Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

help

Started by phedup , Jul 31 2010 10:35 AM

  • This topic is locked This topic is locked

#1
phedup
Posted 31 July 2010 - 10:35 AM

phedup

    Member

  • Member
  • PipPip
  • 48 posts
I have been infected, redirected and firewall cannot be started, many windows services have been stopped, how can I fix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:22 PM, on 7/31/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\system32\ltmsg.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mim.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whatthetech.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:80
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [LyraHDProfiler] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX5400 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P28 "EPSON Stylus CX5400 (Copy 1)" /O6 "USB002" /M "Stylus CX5400"
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /M "Stylus CX5400" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-21-214099845-2014835873-67682326-1006\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /M "Stylus CX5400" /EF "HKCU" (User '?')
O4 - HKUS\S-1-5-21-214099845-2014835873-67682326-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-214099845-2014835873-67682326-1006\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (User '?')
O4 - HKUS\S-1-5-21-214099845-2014835873-67682326-1006\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User '?')
O4 - HKUS\S-1-5-21-214099845-2014835873-67682326-1006\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster 16\pmremind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.char...in/ssctlsma.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcp...a/PCPitStop.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase6087.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1098019000060
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1139152115093
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://webcam.atomic...activex/AMC.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv2.view22....p/view22rte.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://www.csde.stat...tivexviewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ent/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...768/mcfscan.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {2d83a2f0-6650-4781-a58f-fc5228b93b12} - C:\WINDOWS\mark_32.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

--
End of file - 12488 bytes
  • 0

Advertisements

#2
Essexboy
Posted 31 July 2010 - 11:34 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there let me see what you have

Posted Image GMER Rootkit Scanner - Download - Homepage
[*] Download GMER
[*] Extract the contents of the zipped file to desktop.
[*] Double click GMER.exe.
Posted Image
[*] If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
[*] In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
    Posted Image
    Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan all users
  • Under the Custom Scan box paste this in


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
phedup
Posted 01 August 2010 - 07:30 AM

phedup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
OTL logfile created on: 8/1/2010 9:12:42 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\monica\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 164.00 Mb Available Physical Memory | 32.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 19.67 Gb Free Space | 52.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJHCGB11
Current User Name: monica
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/01 09:11:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/14 20:51:06 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/13 21:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2006/09/11 05:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2006/01/19 11:06:18 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MusicMatch\MusicMatch Jukebox\MMDiag.exe
PRC - [2006/01/19 11:06:16 | 000,416,768 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MusicMatch\MusicMatch Jukebox\mim.exe
PRC - [2003/11/07 05:50:00 | 000,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\LOGI_MWX.EXE
PRC - [2001/10/25 23:13:16 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\devldr32.exe
PRC - [2001/09/04 15:31:50 | 000,655,360 | ---- | M] (Roxio) -- C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2001/08/07 19:06:54 | 000,024,633 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
PRC - [2001/04/03 12:38:30 | 000,038,912 | ---- | M] (LUCENT TECHNOLOGIES) -- C:\WINDOWS\SYSTEM32\ltmsg.exe
PRC - [2001/03/16 03:59:00 | 000,165,888 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\Mediadet.exe
PRC - [1999/08/30 03:55:00 | 000,189,952 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\CTNotify.exe


========== Modules (SafeList) ==========

MOD - [2010/08/01 09:11:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
MOD - [2003/10/06 14:16:00 | 001,126,400 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nview.dll
MOD - [2001/08/18 08:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SERWVDRV.DLL
MOD - [2001/08/18 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\UMDMXFRM.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/01 22:29:11 | 001,029,456 | ---- | M] (Lavasoft) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/08/18 09:02:54 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/18 09:02:39 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/09/06 09:42:27 | 000,833,168 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2001/08/10 13:14:14 | 000,192,512 | ---- | M] (Roxio Inc.) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\ImapiRox.exe -- (ImapiService)
SRV - [2001/08/06 15:41:48 | 000,028,672 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\Nhksrv.exe -- (Nhksrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\aox402vc.sys -- (e-snap!Video)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\aox402sc.sys -- (e-snap!Still) Alaris e-snap! USB Still Camera (WDM)
DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/08/18 09:03:08 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/18 09:03:08 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/03 09:23:02 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/04/27 21:29:01 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/06/20 15:57:46 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motmodem.sys -- (motmodem)
DRV - [2007/05/07 16:11:22 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motodrv.sys -- (MotDev)
DRV - [2007/03/29 07:24:11 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys -- (CO_Mon)
DRV - [2006/01/03 16:31:44 | 000,117,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/11/07 05:50:20 | 000,049,399 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mamotou.sys -- (mamotou)
DRV - [2005/09/13 13:32:01 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd)
DRV - [2005/08/17 23:44:44 | 000,011,473 | R--- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MaVc2K.sys -- (MaVctrl)
DRV - [2004/08/23 22:57:40 | 000,004,992 | R--- | M] ((Standard Mouse Types)) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Amfilter.sys -- (Amfilter)
DRV - [2004/08/23 22:55:48 | 000,011,264 | R--- | M] ((Standard Mouse Types)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Amusbprt.sys -- (Amusbprt)
DRV - [2004/08/04 00:31:18 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\an983.sys -- (AN983)
DRV - [2003/11/07 05:50:00 | 000,070,798 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/11/07 05:50:00 | 000,051,486 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042PR2.SYS -- (L8042PR2)
DRV - [2003/11/07 05:50:00 | 000,037,884 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidUsb.sys -- (LHidUsb)
DRV - [2003/11/07 05:50:00 | 000,025,502 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2003/10/06 14:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv4)
DRV - [2003/10/06 14:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2003/01/24 12:13:06 | 000,024,197 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\FTD2XX.sys -- (FTD2XX)
DRV - [2002/05/07 14:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\V4CB013D.SYS -- (FINEPIX_PCC)
DRV - [2002/04/11 18:21:38 | 000,013,335 | R--- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbcm.sys -- (usbcm)
DRV - [2002/04/11 14:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipfilter.sys -- (IPFilter)
DRV - [2002/01/23 13:59:54 | 000,661,770 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ltmdmxp.sys -- (ltmodem5)
DRV - [2001/10/25 23:13:12 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/10/25 23:13:02 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/10/25 23:12:54 | 000,282,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/09/10 10:43:46 | 000,205,824 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/09/04 16:37:08 | 000,233,344 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2001/09/04 15:39:50 | 000,017,990 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2001/09/04 15:39:40 | 000,019,702 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2001/09/04 15:39:28 | 000,078,454 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2K)
DRV - [2001/08/30 16:48:40 | 000,022,713 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2001/08/30 16:47:50 | 000,055,216 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 15:52:24 | 000,038,144 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\hpt3xx.sys -- (hpt3xx)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/08/17 13:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctljystk.sys -- (ctljystk)
DRV - [2001/06/20 19:32:54 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2000/10/03 17:18:24 | 000,006,942 | ---- | M] (Netropa Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Msikbd2k.sys -- (Msikbd2k)
DRV - [2000/03/29 18:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)
DRV - [1999/12/17 03:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PfModNT.sys -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.geekstogo.com/forum/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy:80



O1 HOSTS File: ([2010/07/30 22:44:49 | 000,416,643 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 14383 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQINIT.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE File not found
O4 - HKLM..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CTNotify.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus CX5400 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [LTWinModem1] C:\WINDOWS\System32\ltmsg.exe (LUCENT TECHNOLOGIES)
O4 - HKLM..\Run: [LyraHDProfiler] C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe File not found
O4 - HKLM..\Run: [MimBoot] C:\Program Files\MusicMatch\MusicMatch Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Openwares LiveUpdate] C:\Program Files\LIVEUPDATE\LiveUpdate.exe (Openwares)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe File not found
O4 - HKCU..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe (Sierra Imaging)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\PrintMaster 16\pmremind.exe (Broderbund Properties LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.symantec....trl/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} https://install.char...in/ssctlsma.dll (SmartAccess Ctl Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...a/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupd...b?1098019000060 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1139152115093 (MUWebControl Class)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://webcam.atomic...activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://www.pandasoft.../as5/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://hgtv2.view22....p/view22rte.cab (View22RTE Class)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} http://www.csde.stat...tivexviewer.cab (Crystal Report Viewer Control)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} http://fpdownload.ma...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...768/mcfscan.cab (McFreeScan Class)
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} http://www.trueswitc...eInstallSBC.exe (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Soap Bubbles.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Soap Bubbles.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7cf4589e-375c-11db-af43-001217554915}\Shell - "" = AutoRun
O33 - MountPoints2\{7cf4589e-375c-11db-af43-001217554915}\Shell\Auto\command - "" = UFO.exe
O33 - MountPoints2\{7cf4589e-375c-11db-af43-001217554915}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: LanmanWorkstation - File not found
NetSvcs: Messenger - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\ctwdm32.dll (Creative Technology Ltd.)
Drivers32: aux1 - C:\WINDOWS\System32\ctwdm32.dll (Creative Technology Ltd.)
Drivers32: msacm.ctmp3 - C:\WINDOWS\SYSTEM32\ctmp3.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/01 09:11:19 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
[2010/08/01 07:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\monica\Desktop\gmer
[2010/08/01 07:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\monica\Local Settings\Application Data\PCHealth
[2010/07/31 13:19:20 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/07/31 13:19:19 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/07/31 13:19:17 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/07/31 13:19:15 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/07/31 13:19:12 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/07/31 13:19:12 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/07/31 13:19:11 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/07/31 13:18:58 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/07/31 13:18:57 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/07/31 13:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/07/31 11:20:30 | 000,000,000 | ---D | C] -- C:\Program Files\HJT
[2010/07/31 11:19:06 | 000,000,000 | ---D | C] -- C:\New Folder
[2010/07/31 10:34:43 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\monica\My Documents\RootRepeal.exe
[2010/07/31 09:49:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/07/30 21:17:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\monica\Desktop\New Folder (3)
[2010/07/30 19:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/07/30 19:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\monica\Application Data\IObit
[2010/07/29 21:53:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/29 21:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/29 16:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\monica\Desktop\highlanders
[2002/03/14 02:59:57 | 000,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/01 09:11:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
[2010/08/01 07:44:59 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\gmer.zip
[2010/08/01 07:35:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/01 07:35:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/08/01 07:35:15 | 000,366,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/01 07:35:14 | 535,904,256 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/31 14:41:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/31 14:32:33 | 013,893,632 | ---- | M] () -- C:\Documents and Settings\monica\ntuser.dat
[2010/07/31 14:32:33 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\monica\NTUSER.INI
[2010/07/31 13:19:21 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/07/31 13:19:13 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/31 13:18:05 | 054,835,272 | ---- | M] () -- C:\Documents and Settings\monica\My Documents\setup_av_free.exe
[2010/07/31 11:43:58 | 001,108,900 | ---- | M] () -- C:\Documents and Settings\monica\My Documents\tdsskiller.zip
[2010/07/31 10:34:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\settings.dat
[2010/07/31 10:34:50 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\monica\My Documents\RootRepeal.exe
[2010/07/31 10:05:19 | 000,532,502 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/31 10:05:19 | 000,448,718 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/07/31 10:05:19 | 000,074,736 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/07/31 09:53:04 | 000,000,586 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\NEW DELL LAPTOP HOME CHARGER AND USB CABLE - eBay (item 310236853567 end time Aug-02-10 201335 PDT).url
[2010/07/31 09:40:03 | 000,000,761 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/07/31 09:40:03 | 000,000,279 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/07/31 09:40:03 | 000,000,211 | -HS- | M] () -- C:\BOOT.INI
[2010/07/31 09:23:08 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\monica\My Documents\Default.rdp
[2010/07/31 08:11:29 | 000,091,072 | ---- | M] () -- C:\Documents and Settings\monica\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/30 22:44:49 | 000,416,643 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2010/07/30 22:20:59 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\monica\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/30 19:39:24 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\monica\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/07/30 19:30:02 | 000,529,956 | ---- | M] () -- C:\Documents and Settings\monica\My Documents\cclean backup.reg
[2010/07/30 19:29:08 | 000,018,362 | ---- | M] () -- C:\Documents and Settings\monica\My Documents\registry backup ccleaner 7-30.reg
[2010/07/30 07:46:24 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/30 06:44:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/29 17:15:04 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/07/29 17:15:02 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-214099845-2014835873-67682326-1006.job
[2010/07/29 17:14:57 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-214099845-2014835873-67682326-1006.job
[2010/07/29 17:14:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/29 09:53:06 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\monica\My Documents\My Sharing Folders.lnk
[2010/07/28 09:07:26 | 001,956,100 | -H-- | M] () -- C:\Documents and Settings\monica\Local Settings\Application Data\IconCache.db
[2010/07/27 21:29:10 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/25 09:18:18 | 000,000,229 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\Connecticut Self Service Site JobCentral.url
[2010/07/24 09:30:38 | 000,000,220 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\CT Lottery Official Web Site.url
[2010/07/13 17:09:32 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\Microsoft Word.lnk
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 16:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/12 08:32:03 | 000,091,072 | ---- | M] () -- C:\Documents and Settings\monica\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/22 18:38:47 | 000,000,111 | ---- | M] () -- C:\WINDOWS\password.klc
[2010/05/20 06:28:18 | 000,003,661 | ---- | M] () -- C:\Documents and Settings\monica\My Documents\pw.rtf
[2010/05/10 01:44:01 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/08 21:11:43 | 000,263,577 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\IMG_NEW.jpg
[2010/05/03 16:07:03 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\monica\My Documents\Justin Ritchie.doc
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/01 07:44:49 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\gmer.zip
[2010/07/31 13:19:21 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/07/31 13:13:38 | 054,835,272 | ---- | C] () -- C:\Documents and Settings\monica\My Documents\setup_av_free.exe
[2010/07/31 12:27:41 | 535,904,256 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/31 11:43:54 | 001,108,900 | ---- | C] () -- C:\Documents and Settings\monica\My Documents\tdsskiller.zip
[2010/07/31 10:34:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\settings.dat
[2010/07/31 09:40:01 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2010/07/31 09:40:01 | 000,001,738 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
[2010/07/31 09:40:01 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/07/31 09:40:01 | 000,000,916 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Camio Viewer 2000.lnk
[2010/07/31 09:40:01 | 000,000,875 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
[2010/07/31 09:23:08 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\monica\My Documents\Default.rdp
[2010/07/30 20:03:19 | 000,025,318 | ---- | C] () -- C:\Documents and Settings\monica\commonpriv.log
[2010/07/30 20:03:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\monica\commonpriv.log.lock
[2010/07/30 19:39:24 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\monica\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/07/30 19:29:39 | 000,529,956 | ---- | C] () -- C:\Documents and Settings\monica\My Documents\cclean backup.reg
[2010/07/30 19:27:21 | 000,018,362 | ---- | C] () -- C:\Documents and Settings\monica\My Documents\registry backup ccleaner 7-30.reg
[2010/07/29 22:31:20 | 000,000,586 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\NEW DELL LAPTOP HOME CHARGER AND USB CABLE - eBay (item 310236853567 end time Aug-02-10 201335 PDT).url
[2010/05/10 01:44:01 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/08 21:11:43 | 000,263,577 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\IMG_NEW.jpg
[2010/05/03 16:07:02 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\monica\My Documents\Justin Ritchie.doc
[2010/02/22 12:11:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini
[2009/07/06 22:14:22 | 000,000,041 | ---- | C] () -- C:\WINDOWS\msiosd.ini
[2009/07/06 22:14:22 | 000,000,030 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2009/02/02 13:03:22 | 000,000,057 | ---- | C] () -- C:\WINDOWS\TaxACT08.ini
[2008/02/15 09:55:33 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/02/01 19:42:54 | 000,000,074 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini
[2007/12/28 14:11:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2007/12/28 14:11:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AlbumExe.INI
[2007/12/28 14:05:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2007/12/18 22:57:32 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/03/29 07:24:10 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2007/03/27 11:45:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2007/03/15 22:30:51 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/03/15 21:41:43 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/01/29 18:00:49 | 000,000,115 | ---- | C] () -- C:\WINDOWS\TaxACT06.ini
[2006/02/01 13:32:19 | 000,000,109 | ---- | C] () -- C:\WINDOWS\TaxACT05.ini
[2006/01/12 17:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 17:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/08/16 09:43:36 | 000,000,032 | ---- | C] () -- C:\WINDOWS\INSTAL~5.INI
[2005/04/23 13:46:29 | 000,000,120 | ---- | C] () -- C:\WINDOWS\WINRESAZ.INI
[2005/04/23 13:44:05 | 000,000,059 | R--- | C] () -- C:\WINDOWS\System32\FTD2XXUN.ini
[2005/02/07 10:21:04 | 000,000,128 | ---- | C] () -- C:\WINDOWS\TaxACT04.ini
[2004/10/17 12:56:54 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2004/10/17 12:45:13 | 000,000,040 | ---- | C] () -- C:\WINDOWS\TSC.INI
[2004/10/17 12:42:06 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/04/15 07:17:26 | 000,000,103 | ---- | C] () -- C:\WINDOWS\acezflowers.ini
[2004/02/29 14:29:18 | 000,000,098 | ---- | C] () -- C:\WINDOWS\TaxACT03.ini
[2004/02/27 13:25:52 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2004/02/27 12:17:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/02/26 21:32:48 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2004/02/26 21:22:17 | 000,000,111 | ---- | C] () -- C:\WINDOWS\EPSON Stylus CX5400.ini
[2003/12/17 14:06:56 | 000,000,030 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2003/11/04 12:59:30 | 000,000,198 | ---- | C] () -- C:\WINDOWS\ConnMgr.ini
[2003/11/03 09:51:21 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003/11/02 23:05:56 | 000,000,085 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2003/10/06 14:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/10/02 14:14:31 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2003/10/02 13:55:16 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2003/10/02 13:53:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\gscr.dll
[2003/09/11 17:15:50 | 000,000,122 | ---- | C] () -- C:\WINDOWS\CTRec.INI
[2003/09/06 10:05:20 | 000,000,420 | ---- | C] () -- C:\WINDOWS\PCPHOTO.INI
[2003/09/06 09:53:00 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2003/09/06 09:52:59 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2003/04/30 22:07:18 | 000,000,206 | ---- | C] () -- C:\WINDOWS\skywriter.ini
[2003/02/01 14:58:10 | 000,000,085 | ---- | C] () -- C:\WINDOWS\TaxACT02.ini
[2002/11/14 15:20:44 | 000,000,054 | ---- | C] () -- C:\WINDOWS\CDS6300.ini
[2002/09/15 20:56:20 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2002/07/02 15:22:21 | 000,000,394 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2002/05/04 17:46:20 | 000,000,031 | ---- | C] () -- C:\WINDOWS\KA.INI
[2002/04/12 09:49:05 | 000,001,325 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2002/04/11 14:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2002/04/07 11:35:59 | 000,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2002/04/04 15:46:20 | 000,011,509 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2002/04/03 09:36:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2002/03/14 03:05:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/03/14 03:01:36 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\saverrc.dll
[2002/03/14 02:59:36 | 000,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini
[2002/03/14 02:59:21 | 000,000,184 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2002/03/14 02:58:21 | 000,000,099 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2002/03/14 02:58:04 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2002/03/14 02:58:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2002/03/14 02:57:52 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2002/03/14 02:55:01 | 000,000,891 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/03/14 02:22:42 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2001/11/15 10:19:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2001/08/10 13:14:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ImapiRoxPS.dll
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1997/06/18 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/06/18 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2010/07/31 13:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/11/20 22:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/11/20 22:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9(2)
[2006/02/27 13:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2006/02/27 09:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software(2)
[2006/02/27 09:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software(3)
[2008/06/20 13:39:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2004/10/17 13:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IEService
[2005/09/27 11:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NetVeda
[2006/02/25 23:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2002/03/14 03:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra Imaging
[2005/11/13 21:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softdisk LLC
[2009/03/23 09:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/17 21:26:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2005/10/19 14:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Aim
[2009/11/20 22:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\AVGTOOLBAR
[2010/05/08 21:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Canon
[2005/05/01 02:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\EPSON
[2003/11/15 00:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\FUJIFILM
[2006/04/26 18:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\ICAClient
[2010/06/07 09:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Image Zone Express
[2002/04/05 17:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\InterTrust
[2010/07/30 19:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\IObit
[2004/01/17 20:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Kontiki
[2004/02/26 21:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Leadertech
[2007/03/11 18:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Musicmatch
[2010/06/07 09:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Printer Info Cache
[2005/08/10 23:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Registry Defender
[2007/07/19 11:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Snapfish
[2008/02/13 14:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\TrueSwitch
[2007/04/03 20:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Viewpoint
[2010/07/27 21:29:10 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/07/19 07:12:38 | 000,407,057 | ---- | M] () -- C:\97769.zip
[2010/08/01 07:35:11 | 000,062,621 | ---- | M] () -- C:\aaw7boot.log
[2002/09/25 19:50:21 | 000,000,096 | ---- | M] () -- C:\ace.log
[2010/07/31 09:40:03 | 000,000,211 | -HS- | M] () -- C:\BOOT.INI
[2001/11/14 18:35:22 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2001/11/15 09:31:14 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/07/09 13:52:51 | 000,000,222 | ---- | M] () -- C:\debug.txt
[2002/03/14 02:38:56 | 000,003,763 | RH-- | M] () -- C:\DELL.SDR
[2007/12/31 09:24:47 | 000,000,709 | ---- | M] () -- C:\DrvInst (1).log
[2007/12/31 09:24:40 | 000,000,285 | ---- | M] () -- C:\DrvInst (2).log
[2007/12/31 09:27:52 | 000,048,902 | ---- | M] () -- C:\DrvInst.log
[2010/08/01 07:35:14 | 535,904,256 | -HS- | M] () -- C:\hiberfil.sys
[2007/12/28 14:19:26 | 000,001,130 | ---- | M] () -- C:\Install (1).log
[2007/12/28 14:02:50 | 000,001,387 | ---- | M] () -- C:\Install (2).log
[2006/02/05 12:51:12 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/10/18 18:17:26 | 000,001,134 | -H-- | M] () -- C:\IPH.PH
[2005/01/29 20:21:10 | 000,000,075 | ---- | M] () -- C:\LuResult.txt
[2006/02/05 12:51:12 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2005/02/25 11:25:24 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/03/27 12:22:11 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2010/08/01 07:35:12 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2006/12/27 00:35:04 | 000,000,207 | ---- | M] () -- C:\RECache.idx
[2004/02/27 14:24:49 | 000,108,879 | ---- | M] () -- C:\SQL.LOG
[2010/07/31 11:45:45 | 000,054,960 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_31.07.2010_11.44.15_log.txt
[2005/11/04 10:18:05 | 000,008,392 | ---- | M] () -- C:\threatalerts.txt
[2008/07/25 08:31:54 | 000,001,271 | ---- | M] () -- C:\twacker.log
[2006/01/24 23:18:22 | 000,001,531 | ---- | M] () -- C:\VETlog.txt

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2001/11/15 09:30:48 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\DESKTOP.INI

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/10/22 01:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPD97.DLL
[2008/02/26 01:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPD9I.DLL
[2007/10/22 01:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPP97.DLL
[2008/02/26 01:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPP9I.DLL
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\filterpipelineprintproc.dll
[2006/04/10 14:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\hpzpp054.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\printfilterpipelinesvc.exe
[2000/03/21 13:29:42 | 000,016,840 | ---- | M] (BVRP Software) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\wfxprint2000.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2004/11/15 19:46:57 | 000,184,912 | ---- | M] (MacSourcery) -- C:\WINDOWS\Ff_ss_pc.scr
[2005/11/13 21:01:25 | 000,282,624 | ---- | M] ( ) -- C:\WINDOWS\New England Snow.scr
[2004/10/21 18:05:53 | 000,108,456 | ---- | M] (Goldshell Digital Media) -- C:\WINDOWS\pumpkinpatch.scr
[2002/09/17 19:43:50 | 000,131,072 | ---- | M] (Acez Software ® - www.acez.com) -- C:\WINDOWS\Skywriter Plane.scr
[2003/03/29 10:35:28 | 000,106,496 | ---- | M] (Acez Software ® - www.acez.com) -- C:\WINDOWS\Spring Wildflowers.scr
[2004/10/21 17:47:01 | 000,108,456 | ---- | M] (Goldshell Digital Media) -- C:\WINDOWS\trickortreaters.scr
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2009/03/19 06:05:45 | 000,001,698 | -H-- | M] () -- C:\Documents and Settings\monica\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2001/11/15 09:22:22 | 000,090,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2001/11/15 09:22:22 | 000,606,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2001/11/15 09:22:22 | 000,380,928 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-31 18:41:37

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\monica\My Documents\revised porch.rtf:SummaryInformation
< End of report >

OTL Extras logfile created on: 8/1/2010 9:12:42 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\monica\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 164.00 Mb Available Physical Memory | 32.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 19.67 Gb Free Space | 52.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJHCGB11
Current User Name: monica
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
  • 0

#4
phedup
Posted 01 August 2010 - 07:38 AM

phedup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Well that was fun... anywho thanks for looking and ley me know how filthy I am, and what to do about it, I ran a google redirect cleaner (kapersky) and it seems to have helped, and I downloaded and installed avast, but still have no firewall. scary. thanks in advance !
: )
  • 0

#5
Essexboy
Posted 01 August 2010 - 07:39 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I see that you have run TDSSKiller - could I see the log please

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy:80
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O33 - MountPoints2\{7cf4589e-375c-11db-af43-001217554915}\Shell\Auto\command - "" = UFO.exe
[2002/03/14 03:01:36 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\saverrc.dll

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#6
phedup
Posted 01 August 2010 - 08:03 AM

phedup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
I don't know where the log might be located what would it be called?? (I have run a few things sorry)
  • 0

#7
phedup
Posted 01 August 2010 - 08:33 AM

phedup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Ok, after the first scan and reboot this popped up on my screen
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{871F91FD-3A92-4988-A842-16AB2CFF5AF1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871F91FD-3A92-4988-A842-16AB2CFF5AF1}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7cf4589e-375c-11db-af43-001217554915}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7cf4589e-375c-11db-af43-001217554915}\ not found.
File UFO.exe not found.
C:\WINDOWS\SYSTEM32\saverrc.dll moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 32768 bytes

User: Administrator.DJHCGB11

User: All Users

User: Default User
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Guest
->Temp folder emptied: 49632 bytes
->Temporary Internet Files folder emptied: 171092 bytes
->Flash cache emptied: 348 bytes

User: Jordan
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 674558 bytes

User: monica
->Temp folder emptied: 127789315 bytes
->Temporary Internet Files folder emptied: 19326439 bytes
->Java cache emptied: 361212019 bytes
->Flash cache emptied: 3350583 bytes

User: NetworkService
->Temp folder emptied: 10450 bytes
->Temporary Internet Files folder emptied: 19311727 bytes
->Flash cache emptied: 10193 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 109681 bytes
%systemroot%\System32 .tmp files removed: 550120 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3961376 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 30419245 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 303290 bytes
RecycleBin emptied: 52880363 bytes

Total Files Cleaned = 592.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.DJHCGB11

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Jordan

User: LocalService

User: monica
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.9.1 log created on 08012010_100957

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\monica\Local Settings\Temporary Internet Files\Content.IE5\S16F4L6F\images[1]. not found!
File\Folder C:\Documents and Settings\monica\Local Settings\Temporary Internet Files\Content.IE5\FJAOAO3G\602-7766469-4423843[1]. not found!
File\Folder C:\Documents and Settings\monica\Local Settings\Temporary Internet Files\Content.IE5\BFD8CPHF\xPP-Sewing_Machines--kenmore[1]. not found!
C:\Documents and Settings\monica\Local Settings\Temporary Internet Files\Content.IE5\9H73DR16\like[1].htm moved successfully.
C:\Documents and Settings\monica\Local Settings\Temporary Internet Files\Content.IE5\9H73DR16\xd_proxy[1].htm moved successfully.
C:\Documents and Settings\monica\Local Settings\Temporary Internet Files\Content.IE5\575WU13Q\like[2].htm moved successfully.
C:\Documents and Settings\monica\Local Settings\Temporary Internet Files\Content.IE5\575WU13Q\page__gopid__1879261[2].htm moved successfully.
C:\Documents and Settings\monica\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\SQL.LOG scheduled to be moved on reboot.

Registry entries deleted on Reboot...

and this is the quick scan results..OTL logfile created on: 8/1/2010 10:23:57 AM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\monica\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 215.00 Mb Available Physical Memory | 42.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 20.18 Gb Free Space | 54.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJHCGB11
Current User Name: monica
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/01 09:11:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/14 20:51:06 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/13 21:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2006/09/11 05:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2006/01/19 11:06:18 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MusicMatch\MusicMatch Jukebox\MMDiag.exe
PRC - [2006/01/19 11:06:16 | 000,416,768 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MusicMatch\MusicMatch Jukebox\mim.exe
PRC - [2005/09/23 23:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2003/11/07 05:50:00 | 000,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\LOGI_MWX.EXE
PRC - [2001/10/25 23:13:16 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\devldr32.exe
PRC - [2001/09/04 15:31:50 | 000,655,360 | ---- | M] (Roxio) -- C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2001/08/07 19:06:54 | 000,024,633 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
PRC - [2001/04/03 12:38:30 | 000,038,912 | ---- | M] (LUCENT TECHNOLOGIES) -- C:\WINDOWS\SYSTEM32\ltmsg.exe
PRC - [2001/03/16 03:59:00 | 000,165,888 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\Mediadet.exe
PRC - [1999/08/30 03:55:00 | 000,189,952 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\CTNotify.exe


========== Modules (SafeList) ==========

MOD - [2010/08/01 09:11:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
MOD - [2003/10/06 14:16:00 | 001,126,400 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nview.dll
MOD - [2001/08/18 08:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SERWVDRV.DLL
MOD - [2001/08/18 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\UMDMXFRM.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/01 22:29:11 | 001,029,456 | ---- | M] (Lavasoft) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/08/18 09:02:54 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/18 09:02:39 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/09/06 09:42:27 | 000,833,168 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2001/08/10 13:14:14 | 000,192,512 | ---- | M] (Roxio Inc.) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\ImapiRox.exe -- (ImapiService)
SRV - [2001/08/06 15:41:48 | 000,028,672 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\Nhksrv.exe -- (Nhksrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\aox402vc.sys -- (e-snap!Video)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\aox402sc.sys -- (e-snap!Still) Alaris e-snap! USB Still Camera (WDM)
DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/08/18 09:03:08 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/18 09:03:08 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/03 09:23:02 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/04/27 21:29:01 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/06/20 15:57:46 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motmodem.sys -- (motmodem)
DRV - [2007/05/07 16:11:22 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motodrv.sys -- (MotDev)
DRV - [2007/03/29 07:24:11 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys -- (CO_Mon)
DRV - [2006/01/03 16:31:44 | 000,117,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/11/07 05:50:20 | 000,049,399 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mamotou.sys -- (mamotou)
DRV - [2005/09/13 13:32:01 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd)
DRV - [2005/08/17 23:44:44 | 000,011,473 | R--- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MaVc2K.sys -- (MaVctrl)
DRV - [2004/08/23 22:57:40 | 000,004,992 | R--- | M] ((Standard Mouse Types)) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Amfilter.sys -- (Amfilter)
DRV - [2004/08/23 22:55:48 | 000,011,264 | R--- | M] ((Standard Mouse Types)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Amusbprt.sys -- (Amusbprt)
DRV - [2004/08/04 00:31:18 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\an983.sys -- (AN983)
DRV - [2003/11/07 05:50:00 | 000,070,798 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/11/07 05:50:00 | 000,051,486 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042PR2.SYS -- (L8042PR2)
DRV - [2003/11/07 05:50:00 | 000,037,884 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidUsb.sys -- (LHidUsb)
DRV - [2003/11/07 05:50:00 | 000,025,502 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2003/10/06 14:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv4)
DRV - [2003/10/06 14:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2003/01/24 12:13:06 | 000,024,197 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\FTD2XX.sys -- (FTD2XX)
DRV - [2002/05/07 14:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\V4CB013D.SYS -- (FINEPIX_PCC)
DRV - [2002/04/11 18:21:38 | 000,013,335 | R--- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbcm.sys -- (usbcm)
DRV - [2002/04/11 14:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipfilter.sys -- (IPFilter)
DRV - [2002/01/23 13:59:54 | 000,661,770 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ltmdmxp.sys -- (ltmodem5)
DRV - [2001/10/25 23:13:12 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/10/25 23:13:02 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/10/25 23:12:54 | 000,282,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/09/10 10:43:46 | 000,205,824 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/09/04 16:37:08 | 000,233,344 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2001/09/04 15:39:50 | 000,017,990 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2001/09/04 15:39:40 | 000,019,702 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2001/09/04 15:39:28 | 000,078,454 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2K)
DRV - [2001/08/30 16:48:40 | 000,022,713 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2001/08/30 16:47:50 | 000,055,216 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 15:52:24 | 000,038,144 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\hpt3xx.sys -- (hpt3xx)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/08/17 13:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctljystk.sys -- (ctljystk)
DRV - [2001/06/20 19:32:54 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2000/10/03 17:18:24 | 000,006,942 | ---- | M] (Netropa Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Msikbd2k.sys -- (Msikbd2k)
DRV - [2000/03/29 18:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)
DRV - [1999/12/17 03:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PfModNT.sys -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.geekstogo.com/forum/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/08/01 10:10:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQINIT.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE File not found
O4 - HKLM..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CTNotify.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus CX5400 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [LTWinModem1] C:\WINDOWS\System32\ltmsg.exe (LUCENT TECHNOLOGIES)
O4 - HKLM..\Run: [LyraHDProfiler] C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe File not found
O4 - HKLM..\Run: [MimBoot] C:\Program Files\MusicMatch\MusicMatch Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Openwares LiveUpdate] C:\Program Files\LIVEUPDATE\LiveUpdate.exe (Openwares)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe File not found
O4 - HKCU..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe (Sierra Imaging)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\PrintMaster 16\pmremind.exe (Broderbund Properties LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.symantec....trl/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} https://install.char...in/ssctlsma.dll (SmartAccess Ctl Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...a/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupd...b?1098019000060 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1139152115093 (MUWebControl Class)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://webcam.atomic...activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://www.pandasoft.../as5/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://hgtv2.view22....p/view22rte.cab (View22RTE Class)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} http://www.csde.stat...tivexviewer.cab (Crystal Report Viewer Control)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} http://fpdownload.ma...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...768/mcfscan.cab (McFreeScan Class)
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} http://www.trueswitc...eInstallSBC.exe (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Soap Bubbles.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Soap Bubbles.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/01 10:09:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/01 09:11:19 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
[2010/08/01 07:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\monica\Desktop\gmer
[2010/08/01 07:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\monica\Local Settings\Application Data\PCHealth
[2010/07/31 13:19:20 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/07/31 13:19:19 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/07/31 13:19:17 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/07/31 13:19:15 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/07/31 13:19:12 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/07/31 13:19:12 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/07/31 13:19:11 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/07/31 13:18:58 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/07/31 13:18:57 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/07/31 13:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/07/31 11:20:30 | 000,000,000 | ---D | C] -- C:\Program Files\HJT
[2010/07/31 11:19:06 | 000,000,000 | ---D | C] -- C:\New Folder
[2010/07/31 10:34:43 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\monica\My Documents\RootRepeal.exe
[2010/07/31 09:49:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/07/30 21:17:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\monica\Desktop\New Folder (3)
[2010/07/30 19:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/07/30 19:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\monica\Application Data\IObit
[2010/07/29 21:53:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/29 21:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/29 16:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\monica\Desktop\highlanders
[2002/03/14 02:59:57 | 000,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 90 Days ==========

[2010/08/01 10:19:32 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-214099845-2014835873-67682326-1006.job
[2010/08/01 10:19:28 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-214099845-2014835873-67682326-1006.job
[2010/08/01 10:19:16 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/01 10:19:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/01 10:18:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/08/01 10:18:50 | 535,904,256 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/01 10:18:02 | 013,893,632 | ---- | M] () -- C:\Documents and Settings\monica\ntuser.dat
[2010/08/01 10:18:02 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\monica\NTUSER.INI
[2010/08/01 10:10:02 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2010/08/01 09:11:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
[2010/08/01 07:44:59 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\gmer.zip
[2010/08/01 07:35:15 | 000,366,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/31 14:41:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/31 13:19:21 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/07/31 13:19:13 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/31 13:18:05 | 054,835,272 | ---- | M] () -- C:\Documents and Settings\monica\My Documents\setup_av_free.exe
[2010/07/31 11:43:58 | 001,108,900 | ---- | M] () -- C:\Documents and Settings\monica\My Documents\tdsskiller.zip
[2010/07/31 10:34:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\settings.dat
[2010/07/31 10:34:50 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\monica\My Documents\RootRepeal.exe
[2010/07/31 10:05:19 | 000,532,502 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/31 10:05:19 | 000,448,718 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/07/31 10:05:19 | 000,074,736 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/07/31 09:53:04 | 000,000,586 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\NEW DELL LAPTOP HOME CHARGER AND USB CABLE - eBay (item 310236853567 end time Aug-02-10 201335 PDT).url
[2010/07/31 09:40:03 | 000,000,761 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/07/31 09:40:03 | 000,000,279 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/07/31 09:40:03 | 000,000,211 | -HS- | M] () -- C:\BOOT.INI
[2010/07/31 09:23:08 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\monica\My Documents\Default.rdp
[2010/07/31 08:11:29 | 000,091,072 | ---- | M] () -- C:\Documents and Settings\monica\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/30 22:20:59 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\monica\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/30 19:39:24 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\monica\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/07/30 19:30:02 | 000,529,956 | ---- | M] () -- C:\Documents and Settings\monica\My Documents\cclean backup.reg
[2010/07/30 19:29:08 | 000,018,362 | ---- | M] () -- C:\Documents and Settings\monica\My Documents\registry backup ccleaner 7-30.reg
[2010/07/30 07:46:24 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/30 06:44:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/29 17:15:04 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/07/29 09:53:06 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\monica\My Documents\My Sharing Folders.lnk
[2010/07/28 09:07:26 | 001,956,100 | -H-- | M] () -- C:\Documents and Settings\monica\Local Settings\Application Data\IconCache.db
[2010/07/27 21:29:10 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/25 09:18:18 | 000,000,229 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\Connecticut Self Service Site JobCentral.url
[2010/07/24 09:30:38 | 000,000,220 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\CT Lottery Official Web Site.url
[2010/07/13 17:09:32 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\Microsoft Word.lnk
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 16:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/12 08:32:03 | 000,091,072 | ---- | M] () -- C:\Documents and Settings\monica\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/22 18:38:47 | 000,000,111 | ---- | M] () -- C:\WINDOWS\password.klc
[2010/05/20 06:28:18 | 000,003,661 | ---- | M] () -- C:\Documents and Settings\monica\My Documents\pw.rtf
[2010/05/10 01:44:01 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/08 21:11:43 | 000,263,577 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\IMG_NEW.jpg
[2010/05/03 16:07:03 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\monica\My Documents\Justin Ritchie.doc

========== Files Created - No Company Name ==========

[2010/08/01 07:44:49 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\gmer.zip
[2010/07/31 13:19:21 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/07/31 13:13:38 | 054,835,272 | ---- | C] () -- C:\Documents and Settings\monica\My Documents\setup_av_free.exe
[2010/07/31 12:27:41 | 535,904,256 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/31 11:43:54 | 001,108,900 | ---- | C] () -- C:\Documents and Settings\monica\My Documents\tdsskiller.zip
[2010/07/31 10:34:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\settings.dat
[2010/07/31 09:40:01 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2010/07/31 09:40:01 | 000,001,738 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
[2010/07/31 09:40:01 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/07/31 09:40:01 | 000,000,916 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Camio Viewer 2000.lnk
[2010/07/31 09:40:01 | 000,000,875 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
[2010/07/31 09:23:08 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\monica\My Documents\Default.rdp
[2010/07/30 20:03:19 | 000,027,132 | ---- | C] () -- C:\Documents and Settings\monica\commonpriv.log
[2010/07/30 20:03:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\monica\commonpriv.log.lock
[2010/07/30 19:39:24 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\monica\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/07/30 19:29:39 | 000,529,956 | ---- | C] () -- C:\Documents and Settings\monica\My Documents\cclean backup.reg
[2010/07/30 19:27:21 | 000,018,362 | ---- | C] () -- C:\Documents and Settings\monica\My Documents\registry backup ccleaner 7-30.reg
[2010/07/29 22:31:20 | 000,000,586 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\NEW DELL LAPTOP HOME CHARGER AND USB CABLE - eBay (item 310236853567 end time Aug-02-10 201335 PDT).url
[2010/05/10 01:44:01 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/08 21:11:43 | 000,263,577 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\IMG_NEW.jpg
[2010/05/03 16:07:02 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\monica\My Documents\Justin Ritchie.doc
[2010/02/22 12:11:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini
[2009/07/06 22:14:22 | 000,000,041 | ---- | C] () -- C:\WINDOWS\msiosd.ini
[2009/07/06 22:14:22 | 000,000,030 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2009/02/02 13:03:22 | 000,000,057 | ---- | C] () -- C:\WINDOWS\TaxACT08.ini
[2008/02/15 09:55:33 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/02/01 19:42:54 | 000,000,074 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini
[2007/12/28 14:11:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2007/12/28 14:11:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AlbumExe.INI
[2007/12/28 14:05:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2007/12/18 22:57:32 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/03/29 07:24:10 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2007/03/27 11:45:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2007/03/15 22:30:51 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/03/15 21:41:43 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/01/29 18:00:49 | 000,000,115 | ---- | C] () -- C:\WINDOWS\TaxACT06.ini
[2006/02/01 13:32:19 | 000,000,109 | ---- | C] () -- C:\WINDOWS\TaxACT05.ini
[2006/01/12 17:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 17:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/08/16 09:43:36 | 000,000,032 | ---- | C] () -- C:\WINDOWS\INSTAL~5.INI
[2005/04/23 13:46:29 | 000,000,120 | ---- | C] () -- C:\WINDOWS\WINRESAZ.INI
[2005/04/23 13:44:05 | 000,000,059 | R--- | C] () -- C:\WINDOWS\System32\FTD2XXUN.ini
[2005/02/07 10:21:04 | 000,000,128 | ---- | C] () -- C:\WINDOWS\TaxACT04.ini
[2004/10/17 12:56:54 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2004/10/17 12:45:13 | 000,000,040 | ---- | C] () -- C:\WINDOWS\TSC.INI
[2004/10/17 12:42:06 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/04/15 07:17:26 | 000,000,103 | ---- | C] () -- C:\WINDOWS\acezflowers.ini
[2004/02/29 14:29:18 | 000,000,098 | ---- | C] () -- C:\WINDOWS\TaxACT03.ini
[2004/02/27 13:25:52 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2004/02/27 12:17:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/02/26 21:32:48 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2004/02/26 21:22:17 | 000,000,111 | ---- | C] () -- C:\WINDOWS\EPSON Stylus CX5400.ini
[2003/12/17 14:06:56 | 000,000,030 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2003/11/04 12:59:30 | 000,000,198 | ---- | C] () -- C:\WINDOWS\ConnMgr.ini
[2003/11/03 09:51:21 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003/11/02 23:05:56 | 000,000,085 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2003/10/06 14:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/10/02 14:14:31 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2003/10/02 13:55:16 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2003/10/02 13:53:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\gscr.dll
[2003/09/11 17:15:50 | 000,000,122 | ---- | C] () -- C:\WINDOWS\CTRec.INI
[2003/09/06 10:05:20 | 000,000,420 | ---- | C] () -- C:\WINDOWS\PCPHOTO.INI
[2003/09/06 09:53:00 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2003/09/06 09:52:59 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2003/04/30 22:07:18 | 000,000,206 | ---- | C] () -- C:\WINDOWS\skywriter.ini
[2003/02/01 14:58:10 | 000,000,085 | ---- | C] () -- C:\WINDOWS\TaxACT02.ini
[2002/11/14 15:20:44 | 000,000,054 | ---- | C] () -- C:\WINDOWS\CDS6300.ini
[2002/09/15 20:56:20 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2002/07/02 15:22:21 | 000,000,394 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2002/05/04 17:46:20 | 000,000,031 | ---- | C] () -- C:\WINDOWS\KA.INI
[2002/04/12 09:49:05 | 000,001,325 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2002/04/11 14:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2002/04/07 11:35:59 | 000,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2002/04/04 15:46:20 | 000,011,509 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2002/04/03 09:36:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2002/03/14 03:05:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/03/14 02:59:36 | 000,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini
[2002/03/14 02:59:21 | 000,000,184 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2002/03/14 02:58:21 | 000,000,099 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2002/03/14 02:58:04 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2002/03/14 02:58:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2002/03/14 02:57:52 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2002/03/14 02:55:01 | 000,000,891 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/03/14 02:22:42 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2001/11/15 10:19:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2001/08/10 13:14:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ImapiRoxPS.dll
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1997/06/18 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/06/18 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2010/07/31 13:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/11/20 22:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/11/20 22:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9(2)
[2006/02/27 13:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2006/02/27 09:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software(2)
[2006/02/27 09:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software(3)
[2008/06/20 13:39:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2004/10/17 13:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IEService
[2005/09/27 11:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NetVeda
[2006/02/25 23:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2002/03/14 03:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra Imaging
[2005/11/13 21:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softdisk LLC
[2009/03/23 09:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/17 21:26:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2005/10/19 14:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Aim
[2009/11/20 22:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\AVGTOOLBAR
[2010/05/08 21:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Canon
[2005/05/01 02:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\EPSON
[2003/11/15 00:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\FUJIFILM
[2006/04/26 18:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\ICAClient
[2010/06/07 09:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Image Zone Express
[2002/04/05 17:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\InterTrust
[2010/07/30 19:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\IObit
[2004/01/17 20:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Kontiki
[2004/02/26 21:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Leadertech
[2007/03/11 18:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Musicmatch
[2010/06/07 09:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Printer Info Cache
[2005/08/10 23:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Registry Defender
[2007/07/19 11:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Snapfish
[2008/02/13 14:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\TrueSwitch
[2007/04/03 20:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Viewpoint
[2010/07/27 21:29:10 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\monica\My Documents\revised porch.rtf:SummaryInformation
< End of report >
  • 0

#8
phedup
Posted 01 August 2010 - 09:24 AM

phedup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Heres the combofix log:
ComboFix 10-07-31.04 - monica 08/01/2010 10:45:29.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.244 [GMT -4:00]
Running from: c:\documents and settings\monica\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\patch.exe
c:\windows\system32\99930137-2624.exe
c:\windows\system32\99930137-2796.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ZESOFT


((((((((((((((((((((((((( Files Created from 2010-07-01 to 2010-08-01 )))))))))))))))))))))))))))))))
.

2010-08-01 14:09 . 2010-08-01 14:09 -------- d-----w- C:\_OTL
2010-08-01 11:41 . 2010-08-01 11:41 -------- d-----w- c:\documents and settings\monica\Local Settings\Application Data\PCHealth
2010-07-31 17:19 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-07-31 17:19 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-07-31 17:19 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-07-31 17:19 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-07-31 17:19 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-07-31 17:19 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-07-31 17:19 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-07-31 17:18 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-31 17:18 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-07-31 17:18 . 2010-07-31 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-07-31 16:43 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-31 15:20 . 2010-07-31 15:20 -------- d-----w- c:\program files\HJT
2010-07-31 15:19 . 2010-07-31 15:19 -------- d-----w- C:\New Folder
2010-07-31 13:49 . 2010-07-31 13:49 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-07-30 23:39 . 2010-07-30 23:39 -------- d-----w- c:\program files\IObit
2010-07-30 23:39 . 2010-07-30 23:39 -------- d-----w- c:\documents and settings\monica\Application Data\IObit
2010-07-30 01:53 . 2010-07-30 01:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 17:18 . 2007-02-13 15:12 -------- d-----w- c:\program files\Alwil Software
2010-07-31 15:46 . 2001-08-17 19:58 68224 ----a-w- c:\windows\system32\drivers\pci.sys
2010-07-31 14:25 . 2009-03-18 12:52 -------- d-----w- c:\program files\Windows Live Safety Center
2010-07-31 12:11 . 2002-05-14 18:04 91072 -c--a-w- c:\documents and settings\monica\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-30 22:43 . 2009-03-20 13:59 -------- d-----w- c:\program files\AVG
2010-07-30 22:43 . 2009-11-21 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-07-30 22:33 . 2009-08-14 02:27 -------- d-----w- c:\program files\DivX
2010-07-30 11:46 . 2009-02-25 11:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-29 14:09 . 2006-09-10 23:43 -------- d-----w- c:\program files\Axis Communications
2010-07-29 14:06 . 2010-07-30 01:55 203508 ----a-w- c:\windows\PCHEALTH\HELPCTR\Config\Cache\Personal_32_1033.dat
2010-07-29 13:44 . 2007-03-16 01:43 -------- d-----w- c:\program files\HP
2010-07-29 13:43 . 2008-02-04 15:52 -------- d-----w- c:\program files\Hewlett-Packard
2010-07-29 13:33 . 2003-10-23 11:52 -------- d-----w- c:\program files\Canon
2010-07-29 13:29 . 2004-01-18 02:12 -------- d-----w- c:\program files\Arcade! Classic Arcade Pack
2010-07-29 13:28 . 2002-03-14 06:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-24 13:00 . 2008-11-11 14:37 -------- d-----w- c:\program files\MSECache
2010-06-14 14:31 . 2002-09-23 22:02 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-06-07 13:44 . 2007-04-09 14:13 -------- d-----w- c:\documents and settings\monica\Application Data\Image Zone Express
2010-06-07 13:27 . 2007-11-19 20:02 -------- d-----w- c:\documents and settings\monica\Application Data\Printer Info Cache
2010-05-04 17:20 . 2004-01-08 19:23 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2001-08-18 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2004-04-03 16:55 . 2004-04-03 16:55 32 -csha-w- c:\windows\{33B24425-72FF-4B06-A6AB-93BB4AFA6B25}.dat
2004-04-03 16:02 . 2004-04-03 16:02 32 -csha-w- c:\windows\{9DB2F4E0-9742-428F-AE76-2C6F19415860}.dat
2004-04-03 16:02 . 2004-04-03 16:02 32 --sha-w- c:\windows\SYSTEM32\{18F95C32-F522-45E4-A145-5F11EE8C345B}.dat
2004-04-03 16:55 . 2004-04-03 16:55 32 --sha-w- c:\windows\SYSTEM32\{9CFE8B7E-E685-4677-800E-EA4A246F46FD}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 15:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX5400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" [2003-05-26 99840]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTWinModem1"="ltmsg.exe 9" [X]
"Disc Detector"="c:\program files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 189952]
"UpdReg"="c:\windows\Updreg.exe" [2000-05-11 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-15 202256]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-03 155648]
"Openwares LiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11776]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-10-18 278528]
"EPSON Stylus CX5400 (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" [2003-05-26 99840]
"EPSON Stylus CX5400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" [2003-05-26 99840]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"AHQInit"="c:\program files\Creative\SBLive\Program\AHQInit.exe" [2001-03-28 102400]
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-04 655360]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-02 524632]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Camio Viewer 2000.lnk - c:\program files\Sierra Imaging\Image Expert 2000\IXApplet.exe [2002-3-14 49152]
Event Reminder.lnk - c:\program files\PrintMaster 16\pmremind.exe [2004-1-20 339968]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-7 24633]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-18 13:03 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [3/17/2009 9:28 PM 64160]
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [7/31/2010 1:19 PM 165456]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [3/21/2009 9:50 AM 108552]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [7/31/2010 1:19 PM 17744]
R3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\SYSTEM32\DRIVERS\FTD2XX.sys [4/23/2005 1:44 PM 24197]
R3 Msikbd2k;DellTouch;c:\windows\SYSTEM32\DRIVERS\Msikbd2k.sys [10/3/2000 5:18 PM 6942]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [3/21/2009 9:50 AM 335240]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/29/2009 8:16 AM 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/21/2009 9:50 AM 297752]
S3 e-snap!Still;Alaris e-snap! USB Still Camera (WDM);c:\windows\system32\DRIVERS\aox402sc.sys --> c:\windows\system32\DRIVERS\aox402sc.sys [?]
S3 e-snap!Video;Alaris e-snap! USB Video Camera;c:\windows\system32\DRIVERS\aox402vc.sys --> c:\windows\system32\DRIVERS\aox402vc.sys [?]
S3 mamotou;mamotou;c:\windows\SYSTEM32\DRIVERS\mamotou.sys [12/17/2007 6:43 PM 49399]
S3 MotDev;Motorola Inc. USB Device;c:\windows\SYSTEM32\DRIVERS\motodrv.sys [12/28/2007 12:50 PM 42112]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/7/2010 10:23 PM 135664]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
S4 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [8/6/2001 3:41 PM 28672]
.
Contents of the 'Scheduled Tasks' folder

2010-07-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 02:29]

2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-08 02:23]

2010-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-08 02:23]

2010-08-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-214099845-2014835873-67682326-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-08-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-214099845-2014835873-67682326-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.geekstogo.com/forum/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe
HKCU-Run-Advanced SystemCare 3 - c:\program files\IObit\Advanced SystemCare 3\AWC.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
HKLM-Run-LyraHDProfiler - c:\program files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
HKLM-Run-DellTouch - c:\windows\DELLMMKB.EXE
SafeBoot-klmdb.sys
AddRemove-Charter - c:\program files\Support.com\bin\tgfix.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-01 10:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = c:\program files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????Disc Detector?B???A???????A?? ????B???@?$?@?? C?????U?@?????????@?B???A???????A?? ????B???@?????P???$?@?? ??????~?B~??????????@???????????????????B?????? ???????????????????`????????B
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus CX5400 = c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /M "Stylus CX5400" /EF "HKCU"????????1? ???P?????L????????????a?w??.??????????????????????????????????b?w????????????F???8???????????h??w????????????z??w????????????)??|???????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-214099845-2014835873-67682326-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1672)
c:\windows\system32\WININET.dll
c:\windows\system32\nView.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\System32\CTsvcCDA.EXE
c:\program files\Creative\ShareDLL\MediaDet.Exe
c:\windows\system32\rundll32.exe
c:\windows\system32\ltmsg.exe
c:\windows\Logi_MwX.Exe
c:\program files\MusicMatch\MusicMatch Jukebox\mim.exe
c:\program files\MusicMatch\MusicMatch Jukebox\MMDiag.exe
c:\windows\system32\devldr32.exe
.
**************************************************************************
.
Completion time: 2010-08-01 11:07:17 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-01 15:07

Pre-Run: 21,560,889,344 bytes free
Post-Run: 21,401,272,320 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 5C2572092FEC3148CF1D11BACD34AD13
  • 0

#9
Essexboy
Posted 01 August 2010 - 09:57 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

C:\TDSSKiller.2.4.0.0_31.07.2010_11.44.15_log.txt

TDSSKiller log :)

What are you current problems ?
  • 0

#10
phedup
Posted 01 August 2010 - 10:12 AM

phedup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Heres the log, 2010/07/31 11:44:15.0968 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49
2010/07/31 11:44:15.0968 ================================================================================
2010/07/31 11:44:15.0968 SystemInfo:
2010/07/31 11:44:15.0968
2010/07/31 11:44:15.0968 OS Version: 5.1.2600 ServicePack: 3.0
2010/07/31 11:44:15.0968 Product type: Workstation
2010/07/31 11:44:15.0968 ComputerName: DJHCGB11
2010/07/31 11:44:15.0968 UserName: monica
2010/07/31 11:44:15.0968 Windows directory: C:\WINDOWS
2010/07/31 11:44:15.0968 System windows directory: C:\WINDOWS
2010/07/31 11:44:15.0968 Processor architecture: Intel x86
2010/07/31 11:44:15.0968 Number of processors: 1
2010/07/31 11:44:15.0968 Page size: 0x1000
2010/07/31 11:44:15.0968 Boot type: Normal boot
2010/07/31 11:44:15.0968 ================================================================================
2010/07/31 11:44:16.0468 Initialize success
2010/07/31 11:44:44.0015 ================================================================================
2010/07/31 11:44:44.0015 Scan started
2010/07/31 11:44:44.0015 Mode: Manual;
2010/07/31 11:44:44.0015 ================================================================================
2010/07/31 11:44:45.0687 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2010/07/31 11:44:45.0828 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/07/31 11:44:46.0000 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/07/31 11:44:46.0187 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2010/07/31 11:44:46.0343 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/07/31 11:44:46.0531 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/07/31 11:44:46.0703 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/07/31 11:44:46.0859 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2010/07/31 11:44:47.0015 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2010/07/31 11:44:47.0187 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2010/07/31 11:44:47.0406 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2010/07/31 11:44:47.0546 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2010/07/31 11:44:47.0687 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2010/07/31 11:44:47.0843 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2010/07/31 11:44:48.0000 Amfilter (f91acae65b4d0c5e4531a46156108781) C:\WINDOWS\system32\DRIVERS\Amfilter.sys
2010/07/31 11:44:48.0125 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2010/07/31 11:44:48.0296 Amusbprt (99ed8a8e9f216fbc8b60fb47738b6cf3) C:\WINDOWS\system32\DRIVERS\Amusbprt.sys
2010/07/31 11:44:48.0468 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys
2010/07/31 11:44:48.0640 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2010/07/31 11:44:48.0796 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2010/07/31 11:44:48.0937 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2010/07/31 11:44:49.0078 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/07/31 11:44:49.0281 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/07/31 11:44:49.0593 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/07/31 11:44:49.0781 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/07/31 11:44:50.0046 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/07/31 11:44:50.0250 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/07/31 11:44:50.0406 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/07/31 11:44:50.0546 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/07/31 11:44:50.0687 bvrp_pci (c043ca48f1f5c00ff8272180fbbd15e9) C:\WINDOWS\system32\drivers\bvrp_pci.sys
2010/07/31 11:44:50.0812 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2010/07/31 11:44:50.0968 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/07/31 11:44:51.0140 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/07/31 11:44:51.0281 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2010/07/31 11:44:51.0406 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/07/31 11:44:51.0562 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/07/31 11:44:51.0703 Cdr4_xp (4ac2e023b8bbee458816d30db0bf149a) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/07/31 11:44:51.0828 Cdralw2k (7e56d7ab50e08b393b640c0be898c752) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/07/31 11:44:51.0968 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/07/31 11:44:52.0156 cdudf_xp (5b20a47b0413240cdb93106bd58602a1) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2010/07/31 11:44:52.0468 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2010/07/31 11:44:52.0625 CO_Mon (6be1d6403727bdd8a2b2568dbe6bfb8b) C:\WINDOWS\system32\Drivers\CO_Mon.sys
2010/07/31 11:44:52.0781 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2010/07/31 11:44:52.0921 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
2010/07/31 11:44:53.0015 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2010/07/31 11:44:53.0171 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2010/07/31 11:44:53.0359 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/07/31 11:44:53.0578 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/07/31 11:44:53.0781 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/07/31 11:44:53.0875 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/07/31 11:44:54.0031 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/07/31 11:44:54.0203 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2010/07/31 11:44:54.0343 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/07/31 11:44:54.0468 dvd_2K (3677e155d87dda2bc53142d7d234d12a) C:\WINDOWS\system32\drivers\dvd_2K.sys
2010/07/31 11:44:54.0828 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2010/07/31 11:44:55.0031 emu10k (93f496c9bff5d925c9aa016386839ee2) C:\WINDOWS\system32\drivers\emu10k1m.sys
2010/07/31 11:44:55.0250 emu10k1 (5cb715c7735ac68c16da9b62d56e4c11) C:\WINDOWS\system32\drivers\ctlfacem.sys
2010/07/31 11:44:55.0375 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/07/31 11:44:55.0546 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/07/31 11:44:55.0687 FINEPIX_PCC (c05d16c1ef3f5519764fefdf281ca4d2) C:\WINDOWS\system32\Drivers\V4CB013D.SYS
2010/07/31 11:44:55.0843 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/07/31 11:44:55.0984 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/07/31 11:44:56.0109 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/07/31 11:44:56.0281 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/07/31 11:44:56.0468 FTD2XX (b907d2b20db2f6392995f5379e2a9666) C:\WINDOWS\system32\Drivers\FTD2XX.sys
2010/07/31 11:44:56.0625 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/07/31 11:44:56.0750 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/07/31 11:44:56.0859 GEARAspiWDM (32a73a8952580b284a47290adb62032a) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/07/31 11:44:57.0031 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/07/31 11:44:57.0203 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/07/31 11:44:57.0343 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2010/07/31 11:44:57.0500 hpt3xx (b077b7f8e79779ea967e84a4fc040227) C:\WINDOWS\System32\DRIVERS\hpt3xx.sys
2010/07/31 11:44:57.0656 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/07/31 11:44:57.0812 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/07/31 11:44:57.0968 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/07/31 11:44:58.0125 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/07/31 11:44:58.0281 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/07/31 11:44:58.0375 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2010/07/31 11:44:58.0531 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/07/31 11:44:58.0671 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/07/31 11:44:58.0781 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2010/07/31 11:44:58.0906 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/07/31 11:44:59.0000 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/07/31 11:44:59.0156 IPFilter (9ea02e03ed52d25551a6e46cf3b94b01) C:\WINDOWS\system32\DRIVERS\IPFilter.sys
2010/07/31 11:44:59.0281 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/07/31 11:44:59.0437 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/07/31 11:44:59.0578 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/07/31 11:44:59.0781 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/07/31 11:44:59.0953 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/07/31 11:45:00.0140 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/07/31 11:45:00.0296 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/07/31 11:45:00.0406 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys
2010/07/31 11:45:00.0609 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/07/31 11:45:00.0765 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/07/31 11:45:00.0890 L8042PR2 (4103dbb6caa85e40d271c1ad12bbf776) C:\WINDOWS\system32\Drivers\l8042pr2.sys
2010/07/31 11:45:01.0046 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/07/31 11:45:01.0312 LHidFlt2 (b97d05e656818572b6b04ba682d3aa8f) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
2010/07/31 11:45:01.0468 LHidUsb (826aacb98a2ca5c51e982c748a60d645) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
2010/07/31 11:45:01.0609 LMouFlt2 (b666f835c18974f392a387c6e863072f) C:\WINDOWS\system32\Drivers\LMouFlt2.sys
2010/07/31 11:45:01.0781 ltmodem5 (e9ebe8ccd1e5b3ca2ddf1765147caca0) C:\WINDOWS\system32\DRIVERS\ltmdmxp.sys
2010/07/31 11:45:01.0968 mamotou (406ea3b1bd43a2c14eeee06c49df0d5d) C:\WINDOWS\system32\DRIVERS\mamotou.sys
2010/07/31 11:45:02.0109 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
2010/07/31 11:45:02.0265 MaVctrl (1b467fb39d6ee0e7f1970eee5fc07121) C:\WINDOWS\system32\DRIVERS\MaVc2K.sys
2010/07/31 11:45:02.0390 mmc_2K (a54fd7e564c996cfcee6ee7491f3c318) C:\WINDOWS\system32\drivers\mmc_2K.sys
2010/07/31 11:45:02.0546 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/07/31 11:45:02.0671 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/07/31 11:45:02.0812 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/07/31 11:45:02.0953 MotDev (20ff89c59b0a50f53822303064988e00) C:\WINDOWS\system32\DRIVERS\motodrv.sys
2010/07/31 11:45:03.0109 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2010/07/31 11:45:03.0234 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/07/31 11:45:03.0359 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/07/31 11:45:03.0453 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/07/31 11:45:03.0593 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2010/07/31 11:45:03.0750 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/07/31 11:45:03.0906 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/07/31 11:45:04.0046 Msikbd2k (877ffd0fb093b80f5ed6ba64d7921881) C:\WINDOWS\system32\DRIVERS\msikbd2k.sys
2010/07/31 11:45:04.0156 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/07/31 11:45:04.0312 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/07/31 11:45:04.0484 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/07/31 11:45:04.0609 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/07/31 11:45:04.0750 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/07/31 11:45:04.0937 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/07/31 11:45:05.0125 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/07/31 11:45:05.0312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/07/31 11:45:05.0531 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/07/31 11:45:05.0671 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/07/31 11:45:05.0750 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/07/31 11:45:05.0859 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/07/31 11:45:06.0000 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/07/31 11:45:06.0171 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/07/31 11:45:06.0406 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/07/31 11:45:06.0609 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/07/31 11:45:06.0812 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/07/31 11:45:07.0046 nv (71dbdc08df86b80511e72953fa1ad6b0) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/07/31 11:45:07.0234 nv4 (71dbdc08df86b80511e72953fa1ad6b0) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/07/31 11:45:07.0437 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/07/31 11:45:07.0578 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/07/31 11:45:07.0703 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/07/31 11:45:07.0843 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/07/31 11:45:08.0015 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/07/31 11:45:08.0109 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/07/31 11:45:08.0218 PCI (dbd867b3e1f4ec9b4221c074b4e17f7b) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/07/31 11:45:08.0218 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pci.sys. Real md5: dbd867b3e1f4ec9b4221c074b4e17f7b, Fake md5: a219903ccf74233761d92bef471a07b1
2010/07/31 11:45:08.0218 PCI - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/07/31 11:45:08.0484 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys
2010/07/31 11:45:08.0656 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/07/31 11:45:09.0250 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2010/07/31 11:45:09.0375 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2010/07/31 11:45:09.0484 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys
2010/07/31 11:45:09.0640 Point32 (08b11f5c60edca255b18cedef8efba2a) C:\WINDOWS\system32\DRIVERS\point32.sys
2010/07/31 11:45:09.0812 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/07/31 11:45:09.0937 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/07/31 11:45:10.0046 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/07/31 11:45:10.0171 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/07/31 11:45:10.0312 pwd_2K (dd37e1d9f08eec0cb0fc84e010f33c3b) C:\WINDOWS\system32\drivers\pwd_2K.sys
2010/07/31 11:45:10.0437 PxHelp20 (db3b30c3a4cdcf07e164c14584d9d0f2) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/07/31 11:45:10.0546 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2010/07/31 11:45:10.0687 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2010/07/31 11:45:10.0843 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2010/07/31 11:45:10.0984 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2010/07/31 11:45:11.0140 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2010/07/31 11:45:11.0281 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/07/31 11:45:11.0406 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/07/31 11:45:11.0531 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/07/31 11:45:11.0640 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/07/31 11:45:11.0750 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/07/31 11:45:11.0890 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/07/31 11:45:12.0046 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/07/31 11:45:12.0250 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/07/31 11:45:12.0390 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/07/31 11:45:12.0546 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/07/31 11:45:12.0687 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/07/31 11:45:12.0859 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/07/31 11:45:12.0953 sfman (d1b79318fcfb6adbe01bb458f8bd5750) C:\WINDOWS\system32\drivers\sfmanm.sys
2010/07/31 11:45:13.0296 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2010/07/31 11:45:13.0406 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/07/31 11:45:13.0562 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/07/31 11:45:13.0718 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2010/07/31 11:45:13.0843 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/07/31 11:45:13.0937 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/07/31 11:45:14.0062 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/07/31 11:45:14.0281 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/07/31 11:45:14.0390 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/07/31 11:45:14.0515 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/07/31 11:45:14.0640 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2010/07/31 11:45:14.0812 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2010/07/31 11:45:14.0921 SymEvent (84ddd3d1aee15466b38195c4d22a8194) C:\Program Files\Symantec\SYMEVENT.SYS
2010/07/31 11:45:15.0078 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
2010/07/31 11:45:15.0250 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2010/07/31 11:45:15.0406 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2010/07/31 11:45:15.0578 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/07/31 11:45:15.0781 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/07/31 11:45:15.0984 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/07/31 11:45:16.0171 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/07/31 11:45:16.0343 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/07/31 11:45:16.0468 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2010/07/31 11:45:16.0593 UdfReadr_xp (3af8116d049e6f98a6d37913da989984) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2010/07/31 11:45:16.0781 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/07/31 11:45:16.0921 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2010/07/31 11:45:17.0109 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/07/31 11:45:17.0343 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/07/31 11:45:17.0515 usbcm (a31c1f4b2448eeeff7c0d4e4d58bd9b3) C:\WINDOWS\system32\DRIVERS\usbcm.sys
2010/07/31 11:45:17.0671 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/07/31 11:45:17.0796 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/07/31 11:45:17.0921 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/07/31 11:45:18.0031 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/07/31 11:45:18.0171 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/07/31 11:45:18.0328 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/07/31 11:45:18.0437 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2010/07/31 11:45:18.0609 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2010/07/31 11:45:18.0781 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/07/31 11:45:18.0937 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/07/31 11:45:19.0109 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/07/31 11:45:19.0468 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/07/31 11:45:19.0656 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/07/31 11:45:19.0796 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/07/31 11:45:20.0015 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/07/31 11:45:20.0234 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/07/31 11:45:20.0265 ================================================================================
2010/07/31 11:45:20.0265 Scan finished
2010/07/31 11:45:20.0265 ================================================================================
2010/07/31 11:45:20.0296 Detected object count: 1
2010/07/31 11:45:34.0875 PCI (dbd867b3e1f4ec9b4221c074b4e17f7b) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/07/31 11:45:34.0890 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pci.sys. Real md5: dbd867b3e1f4ec9b4221c074b4e17f7b, Fake md5: a219903ccf74233761d92bef471a07b1
2010/07/31 11:45:38.0968 Backup copy found, using it..
2010/07/31 11:45:39.0031 C:\WINDOWS\system32\DRIVERS\pci.sys - will be cured after reboot
2010/07/31 11:45:39.0031 Rootkit.Win32.TDSS.tdl3(PCI) - User select action: Cure
2010/07/31 11:45:45.0625 Deinitialize success
  • 0

Advertisements

#11
phedup
Posted 01 August 2010 - 10:15 AM

phedup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Whatever happened to my pc whether it was trojan, viral or "me" running a disk cleaner, I have lost my windows firewall /ics , my computer icons t show internet connections are all gone, help and support cannot be opened,seems like a mess in there.
  • 0

#12
Essexboy
Posted 01 August 2010 - 11:15 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Firewall/ICS is dependant on several services. Go into Control Panel and open Administrator Tools, then open Services. You'll see Internet Connection Sharing/Internet Connection Firewall in the list - double-click on it, go to the dependencies tab. There should be 4 services that need to be enabled for the firewall/ICS service to run. Check if any of the dependent services are disabled and if they are, set them to manual.

Post back with the results.
  • 0

#13
phedup
Posted 01 August 2010 - 06:36 PM

phedup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
There are 2 boxes the top box lists network connections and windows management instrumentation
the second box says no dependencies so theres a problem somewhere,
Like I said, I don't even have the network computer icons in the network connections list.
Am I clean of any infection now ? did I have anything??
  • 0

#14
phedup
Posted 01 August 2010 - 06:38 PM

phedup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Also. when I click start thwe service for the firewall I get an error message # 1608. And did I mention that all of my previous system restore points were gone when all of this hit the fan ??
  • 0

#15
phedup
Posted 01 August 2010 - 06:43 PM

phedup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
hey hey, Im gettin there, I just got my little puter icons back by turning it on automatic, and the firewall connection is also on now.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP