Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Injected svchost which crashes


  • Please log in to reply

#1
Droi

Droi

    New Member

  • Member
  • Pip
  • 1 posts
Hey,
So I was recently infected with a trojan/worm which I removed using Mbam and Combofix.
However a short while after connecting to the internet I get an svchost crash which disabled my sound and network services.
ThreatFire sometimes detects svchost as trying to execute malicious code.

Here's an OTL log, if you need anything else let me know.
Thanks a lot!

OTL logfile created on: 12/17/2010 18:52:53 - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Stuff\System cleaning files\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 132.38 Gb Free Space | 28.42% Space Free | Partition Type: NTFS
Drive E: | 465.75 Gb Total Space | 385.01 Gb Free Space | 82.66% Space Free | Partition Type: NTFS

Computer Name: ROI | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/16 01:01:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Stuff\System cleaning files\OTL\OTL.exe
PRC - [2010/12/10 01:01:09 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/30 18:13:26 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/30 18:13:17 | 000,435,368 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avscan.exe
PRC - [2010/11/30 18:13:16 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/30 18:13:16 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/01/14 16:08:16 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFTray.exe
PRC - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2008/05/13 00:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\EDIMAX\Common\RalinkRegistryWriter.exe
PRC - [2008/04/14 10:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/09 13:42:12 | 000,024,576 | ---- | M] () -- C:\Program Files\CRC Check XP\US30Service.exe


========== Modules (SafeList) ==========

MOD - [2010/12/16 01:01:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Stuff\System cleaning files\OTL\OTL.exe
MOD - [2010/01/14 16:08:22 | 000,460,048 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFWAH.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/11/30 18:13:26 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/30 18:13:16 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/28 13:27:41 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2008/05/13 00:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\EDIMAX\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2007/11/07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/02/09 13:42:12 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\CRC Check XP\US30Service.exe -- (US30Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/11/30 18:48:24 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/30 18:13:39 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/10/18 14:43:08 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/10/16 20:55:00 | 009,623,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/09/22 21:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/09/11 04:37:56 | 000,024,960 | ---- | M] (BirdsSoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpn-x.sys -- (vpn-x) VPN-X Virtual Network Interface Card(NIC)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/01/14 16:08:30 | 000,059,664 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/01/14 16:08:28 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/01/14 16:08:28 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2008/12/05 15:30:20 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/12/05 15:30:19 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/09/04 18:25:02 | 000,071,168 | ---- | M] (© Everstrike Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\US30XP.sys -- (US30Sys)
DRV - [2008/09/04 18:18:12 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\US30Kbd2K.sys -- (US30Kbd)
DRV - [2008/08/15 16:13:03 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/06/10 06:53:24 | 000,580,096 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/05/19 09:46:30 | 000,150,568 | R--- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx)
DRV - [2008/04/14 10:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/26 20:37:26 | 004,713,472 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/02/02 17:54:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008/01/23 23:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2006/09/24 15:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/09/07 11:09:36 | 000,017,230 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Wirelecf.SYS -- (Wirelecf)
DRV - [2004/08/13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [1996/04/03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "YouTube Video Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.walla.co.il/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.8.1
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.6
FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.4.3.privateBuild1
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6
FF - prefs.js..extensions.enabledItems: {FFA36170-80B1-4535-B0E3-A4569E497DD0}:3.0.0
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {F645A8C9-E969-42D9-B3F3-F325537222FD}:1.1.6
FF - prefs.js..extensions.enabledItems: {AA6F0803-145A-4200-8E5E-68898D02B5B3}:1.1.5
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.5.14amo
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7
FF - prefs.js..extensions.enabledItems: {CB56AAF9-68C8-41bd-8E5C-7B53232CF7B9}:1.9.37
FF - prefs.js..extensions.enabledItems: [email protected]:1.95.20100933
FF - prefs.js..extensions.enabledItems: {7E77F5DF-8022-40e3-9122-F03DEBEFC43B}:1.0.24
FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.3.4
FF - prefs.js..extensions.enabledItems: {99999999-73df-4e76-b66c-87d3db104b03}:1.3.5
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..extensions.foxtrick.prefs.module.YouthSkillHideUnknown.HideMaximalKeyWord.enabled: false
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 895

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 12:13:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 01:01:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.8\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2010/09/18 17:08:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.8\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET NOD32 Antivirus\Mozilla Thunderbird

[2008/07/31 23:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2010/12/09 22:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\41kq4ms0.test\extensions
[2010/02/18 15:31:35 | 000,000,000 | ---D | M] (Linkification) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\41kq4ms0.test\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2010/04/03 13:13:03 | 000,000,000 | ---D | M] (Right-Click-Link) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\41kq4ms0.test\extensions\{AA6F0803-145A-4200-8E5E-68898D02B5B3}
[2010/10/15 22:32:38 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\41kq4ms0.test\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/07/03 11:44:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\41kq4ms0.test\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/06/04 14:05:20 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\41kq4ms0.test\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/02/18 15:34:27 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\41kq4ms0.test\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2010/12/17 18:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions
[2010/03/26 11:08:18 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/12/04 21:52:58 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/02/10 19:56:20 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/02/20 12:30:34 | 000,000,000 | ---D | M] (Linkification) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2009/10/15 21:16:09 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/11/28 18:52:34 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2010/07/05 19:03:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B}
[2010/09/11 12:03:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}
[2010/12/14 20:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
[2010/02/23 01:27:32 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/03/20 22:20:09 | 000,000,000 | ---D | M] (Right-Click-Link) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions\{AA6F0803-145A-4200-8E5E-68898D02B5B3}
[2010/11/26 19:23:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/10/15 01:04:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/10/05 22:13:32 | 000,000,000 | ---D | M] (dragdropupload) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions\{CB56AAF9-68C8-41bd-8E5C-7B53232CF7B9}
[2010/12/10 01:01:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/09 12:05:48 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/06/17 20:01:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/05/29 20:57:10 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/04/10 02:36:25 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/08/11 14:11:52 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2008/07/30 23:43:42 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2010/01/06 00:19:02 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2010/01/29 23:57:11 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2009/11/01 18:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions\[email protected]
[2010/12/07 22:44:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions\[email protected]
[2010/11/26 19:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions\[email protected]
[2010/11/26 19:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions\SkipS[email protected]
[2009/04/03 23:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions\[email protected]
[2009/02/15 01:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions\[email protected]
[2010/04/28 01:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\extensions\[email protected]
[2008/08/01 14:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Sunbird\Profiles\cc0v5xyp.default\extensions
[2010/09/14 19:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Sunbird\Profiles\fvbi0pvn.default\extensions
[2009/02/16 01:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Sunbird\Profiles\fvbi0pvn.default\extensions\[email protected]
[2009/01/06 21:41:16 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\searchplugins\amazondotcom.xml
[2009/01/06 21:41:16 | 000,001,068 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\searchplugins\ebay.xml
[2010/03/08 18:54:53 | 000,006,547 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\searchplugins\google-codesearch.xml
[2008/07/19 01:36:14 | 000,002,050 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\searchplugins\songza-music-search.xml
[2009/01/31 20:24:24 | 000,002,109 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\txdw5lu2.default\searchplugins\youtube-video-search.xml
[2010/12/16 19:36:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/16 17:58:33 | 000,101,760 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2010/06/16 17:58:12 | 000,064,384 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll

O1 HOSTS File: ([2010/12/05 00:07:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: &הורד באמצעות פלאש-גט - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: &הורד הכל באמצעות פלאש-גט - C:\Program Files\FlashGet\JC_ALL.HTM ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1217592368135 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/05 22:34:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/17 17:10:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\B9DB4C7601A446D58910F7AA6376DBAF.TMP
[2010/12/16 00:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Avira
[2010/12/16 00:00:19 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/12/16 00:00:18 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/12/16 00:00:18 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/12/16 00:00:18 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/12/16 00:00:18 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/12/16 00:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/12/16 00:00:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/12/15 22:32:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/12/15 21:35:00 | 000,059,664 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2010/12/15 21:35:00 | 000,051,984 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2010/12/15 21:35:00 | 000,033,552 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2010/12/15 21:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2010/12/15 21:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/12/15 19:13:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/12/15 19:02:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/15 19:02:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/15 19:02:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/15 19:02:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/15 19:02:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/12 02:28:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2010/12/11 13:19:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Sports Interactive
[2010/12/09 18:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\LolClient
[2010/12/06 23:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/12/05 00:01:36 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/04 23:58:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/03 22:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\vlc
[2010/12/03 14:21:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\wsInspector
[2010/12/03 14:20:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\wsInspector
[2010/12/03 14:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\Startup Inspector for Windows
[2010/12/03 10:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2010/12/03 10:47:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/03 10:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/03 10:47:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/03 10:47:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/03 01:21:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/12/01 19:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\New Folder (2)
[2010/11/26 23:34:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\New Folder
[2010/11/26 19:22:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\101MSDCF
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/17 17:06:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/17 16:54:17 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Admin\.rnd
[2010/12/17 16:44:49 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/17 16:33:55 | 002,319,660 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\v197.zip.part
[2010/12/16 19:02:32 | 003,990,715 | R--- | M] () -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2010/12/15 01:32:18 | 000,332,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/15 01:30:52 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Admin\defogger_reenable
[2010/12/15 00:21:42 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/13 01:09:30 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/13 01:09:30 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/12/13 01:09:27 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/13 01:09:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/12/13 00:54:40 | 000,267,641 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/12/12 19:49:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/11 16:31:59 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/12/11 13:14:51 | 000,000,575 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Football Manager 2011.lnk
[2010/12/10 16:40:37 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/12/10 12:59:09 | 000,000,436 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/12/09 18:36:16 | 000,000,677 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play League of Legends.lnk
[2010/12/05 00:07:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/05 00:01:39 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/12/03 18:11:39 | 000,059,392 | R--- | M] () -- C:\WINDOWS\System32\streamhlp.dll
[2010/12/03 11:16:14 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/12/02 19:10:27 | 000,000,560 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCC.lnk
[2010/12/01 22:53:45 | 000,032,463 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\JapanadaTrip.xlsx
[2010/11/30 18:48:24 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/11/30 18:13:39 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/27 11:13:44 | 000,266,352 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\DM-76.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/17 16:54:31 | 000,774,144 | ---- | C] () -- C:\WINDOWS\System32\NEROINSTAEC43759.DB
[2010/12/17 16:33:04 | 002,319,660 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\v197.zip.part
[2010/12/16 19:02:45 | 003,990,715 | R--- | C] () -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2010/12/15 19:02:53 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/15 19:02:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/15 19:02:53 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/15 19:02:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/15 19:02:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/15 01:30:47 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Admin\defogger_reenable
[2010/12/13 01:09:30 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/13 01:09:27 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/13 01:09:27 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/12/13 01:09:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/12/11 13:14:51 | 000,000,575 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Football Manager 2011.lnk
[2010/12/10 12:59:09 | 000,000,436 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/12/09 18:36:16 | 000,000,677 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play League of Legends.lnk
[2010/12/05 00:01:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/12/05 00:01:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/03 18:11:35 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2010/12/02 19:10:27 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCC.lnk
[2010/11/27 11:13:43 | 000,266,352 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\DM-76.exe
[2010/06/05 22:35:44 | 000,000,040 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/03/18 01:04:37 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2010/02/18 18:17:16 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dll
[2009/08/04 11:58:17 | 001,112,560 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\8d51356f4bb435f1b6f84a242a76b34c-i686.cache-2
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009/07/23 20:53:01 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\PnkBstrK.sys
[2009/04/22 00:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/03/24 11:53:14 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009/03/01 19:06:10 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{3D55D1F4-1059-11DC-B281-197056D89593}
[2008/12/10 21:39:23 | 000,000,306 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/10 21:23:40 | 002,703,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/12/05 15:30:20 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/12/05 15:30:19 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/11/21 18:38:10 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008/11/21 16:16:44 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\bassmod.dll
[2008/10/17 12:35:04 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\RpDays.ini
[2008/09/04 18:18:12 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\US30Kbd2K.sys
[2008/08/15 16:25:12 | 000,000,300 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/08/12 15:03:00 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008/08/10 22:48:53 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/08/09 13:20:24 | 000,000,633 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/07/31 19:53:04 | 000,036,013 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/07/31 19:42:57 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/07/31 19:42:42 | 000,035,634 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/07/31 19:42:42 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/07/31 00:35:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/30 22:50:22 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/11 02:07:20 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/23 00:18:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/03/24 13:52:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/01/10 14:16:20 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/10 14:15:30 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/09/04 18:56:10 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2006/05/26 15:29:14 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2005/09/07 11:09:36 | 000,017,230 | ---- | C] () -- C:\WINDOWS\System32\drivers\Wirelecf.SYS
[1996/04/03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/06/11 19:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Any Video Converter
[2009/09/18 18:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Battle Tanks
[2009/01/11 21:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Borland
[2009/05/01 17:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Braid
[2009/01/11 21:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\CodeGear
[2008/08/15 16:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\DAEMON Tools
[2010/09/18 18:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\DiskAid
[2010/03/18 01:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\FlashGet
[2010/03/18 01:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\FlashGetBHO
[2010/09/18 02:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\GameRanger
[2009/03/21 01:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Haihaisoft Universal Player
[2009/12/08 09:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\IDX Imagecast iPACS Viewer
[2009/05/02 13:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ITTNord
[2008/11/13 15:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Leadertech
[2010/12/09 18:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\LolClient
[2009/07/18 17:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\My Games
[2008/08/23 19:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Pi Eye Games
[2010/04/05 17:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\RenPy
[2008/12/12 21:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Soldat
[2010/04/05 13:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\SpinTop
[2009/04/09 00:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Sports Interactive
[2009/04/24 21:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Stardock
[2009/01/11 21:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Subversion
[2008/08/29 16:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\temp
[2010/10/18 14:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\TrueCrypt
[2008/08/02 21:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Ubisoft
[2010/12/12 01:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\uTorrent
[2010/06/16 17:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\webex
[2009/07/15 16:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Wizards of the Coast
[2010/12/03 14:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\wsInspector
[2009/05/10 19:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/01/11 21:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2008/07/30 23:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/03/21 01:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Haihaisoft
[2009/05/05 19:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2009/04/09 01:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2009/04/24 21:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2010/04/05 14:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/08/02 21:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2010/09/18 17:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/02 15:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/09/18 12:41:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BE672698-4DAC-4C83-9056-C07C3170F628}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52B72A7C

< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP