 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
[2006/10/09 22:56:29 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/04/29 18:56:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.130 167.206.245.129
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/02 04:03:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/12/30 15:56:00 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54338281256517632)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/29 22:43:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/04/29 19:33:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/04/29 18:45:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/28 20:27:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/28 20:27:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/28 20:27:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/28 20:27:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/28 20:27:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/28 20:26:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/28 20:16:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/28 05:13:38 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/04/23 04:33:34 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2010/04/22 15:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools AntiVirus
[2010/04/22 15:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/04/22 01:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\XDelBox
[2010/04/21 06:07:41 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/21 06:07:40 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/21 06:07:35 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/21 06:07:33 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/21 06:07:26 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/21 06:07:26 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/21 06:07:24 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/21 06:06:16 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/21 06:06:16 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/21 06:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/21 06:06:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/20 22:19:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Desktop\Brian's Virus Removal
[2010/04/20 22:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/04/20 22:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2010/04/20 19:55:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Ares
[2010/04/18 21:32:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Identities
[2010/04/17 03:05:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/04/16 23:11:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/04/15 19:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/15 19:16:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/13 22:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer
[2010/04/13 19:13:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
[2010/04/13 17:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AOL OCP
[2010/04/13 17:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AOL
[2010/04/13 17:11:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google
[2010/04/13 00:01:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/13 00:01:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/12 02:11:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/04/12 02:11:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/12 02:11:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/12 02:11:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/12 02:11:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

========== Files - Modified Within 30 Days ==========

[2010/04/29 22:43:17 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\esetsmartinstaller_enu.exe
[2010/04/29 18:56:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/29 18:56:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/29 18:47:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/29 18:47:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/29 18:47:05 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/29 18:46:11 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/04/29 18:46:11 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/04/29 18:32:10 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\brian virus instructions 3.doc
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 20:24:42 | 003,923,072 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/04/28 20:10:20 | 000,107,008 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\brian virus instructions 2.doc
[2010/04/28 19:51:22 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Animas one touch pump.doc
[2010/04/28 05:13:39 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/04/27 21:04:57 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\brian virus instructions 1.doc
[2010/04/26 19:28:45 | 002,246,557 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ACT-So 2009 043.jpg
[2010/04/26 19:28:42 | 000,055,639 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ACTSO30+084.jpg
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/23 19:39:49 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\lab # 20.doc
[2010/04/23 19:39:43 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\lab #15.doc
[2010/04/23 15:00:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan.job
[2010/04/23 07:47:47 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\List of St. Jerome Bible Class.doc
[2010/04/23 05:20:45 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\government homework april 22.doc
[2010/04/23 04:33:34 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2010/04/22 01:17:49 | 000,899,695 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\XDelBox.zip
[2010/04/22 01:03:24 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\brian boursiquot resume.doc
[2010/04/22 01:02:22 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\workshop physical.doc
[2010/04/22 00:45:24 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\brian rotary finch.doc
[2010/04/22 00:40:28 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\brian rotary speech.doc
[2010/04/21 06:07:44 | 000,001,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/21 06:07:28 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/20 23:59:06 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\BAB.doc
[2010/04/20 23:49:25 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My quotes.doc
[2010/04/20 23:08:06 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Dear Venus.doc
[2010/04/20 06:49:41 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\government hw april 19.doc
[2010/04/19 01:14:47 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\naacp actso Brief Autobiography of Brian Boursiquot.doc
[2010/04/19 01:08:33 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\brian rotary scholarship.doc
[2010/04/18 20:03:39 | 000,059,904 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\naacp actso 2009.doc
[2010/04/18 16:20:51 | 000,000,664 | ---- | M] () -- C:\Security essentials 2010.lnk
[2010/04/17 22:38:50 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mottos.doc
[2010/04/17 19:50:15 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\beak lab.doc
[2010/04/17 14:38:31 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\lab # 16.doc
[2010/04/17 14:18:55 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\lab # 17.doc
[2010/04/17 13:42:47 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\lab # 13.doc
[2010/04/17 12:34:38 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$mottos.doc
[2010/04/17 12:04:27 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\lab # 10.doc
[2010/04/17 10:59:41 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/17 10:59:41 | 000,000,021 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/16 22:03:33 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\lab # 9.doc
[2010/04/16 18:10:34 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/16 06:41:16 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\physics lenses and mirrors.doc
[2010/04/15 22:20:48 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Brendan Boursiquot 4.doc
[2010/04/15 20:38:34 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$ak lab.doc
[2010/04/14 21:11:44 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\punnett lab.doc
[2010/04/14 20:42:48 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\blood lab.doc
[2010/04/14 12:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/14 12:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/14 12:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/14 12:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/14 12:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/14 12:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/14 12:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/14 12:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/14 12:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/13 18:14:56 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\brian nhs.doc
[2010/04/13 18:06:34 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\brian nhs 2.doc
[2010/04/13 13:08:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/12 06:49:37 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/12 06:47:56 | 000,008,224 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2010/04/11 15:32:47 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Brian Boursiquot scholarship negro.doc
[2010/04/11 15:30:18 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Brian Boursiquot csea.doc
[2010/04/11 14:32:08 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\shawny.doc
[2010/04/08 22:55:41 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\King Faggot.doc
[2010/04/08 18:39:21 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\brian math induction.doc
[2010/04/07 23:06:05 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\government federalism hw.doc
[2010/04/04 14:24:58 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\300px-Exodus_006.jpg
[2010/04/02 19:28:51 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\altar server meeting schedule.doc
[2010/04/02 19:25:33 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\altar server meeting flyer 2.doc

========== Files Created - No Company Name ==========

[2010/04/29 22:43:10 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\esetsmartinstaller_enu.exe
[2010/04/29 18:32:09 | 000,073,216 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\brian virus instructions 3.doc
[2010/04/28 20:27:47 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/28 20:27:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/28 20:27:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/28 20:27:47 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/28 20:27:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/28 20:24:34 | 003,923,072 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/04/28 20:10:20 | 000,107,008 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\brian virus instructions 2.doc
[2010/04/28 19:51:16 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Animas one touch pump.doc
[2010/04/27 21:04:56 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\brian virus instructions 1.doc
[2010/04/26 19:28:41 | 000,055,639 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ACTSO30+084.jpg
[2010/04/26 19:28:37 | 002,246,557 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ACT-So 2009 043.jpg
[2010/04/23 19:39:15 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\lab #15.doc
[2010/04/23 05:20:36 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\government homework april 22.doc
[2010/04/22 01:17:44 | 000,899,695 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\XDelBox.zip
[2010/04/21 23:57:55 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\brian rotary speech.doc
[2010/04/21 23:11:54 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\brian rotary finch.doc
[2010/04/21 06:07:44 | 000,001,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/21 05:48:48 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\workshop physical.doc
[2010/04/20 20:58:30 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Dear Venus.doc
[2010/04/20 06:49:41 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\government hw april 19.doc
[2010/04/19 20:42:29 | 000,001,384 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\GSk38k4
[2010/04/19 01:08:33 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\brian rotary scholarship.doc
[2010/04/18 20:36:43 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\naacp actso Brief Autobiography of Brian Boursiquot.doc
[2010/04/18 16:20:23 | 000,000,664 | ---- | C] () -- C:\Security essentials 2010.lnk
[2010/04/17 14:38:31 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\lab # 16.doc
[2010/04/17 14:18:55 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\lab # 17.doc
[2010/04/17 14:01:42 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\lab # 20.doc
[2010/04/17 13:42:47 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\lab # 13.doc
[2010/04/17 12:34:38 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$mottos.doc
[2010/04/17 12:04:26 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\lab # 10.doc
[2010/04/16 22:45:51 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\mottos.doc
[2010/04/16 22:03:30 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\lab # 9.doc
[2010/04/16 05:09:43 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\physics lenses and mirrors.doc
[2010/04/15 22:20:45 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Brendan Boursiquot 4.doc
[2010/04/15 20:38:34 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$ak lab.doc
[2010/04/14 21:26:49 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\beak lab.doc
[2010/04/14 21:11:44 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\punnett lab.doc
[2010/04/14 20:04:29 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\blood lab.doc
[2010/04/13 18:06:34 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\brian nhs 2.doc
[2010/04/12 23:09:25 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\brian nhs.doc
[2010/04/12 02:11:36 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/08 18:34:26 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\brian math induction.doc
[2010/04/08 17:54:07 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\King Faggot.doc
[2010/04/06 22:49:04 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\government federalism hw.doc
[2010/04/04 14:24:43 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\300px-Exodus_006.jpg
[2009/12/29 02:18:41 | 000,941,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\CAMTHWDM.sys
[2009/12/20 14:57:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2009/12/20 14:57:30 | 000,002,412 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2008/12/30 19:54:35 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/12/30 19:54:35 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/12/30 19:54:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/12/30 19:54:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/12/30 19:54:35 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/12/30 19:54:35 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/12/09 21:16:06 | 000,000,152 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/08 23:33:46 | 000,000,069 | ---- | C] () -- C:\WINDOWS\usrsvpia.ini
[2007/08/02 12:28:28 | 000,077,312 | ---- | C] () -- C:\WINDOWS\ua2.dll
[2006/12/21 16:24:54 | 000,000,053 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2006/06/23 14:16:05 | 000,000,042 | ---- | C] () -- C:\WINDOWS\Kbpiano2.ini
[2006/05/19 23:15:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/03/29 18:20:10 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/29 17:36:10 | 000,000,037 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/04/03 04:18:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/04/03 03:36:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/04/03 03:36:39 | 000,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/04/02 20:19:03 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/04/02 20:18:38 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/04/02 20:18:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/04/02 20:15:40 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/04/02 20:00:40 | 000,027,752 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/04/02 20:00:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/04/02 06:01:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/02 05:52:33 | 000,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/04/02 05:14:52 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/04/02 04:43:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/02 04:34:53 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/04/02 04:34:53 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/04/02 04:34:35 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/04/02 04:08:11 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/04/02 02:52:53 | 000,000,553 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/08 02:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/12/30 18:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/01/11 20:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica
[2010/04/21 06:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2006/02/20 21:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/08/19 14:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IJJIGame
[2008/02/15 22:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software
[2008/02/15 22:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
[2009/12/20 14:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2008/07/27 19:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2006/09/16 18:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/04/22 16:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/30 18:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/06/21 03:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2010/02/16 17:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Audacity
[2010/04/21 20:24:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\ijjigame
[2008/07/30 18:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2009/08/09 23:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/03/13 19:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2009/05/29 16:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NetMedia Providers
[2009/12/29 00:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ooVoo Details
[2009/05/29 16:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Publish Providers
[2009/12/30 19:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\quickhit.football.QHFootball.4D5206CA741FBF5FD6AAD1A97F5076E917382B34.1
[2009/11/07 13:45:05 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Owner\Application Data\S85-36SDHH18KAS-28920GDSG-BLAZE-672
[2004/04/02 21:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2009/05/29 16:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
[2009/01/06 02:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2009/11/19 19:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TigerPlayer
[2008/11/15 20:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity
[2009/01/16 21:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2009/12/29 02:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Webcammax

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/12/21 12:52:34 | 000,000,002 | ---- | M] () -- C:\-1269054478
[2007/08/17 15:17:55 | 000,000,000 | ---- | M] () -- C:\14467218
[2008/01/15 21:21:55 | 000,333,824 | ---- | M] () -- C:\7d81f1415312130.bup
[2008/01/15 21:22:01 | 000,333,824 | ---- | M] () -- C:\7d81f1415381670.bup
[2008/01/15 21:25:39 | 000,006,656 | ---- | M] () -- C:\7d81f1419272de0.bup
[2004/04/02 04:03:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/12/30 17:10:04 | 000,000,194 | RHS- | M] () -- C:\BOOT.BAK
[2010/04/17 10:59:41 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2007/02/03 18:32:47 | 000,020,827 | ---- | M] () -- C:\Close up.jpg
[2004/02/12 00:25:00 | 000,245,920 | RHS- | M] () -- C:\cmldr
[2010/04/29 19:02:22 | 000,017,633 | ---- | M] () -- C:\ComboFix.txt
[2004/04/02 04:03:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/08/16 16:57:46 | 000,021,263 | ---- | M] () -- C:\debug.log
[2007/04/24 22:08:54 | 000,006,704 | ---- | M] () -- C:\debug.txt
[2008/04/28 21:36:23 | 000,021,302 | ---- | M] () -- C:\drwtsn32.log
[2010/04/29 18:47:05 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys
[2003/12/08 13:15:56 | 000,028,672 | R--- | M] ( ) -- C:\hpqimgrc.resources.dll
[2009/12/29 16:06:25 | 000,055,700 | ---- | M] () -- C:\ijjiFFPlugin.log
[2007/11/10 17:10:58 | 001,149,576 | ---- | M] () -- C:\Install
[2004/04/02 04:03:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/07/11 16:55:46 | 000,003,409 | -H-- | M] () -- C:\IPH.PH
[2010/04/29 22:27:19 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/04/02 04:03:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/12/28 23:54:08 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/12/28 23:54:08 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/04/29 18:47:03 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys
[2006/03/18 14:49:18 | 000,005,486 | ---- | M] () -- C:\players.txt
[2006/05/22 13:54:05 | 002,139,206 | ---- | M] () -- C:\powerfootball.log
[2006/01/31 19:24:27 | 000,000,000 | ---- | M] () -- C:\sbo.14
[2010/04/18 16:20:51 | 000,000,664 | ---- | M] () -- C:\Security essentials 2010.lnk
[2008/06/24 21:06:47 | 000,000,190 | ---- | M] () -- C:\Shortcut to PRESARIO_RP (D).lnk
[2008/04/18 20:03:52 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/04/20 13:22:31 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/04/20 20:11:17 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/04/20 20:55:40 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/04/20 20:57:48 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2008/04/21 22:36:13 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2008/04/22 21:04:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2008/04/22 21:05:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2008/04/22 21:49:17 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/04/22 22:17:30 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/04/22 22:19:10 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/04/22 22:22:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/04/22 22:24:13 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/04/22 22:25:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/04/22 22:26:49 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/04/22 22:27:10 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2008/04/22 22:31:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2008/04/22 23:10:57 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2008/06/12 19:53:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2008/04/18 19:51:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2008/04/18 20:03:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/04/20 13:22:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/04/20 20:11:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/04/20 20:55:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/04/20 20:57:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008/04/21 22:36:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008/04/22 21:04:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008/04/22 21:05:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008/04/22 21:49:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008/04/22 22:17:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/04/22 22:19:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/04/22 22:22:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/04/22 22:24:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/04/22 22:25:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/04/22 22:26:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/04/22 22:27:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008/04/22 22:31:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008/04/22 23:10:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2008/06/12 19:53:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008/04/18 19:51:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2006/01/05 17:43:43 | 000,000,299 | -H-- | M] () -- C:\T4Metrics.log
[2010/04/15 07:11:19 | 000,000,136 | ---- | M] () -- C:\VundoFix.txt
[2006/05/22 13:43:50 | 000,004,633 | ---- | M] () -- C:\webdriver0.log
[2006/09/29 18:11:07 | 000,002,334 | ---- | M] () -- C:\_Sid.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/04/01 19:55:44 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/04/01 19:55:44 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/04/01 19:55:44 | 000,393,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/14 12:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010/04/14 12:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010/04/14 12:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010/04/14 12:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010/04/14 12:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010/04/14 12:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010/04/14 12:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
< End of report >

Back to Virus, Spyware, Malware Removal

Share this topic:

2 Pages
1
2
→

Please log in to reply

HijackThis Anaylsis Needed! Please Help! [Solved] - Geeks to Go Forums