Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Killer-Virus on my computer! As soon as I get to my desktop it res

Started by Pawanhammers , Aug 13 2010 03:47 PM

  • This topic is locked This topic is locked

#1
Pawanhammers
Posted 13 August 2010 - 03:47 PM

Pawanhammers

    Member

  • Member
  • PipPipPip
  • 248 posts
Hi,

I really need your help with my problem today!! I have a virus on my machine which causes it to shutdown as soon as I get to my desktop! I've got so much viruses and I always use my computer, I really don't want to reformat as i've got ALOT of data on there! Please I need your help Geekstogo!


P.S. Killer-Virus on my computer! As soon as I get to my desktop it res. the restart word was cut off if you were wondering, too much characters.

Edited by Pawanhammers, 14 August 2010 - 07:34 AM.

  • 0

Advertisements

#2
Essexboy
Posted 14 August 2010 - 08:39 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Can you get to safe mode with no problem ? If yes go to Plan A, if no then go to Plan B

PLAN A

Hi there let me see what you have

Posted Image GMER Rootkit Scanner - Download - Homepage
[*] Download GMER
[*] Extract the contents of the zipped file to desktop.
[*] Double click GMER.exe.
Posted Image
[*] If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
[*] In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
    Posted Image
    Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan all users
  • Under the Custom Scan box paste this in


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

PLAN B

Please print these instruction out so that you know what you are doing

File details OTLPENet.exe
Bytes=126,850,486
MB=120.9
MD5=8A7C5BA1C92552ADDCC5E468D0AA069A




  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)

  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Drag and drop this attached scan.txt into the Custom scans and fixes box
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#3
Pawanhammers
Posted 14 August 2010 - 01:14 PM

Pawanhammers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 248 posts
Thanks for the reply,

Safe Mode WORKED so I used PLAN A and used GMER first, and done the options correctly like you said, once it was done, I couldn't click the save button! The resolution in safe mode is simply too big to see and click the save button.

I will leave my computer open with GMER, so I don't need to rescan.

EDIT: And I have tried changing the resolution, no luck from that.

Edited by Pawanhammers, 14 August 2010 - 01:16 PM.

  • 0

#4
Essexboy
Posted 14 August 2010 - 01:16 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could you go straight to the OTL run and post the - we wil look at GMER later
  • 0

#5
Pawanhammers
Posted 14 August 2010 - 01:56 PM

Pawanhammers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 248 posts
I'm having some difficulty with that aswell, theres a process and it is taking up 50+ CPU's, called lsass.exe. What I am finding difficult, is not only the resolution, but after 5 minutes of scanning the OTL says not responding. Shall I go to PLAN B?

EDIT: I'll just go for PLAN B, atleast I can still get the scan done without 'Not Responding' or resolution problems.

Edited by Pawanhammers, 14 August 2010 - 02:10 PM.

  • 0

#6
Essexboy
Posted 14 August 2010 - 02:15 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Aye Plan B sounds good - looks like you are badly infected
  • 0

#7
Pawanhammers
Posted 14 August 2010 - 03:19 PM

Pawanhammers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 248 posts
Indeed I am badly infected!
I've tried Reatogo, it won't detect my USB Harddrive, and my USB Harddrive is perfectly fine. I need the harddrive for transferring the LOGs and for the SCAN.txt, I don't know how a I am going to fix this.
  • 0

#8
Essexboy
Posted 14 August 2010 - 03:30 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Can you use the CDRom ? the first OTL log should enable us to get you back to normal windows. Also you could save the log to your c drive and then work from safe mode to post the logs
  • 0

#9
Pawanhammers
Posted 14 August 2010 - 03:46 PM

Pawanhammers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 248 posts

Also you could save the log to your c drive and then work from safe mode to post the logs


Nice thinking. Will do.

Edited by Pawanhammers, 14 August 2010 - 03:48 PM.

  • 0

#10
Essexboy
Posted 14 August 2010 - 03:51 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep some smarty pants be I :)
  • 0

Advertisements

#11
Pawanhammers
Posted 14 August 2010 - 05:31 PM

Pawanhammers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 248 posts
Here is the OTL log.

OTL logfile created on: 8/15/2010 2:39:09 AM - Run
OTLPE by OldTimer - Version 3.1.40.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 79.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): c:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 2.87 Gb Free Space | 11.75% Space Free | Partition Type: NTFS
Drive D: | 12.84 Gb Total Space | 5.43 Gb Free Space | 42.28% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe WUSB54GPv4.exe -- (WUSB54GPv4SVC)
SRV - File not found [On_Demand] -- C:\Program Files\WinPcap\rpcapd.exe -d -f %ProgramFiles%\WinPcap\rpcapd.ini -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/28 16:57:02 | 000,119,200 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2010/06/10 16:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/10 12:17:15 | 000,139,264 | ---- | M] (SOURCENEXT) [Auto] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2010/03/30 06:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/25 05:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 11:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 08:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 08:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/02/19 08:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/09 16:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/09/23 08:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/17 06:18:42 | 006,582,912 | ---- | M] () [On_Demand] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2008/12/31 06:34:32 | 000,020,992 | ---- | M] () [Auto] -- C:\Program Files\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
SRV - [2008/12/09 20:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/04/07 04:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Boot] -- -- (cerc6)
DRV - File not found [Kernel | System] -- C:\WINDOWS\System32\drivers\anf0100.sys -- (anf0100.sys)
DRV - [2010/08/14 20:23:39 | 000,782,336 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\dvxvxufc.sys -- (dvxvxufc)
DRV - [2010/07/08 14:07:01 | 000,024,448 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fnetthjm.sys -- (FNETTHJM)
DRV - [2010/06/28 16:39:55 | 000,099,280 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2010/06/28 16:39:38 | 000,312,912 | ---- | M] (ALWIL Software) [File_System | System] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010/06/28 16:38:56 | 000,188,168 | ---- | M] (ALWIL Software) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/10 12:17:15 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2010/04/12 04:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/03/08 22:52:45 | 000,004,096 | ---- | M] () [Kernel | Unavailable] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/02/23 06:51:14 | 000,013,192 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/02/23 06:51:14 | 000,008,456 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/02/03 10:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/01/09 16:22:02 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2009/09/01 12:51:32 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/05/22 21:09:16] [Kernel | Auto] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2008/12/31 06:34:30 | 000,060,928 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Auto] -- C:\WINDOWS\system32\drivers\dokan.sys -- (Dokan)
DRV - [2008/04/14 03:00:00 | 000,052,480 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/14 03:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 19:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/29 05:39:52 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2007/11/29 05:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/11/29 05:39:42 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2007/11/29 05:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2007/11/14 15:40:58 | 000,034,448 | ---- | M] (CACE Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/09/25 10:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/09/17 10:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/05/27 04:46:22 | 000,913,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 04:38:00 | 000,007,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 04:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/07/16 06:14:30 | 000,140,416 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2004/05/26 09:53:40 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/03/23 22:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2003/09/25 17:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2002/09/16 12:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2269050
IE - HKU\Administrator_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\Pawan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20100705
FF - prefs.js..keyword.URL: "http://blogtv.toolba...spx?srch=ku&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/11 14:02:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/11 14:02:34 | 000,000,000 | ---D | M]

[2010/05/09 09:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/05/09 09:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\MediaCoder
[2010/08/13 12:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions
[2010/05/20 12:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{7a88e876-d715-4503-a7bf-a8eba13ca3f9}(2)
[2010/08/02 16:05:27 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/06/26 14:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\[email protected]
[2010/07/17 04:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\extensions\[email protected]
[2010/08/01 16:13:25 | 000,000,881 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\searchplugins\conduit.xml
[2010/08/05 16:09:36 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82ex14ax.default\searchplugins\web-search.xml
[2010/08/13 12:48:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/16 08:47:03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/03/03 18:24:34 | 001,961,984 | ---- | M] (Total Immersion) -- C:\Program Files\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll

O1 HOSTS File: ([2010/05/13 12:53:40 | 000,001,204 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (moigh Object) - {8A43B03B-D079-4C50-8D95-95DABBB7B2AD} - C:\WINDOWS\system32\epgap.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (adShotHlpr Object) - {B882AC28-644E-40AD-B8EB-2BC21AF3F838} - C:\WINDOWS\system32\ipgap.dll ()
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\Pawan_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Bar] C:\Documents and Settings\Administrator\Local Settings\Temp\cwaxrnmeos.tmp (TODO: <Company name>)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MChk] C:\WINDOWS\system32\vpgap.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [pbvsyoin] C:\Documents and Settings\Administrator\Local Settings\Application Data\isbgvuxsh\luhjnqjshdw.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [sta] C:\WINDOWS\System32\ipgap.dll ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [tmtapcvi] C:\Documents and Settings\Administrator\Local Settings\Application Data\lfggvdkbt\lmtpgnhshdw.exe ()
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WUSB54GPv4] C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe ()
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe (Time Information Services Ltd.)
O4 - HKU\.DEFAULT..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe (Nokia)
O4 - HKU\Administrator_ON_C..\Run: [{0D0D36BD-C089-5DD3-AA1C-6AB48D3C8A22}] C:\Documents and Settings\Administrator\Application Data\Idki\qoovr.exe (Kaspersky Lab)
O4 - HKU\Administrator_ON_C..\Run: [AdobeBridge] File not found
O4 - HKU\Administrator_ON_C..\Run: [Gadwin PrintScreen Pro] C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe (Gadwin Systems, Inc)
O4 - HKU\Administrator_ON_C..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\Administrator_ON_C..\Run: [NetMeter] C:\Program Files\HooTech\NetMeter\HooNetMeter.exe (Hoo Technologies)
O4 - HKU\Administrator_ON_C..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe (Time Information Services Ltd.)
O4 - HKU\Administrator_ON_C..\Run: [pbvsyoin] C:\Documents and Settings\Administrator\Local Settings\Application Data\isbgvuxsh\luhjnqjshdw.exe ()
O4 - HKU\Administrator_ON_C..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe (Nokia)
O4 - HKU\Administrator_ON_C..\Run: [secureapp70700.exe] C:\Documents and Settings\Administrator\Application Data\69815FF4AC8F7F65A62ECD83125A4915\secureapp70700.exe (MS)
O4 - HKU\Administrator_ON_C..\Run: [Startup] C:\Documents and Settings\Administrator\Application Data\Microsoft\system32.exe (JINyrydqp)
O4 - HKU\Administrator_ON_C..\Run: [tmtapcvi] C:\Documents and Settings\Administrator\Local Settings\Application Data\lfggvdkbt\lmtpgnhshdw.exe ()
O4 - HKU\Administrator_ON_C..\Run: [Uroyoyiziyema] C:\WINDOWS\weipsroc.DLL (MaresWEB)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Antimalware Doctor.lnk = C:\Documents and Settings\Administrator\Application Data\69815FF4AC8F7F65A62ECD83125A4915\secureapp70700.exe (MS)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AccuMark Startup Manager.lnk = C:\Program Files\Common Files\Gerber Technology\acmkmgr.exe (Gerber Technology, A Gerber Scientific Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Pawan_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1 192.168.5.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/12 05:35:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{b6ce28e9-47d9-11df-8278-00121761df2f}\Shell - "" = AutoRun
O33 - MountPoints2\{b6ce28e9-47d9-11df-8278-00121761df2f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b6ce28e9-47d9-11df-8278-00121761df2f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - xvidvfw.dll File not found
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/13 17:40:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sky-Banners
[2010/08/13 17:40:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Street-Ads
[2010/08/13 14:20:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\isbgvuxsh
[2010/08/13 14:20:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\lfggvdkbt
[2010/08/13 14:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\69815FF4AC8F7F65A62ECD83125A4915
[2010/08/13 13:53:40 | 000,094,208 | ---- | C] (A1) -- C:\WINDOWS\win32.exe
[2010/08/13 13:53:26 | 000,094,208 | RHS- | C] (A1) -- C:\Documents and Settings\Administrator\Application Data\lsass.exe
[2010/08/13 10:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2010/08/12 16:28:15 | 000,000,000 | ---D | C] -- C:\SSBB
[2010/08/12 16:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/11 20:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawan\Local Settings\Application Data\Conduit
[2010/08/11 20:03:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawan\Local Settings\Application Data\DVDVideoSoftTB
[2010/08/11 20:03:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawan\Application Data\Apple Computer
[2010/08/11 20:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawan\Local Settings\Application Data\Apple Computer
[2010/08/11 14:05:45 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/08/11 14:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/11 14:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/11 14:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/11 13:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/08/11 13:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/11 10:39:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawan\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/11 10:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawan\Local Settings\Application Data\Scansoft
[2010/08/11 10:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawan\Application Data\Adobe
[2010/08/11 10:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawan\Local Settings\Application Data\Adobe
[2010/08/11 10:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawan\Local Settings\Application Data\TSVNCache
[2010/08/11 10:38:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pawan\Application Data\PC Suite
[2010/08/10 13:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2010/08/10 13:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2010/08/08 18:15:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/08/06 09:56:55 | 000,335,872 | ---- | C] (TDL) -- C:\WINDOWS\System32\HookMenu.ocx
[2010/08/06 09:56:55 | 000,229,376 | ---- | C] (xyz) -- C:\WINDOWS\System32\Tab23.ocx
[2010/08/06 09:56:55 | 000,143,360 | ---- | C] (DISA-SCOTT) -- C:\WINDOWS\System32\LVbuttons.ocx
[2010/08/06 06:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Scansoft
[2010/08/05 14:43:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SmartFTP
[2010/08/05 14:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client
[2010/08/05 14:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client 4.0 Setup Files
[2010/08/05 11:23:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nuance
[2010/08/05 11:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
[2010/08/05 11:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nuance
[2010/08/05 11:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance
[2010/08/05 11:21:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\speech
[2010/08/04 11:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\PremiumSoft
[2010/08/04 10:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\MySQL
[2010/08/03 20:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CoreFTP
[2010/08/03 20:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\CoreFTP
[2010/08/03 15:40:53 | 000,000,000 | ---D | C] -- C:\wamp
[2010/08/03 15:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Vitalwerks
[2010/08/03 15:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\No-IP
[2010/08/03 13:17:00 | 000,000,000 | ---D | C] -- C:\xampp
[2010/08/03 08:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SkinSoft
[2010/08/02 18:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\TSVNCache
[2010/08/02 18:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/02 18:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/02 18:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010/08/02 17:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TortoiseSVN
[2010/08/02 17:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2010/08/02 17:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2010/08/02 17:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2010/08/02 13:54:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\.jagex_cache_32
[2010/08/02 08:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
[2010/08/02 07:36:14 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/08/02 07:17:32 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/08/02 07:17:31 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/08/02 07:17:29 | 000,312,912 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/08/02 07:17:27 | 000,099,280 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2010/08/02 07:16:43 | 000,188,168 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2010/08/02 07:16:42 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/08/02 07:16:41 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/08/02 07:16:39 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/08/02 07:16:38 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/08/02 07:16:38 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/02 07:16:11 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2010/08/02 07:16:08 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/08/02 07:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/02 06:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My RoboForm Data
[2010/08/02 06:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2010/08/02 05:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2010/08/01 16:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010/08/01 16:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/08/01 16:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DVDVideoSoftTB
[2010/08/01 16:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/08/01 16:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2010/08/01 16:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB
[2010/08/01 12:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Lunascape
[2010/08/01 12:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\Lunascape
[2010/08/01 08:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2010/08/01 08:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/08/01 08:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CyberLink
[2010/07/29 04:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Paiduh
[2010/07/25 06:09:28 | 000,039,352 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSVirtualDiskDrv.sys
[2010/07/25 06:09:26 | 000,088,632 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSCrySec.sys
[2010/07/21 09:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\PrintScreen Files
[2010/07/21 09:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\Gadwin Systems
[2010/07/20 13:19:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/19 17:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/07/16 15:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\U-TORRENT
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/14 20:23:44 | 000,299,008 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/08/14 20:23:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/14 20:23:39 | 000,782,336 | ---- | M] () -- C:\WINDOWS\System32\drivers\dvxvxufc.sys
[2010/08/14 20:23:39 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/08/14 20:23:38 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/08/14 10:45:29 | 001,381,776 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/08/14 10:44:21 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/13 17:39:35 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2010/08/13 17:39:33 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/13 17:39:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/13 14:21:22 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/08/13 14:20:40 | 000,001,238 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2010/08/13 14:20:40 | 000,001,204 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2010/08/13 14:14:19 | 000,094,208 | ---- | M] (A1) -- C:\WINDOWS\win32.exe
[2010/08/13 13:53:17 | 000,094,208 | RHS- | M] (A1) -- C:\Documents and Settings\Administrator\Application Data\lsass.exe
[2010/08/13 13:48:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/13 11:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/08/12 21:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-WII-Administrator.job
[2010/08/12 20:32:12 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/12 20:31:19 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/12 19:49:02 | 000,711,876 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photoEDIT.jpg
[2010/08/12 16:38:44 | 000,196,034 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photo.jpg
[2010/08/11 20:05:17 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Pawan\NTUSER.DAT
[2010/08/11 20:05:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Pawan\ntuser.ini
[2010/08/11 17:30:56 | 1340,162,048 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/08/11 13:58:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/08 08:06:35 | 000,060,912 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/08 07:42:51 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2010/08/08 07:42:49 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2010/08/06 07:30:14 | 000,002,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
[2010/08/05 06:10:57 | 000,000,698 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/04 12:23:46 | 000,004,493 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/04 09:24:19 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/03 19:01:24 | 000,113,957 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\lol165757658.jpg
[2010/08/03 08:30:38 | 000,583,330 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/03 08:30:38 | 000,504,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/03 08:30:38 | 000,088,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/02 14:12:04 | 000,088,969 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MlgRLzY1ykldnvp060OGxG2ko1_500.jpg
[2010/08/02 13:56:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex__preferences3.dat
[2010/08/02 11:04:44 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/02 07:36:19 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/01 12:11:36 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk
[2010/07/20 05:15:54 | 003,589,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/19 17:16:54 | 000,087,607 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mercedes-b-slr-5-1024x768.jpg
[2010/07/19 17:13:00 | 000,076,248 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/13 14:20:40 | 000,001,238 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2010/08/13 14:20:40 | 000,001,204 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2010/08/13 14:20:31 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\dvxvxufc.sys
[2010/08/12 19:48:51 | 000,711,876 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photoEDIT.jpg
[2010/08/12 16:38:43 | 000,196,034 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mystery_photo.jpg
[2010/08/11 13:58:23 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/06 09:56:54 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\fkTray.ocx
[2010/08/05 12:03:34 | 000,002,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
[2010/08/04 11:12:05 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll
[2010/08/03 19:01:24 | 000,113,957 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\lol165757658.jpg
[2010/08/02 14:12:01 | 000,088,969 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MlgRLzY1ykldnvp060OGxG2ko1_500.jpg
[2010/08/02 13:56:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex__preferences3.dat
[2010/08/02 13:56:03 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2010/08/02 13:54:31 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2010/08/01 12:11:36 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk
[2010/07/20 08:42:44 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-WII-Administrator.job
[2010/07/19 17:16:53 | 000,087,607 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mercedes-b-slr-5-1024x768.jpg
[2010/07/16 00:19:46 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\epgap.dll
[2010/07/16 00:19:32 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ipgap.dll
[2010/07/02 06:13:38 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Pawan\ntuser.ini
[2010/07/02 06:13:35 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Pawan\NTUSER.DAT
[2010/07/02 06:13:35 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Pawan\NTUSER.DAT.LOG
[2010/07/01 03:59:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/29 16:04:38 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2010/06/29 16:04:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2010/06/27 11:06:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/06/26 17:09:45 | 006,029,312 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/06/26 14:28:18 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/06/26 14:28:17 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2010/06/21 05:54:29 | 000,000,607 | ---- | C] () -- C:\WINDOWS\Uninstall Manager.INI
[2010/06/19 07:55:21 | 000,008,430 | ---- | C] () -- C:\Documents and Settings\Administrator\WORKING.LIC
[2010/06/19 07:36:42 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/06/19 07:34:51 | 000,256,256 | ---- | C] () -- C:\WINDOWS\System32\SentinelFilter.sys
[2010/06/19 07:28:26 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/06/19 07:26:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2010/06/19 07:26:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2010/06/19 07:26:18 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2010/06/19 07:24:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\nester.ini
[2010/06/19 07:24:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\batch.ini
[2010/06/19 07:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/06/19 07:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2010/06/19 07:22:36 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2010/06/19 07:22:36 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2010/06/19 07:22:36 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2010/06/19 07:20:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AMXPLORE.INI
[2010/06/06 09:09:48 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/06/06 09:09:48 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/06/06 09:09:48 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/05/22 14:52:45 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/05/16 09:08:50 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/16 08:59:43 | 000,000,427 | ---- | C] () -- C:\Documents and Settings\Administrator\Installer.log
[2010/05/03 10:09:40 | 000,003,126 | ---- | C] () -- C:\WINDOWS\System32\bcmwlhom.ini
[2010/04/30 17:25:47 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2010/04/22 16:53:20 | 000,000,347 | ---- | C] () -- C:\WINDOWS\OPLV.INI
[2010/04/14 12:41:02 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/12 06:46:51 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2010/04/12 05:42:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/04/12 05:42:03 | 000,001,690 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2010/04/12 05:39:34 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/04/12 05:39:33 | 000,102,400 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2010/04/12 05:39:10 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2010/04/12 05:39:09 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/04/12 05:39:09 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2010/04/12 05:39:03 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2010/04/12 05:39:02 | 000,299,008 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/04/12 05:39:02 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2009/11/05 18:16:34 | 001,867,264 | ---- | C] () -- C:\WINDOWS\System32\myodbc5S.dll
[2008/12/31 06:34:26 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\dokan.dll
[2008/04/14 03:00:00 | 000,052,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\i8042prt.sys
[2007/11/14 15:37:26 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/08/29 02:13:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/08/29 02:13:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/08/28 13:25:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/03/29 18:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/08/13 14:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\69815FF4AC8F7F65A62ECD83125A4915
[2010/08/10 14:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2010/07/04 04:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/05/09 09:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Broad Intelligence
[2010/07/20 13:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/03 21:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CoreFTP
[2010/06/26 17:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers
[2010/04/12 05:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ESET
[2010/04/13 06:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\fltk.org
[2010/05/09 07:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GeoVid
[2010/06/29 16:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2010/05/02 15:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HTNetMeter
[2010/07/05 03:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Idki
[2010/05/22 07:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2010/08/01 12:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lunascape
[2010/05/16 12:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Megaupload
[2010/07/05 14:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MessengerDiscovery 2
[2010/05/01 16:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2010/05/01 16:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia Multimedia Player
[2010/05/28 12:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nonoh
[2010/08/05 11:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nuance
[2010/08/13 14:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Paiduh
[2010/05/01 16:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2010/06/21 05:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Pegasys Inc
[2010/08/13 17:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2010/05/27 13:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Radmin
[2010/08/13 17:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sky-Banners
[2010/08/12 16:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/13 17:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Street-Ads
[2010/08/02 17:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2010/06/27 11:41:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/06/21 05:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Systweak
[2010/06/14 15:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/08/13 14:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/07/02 06:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pawan\Application Data\ESET
[2010/08/11 10:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pawan\Application Data\PC Suite
[2010/08/13 11:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/06/13 09:09:38 | 000,000,195 | ---- | M] () -- C:\AllClassEditor.txt
[2010/04/12 05:35:50 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/12 15:30:37 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2004/08/03 19:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/07/12 15:30:37 | 000,000,000 | RHS- | M] () -- C:\CONFIG.SYS
[2010/05/05 16:56:23 | 000,024,554 | ---- | M] () -- C:\Documents
[2010/05/09 07:52:57 | 000,002,192 | ---- | M] () -- C:\dvdlog.txt
[2010/04/30 17:28:06 | 000,000,510 | ---- | M] () -- C:\graph.txt
[2010/04/12 05:35:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/27 12:58:15 | 000,000,000 | ---- | M] () -- C:\ipaddresses.txt
[2010/06/19 07:22:38 | 000,000,000 | ---- | M] () -- C:\license.dat
[2010/04/12 18:03:57 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2010/05/22 12:15:03 | 000,003,208 | ---- | M] () -- C:\MP4debug.log
[2010/04/12 05:35:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 03:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/14 20:15:01 | 2013,265,920 | -HS- | M] () -- C:\pagefile.sys
[2010/08/14 16:22:42 | 000,001,049 | ---- | M] () -- C:\scan.txt
[2010/08/11 18:40:45 | 000,000,012 | ---- | M] () -- C:\System.txt
[2010/05/27 13:33:22 | 000,000,281 | ---- | M] () -- C:\Untitled.txt

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 10:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 09:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 10:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 09:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/06/11 13:52:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/01/31 11:04:10 | 000,051,840 | R--- | M] (Oki Data Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\OPLAPP3.DLL
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

Invalid Environment Variable: %APPDATA%\Adobe\Update\*.*

Invalid Environment Variable: %ALLUSERSPROFILE%\Favorites\*.*

Invalid Environment Variable: %APPDATA%\Microsoft\*.*

< %PROGRAMFILES%\*.* >

Invalid Environment Variable: %APPDATA%\Update\*.*

< %systemroot%\*. /mp /s >

< CREATERESTOREPOINT >

< %systemroot%\System32\config\*.sav >
[2010/06/11 14:36:45 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/06/11 13:27:25 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2010/06/11 14:36:45 | 029,884,416 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/06/11 14:36:47 | 008,650,752 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

Invalid Environment Variable: %ALLUSERSPROFILE%\Start Menu\*.lnk

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-11 22:37:24
< End of report >
  • 0

#12
Essexboy
Posted 15 August 2010 - 03:58 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK here we go - this should allow you to use your system in normal mode


Copy the attached Fix.txt to your C drive



Start OTLPE as you did previously from CD
  • Drag and drop fix.txt into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file that you downloaded on your C drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

WHEN IN NORMAL MODE

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#13
Pawanhammers
Posted 15 August 2010 - 04:53 AM

Pawanhammers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 248 posts
Ah Ok, before I do this let me just say that I didn't drag and drop scan.txt, it didn't allow me, so I selected all the contents in the .txt and copyied and pasted them into the custom box, it didn't allow me, but I will countinue with that next step. Is this okay?


EDIT: Pasted with word-wrap OFF.

Edited by Pawanhammers, 15 August 2010 - 04:56 AM.

  • 0

#14
Essexboy
Posted 15 August 2010 - 05:15 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file that you downloaded on your C drive


  • 0

#15
Pawanhammers
Posted 15 August 2010 - 05:30 AM

Pawanhammers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 248 posts
I mean't about the scan before.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP