Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Service function NtMapViewOfSection hook -> 0x8A8AC758

Started by GetCoy , Apr 16 2011 10:41 AM

  • This topic is locked This topic is locked

#1
GetCoy
Posted 16 April 2011 - 10:41 AM

GetCoy

    Member

  • Member
  • PipPip
  • 11 posts
I got this computer from my buddy and he never used any anti virus. It was infected before he gave it to me but we restored it and then avg found a bunch of spyware and adware and got rid of it. Recently it sometimes wont let me open anything. It will be working fine then all of a sudden nothing will be able to open. although the programs that were already open still work fine. it also wont let me shut down the computer so i have to do it by physically holding the power button.
The other day I updated my avg and then it scanned and found four rootkits. Three had names and one was unknown. I downloaded malwarebytes and ran that it found three threats. Here is the log.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6371

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

4/16/2011 10:51:34 AM
mbam-log-2011-04-16 (10-51-34).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 266757
Time elapsed: 53 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

After I got malwarebytes to remove them i restarted my computer and did another rootkit scan with avg and it found 1 rootkit. The one with the unknown name ("";"<unknown>";"Service function NtMapViewOfSection hook -> 0x8A8AC758";"Object is hidden")

I rescanned with malware again but it didn't find anything. Here are both the otl logs.

Extras.txt

OTL Extras logfile created on: 4/16/2011 12:22:04 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Beat Machine\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 99.23 Gb Total Space | 59.62 Gb Free Space | 60.08% Space Free | Partition Type: NTFS
Drive D: | 11.52 Gb Total Space | 1.22 Gb Free Space | 10.57% Space Free | Partition Type: FAT32

Computer Name: LAFFEY | User Name: Beat Machine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"" =
"C:\Program Files\Vongo\VongoService.exe" = C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService -- (Starz Entertainment Group LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0C23BEBC-0429-4254-A83F-15C591AB768A}" = HP Pavilion Webcam Tray Icon
"{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{13BCF6CB-2F54-4962-9B11-32F07048ACF3}" = HP User Guides 0031
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{271A659B-A7D3-405E-AE31-3086133BE0B7}" = Yamaha USB-MIDI Driver
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}" = CC_ccProxyExt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30738666-9805-4926-A78F-91DA33B6C437}" = ccPxyCore
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 A2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{36C33FBC-58EA-4D4C-A89A-A3BB9357EFD7}" = MobilePre
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 G2
"{449F3A9E-9903-4a0d-A209-08030D45A935}" = Norton Internet Security
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.3
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5677563D-0CB1-485F-9E18-C5025306BB3F}" = Norton AntiSpam
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6003F12D-6DAF-4C3F-9FFA-F4A721DC6BBF}" = AVG 2011
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}" = Norton Protection Center
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}" = Norton Internet Security
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Update
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2006
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
"{EC397D90-720E-426D-B381-0A10C6FD5A49}" = HP Pavilion Webcam Demo
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{FB09F05F-85C6-4205-B28D-5BF071D276C3}" = muvee autoProducer 5.0
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FFB4DD53-28B7-4981-BFF0-9BD801F61095}" = Norton Internet Security
"074EEF5F-3BE8-4112-B253-C5D6CDE2924C" = Zuma Deluxe from Hewlett-Packard Laptops (remove only)
"0E5266B4-9069-401A-93AE-5FF9F1712016" = Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
"103EFD47-9F2C-4490-95DD-AE6C442AFB92" = SCRABBLE from Hewlett-Packard Laptops (remove only)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86" = Tradewinds from Hewlett-Packard Laptops (remove only)
"320F055A-570F-4335-B026-16A836DB9549" = Final Drive Nitro from Hewlett-Packard Laptops (remove only)
"382C11F0-1A18-4F76-B8E0-15CA7F209C22" = Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
"384E0BF4-1E1F-45A6-B60E-42144A3F15CD" = Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
"4C061F83-EE92-445A-A03F-184B0BD59242" = Jewel Quest from Hewlett-Packard Laptops (remove only)
"5658FB14-16A4-4DAE-946B-1457BE31572E" = Boggle Supreme from Hewlett-Packard Laptops (remove only)
"5758A0E8-A112-4A1D-82EC-EC72F7F16B88" = Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
"5DE4D54F-AA79-43A4-9C8A-C173E7E2B025" = 5 Card Slingo from Hewlett-Packard Laptops (remove only)
"6E377D95-DF37-4E67-B64B-68C314600BCB" = Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
"6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89" = FATE from Hewlett-Packard Laptops (remove only)
"7948472C-423F-4134-B68F-48D660A05D71" = Big Kahuna Reef from Hewlett-Packard Laptops (remove only)
"7A940E33-6993-404B-ABA6-ED62E8FBE615" = Bounce Symphony from Hewlett-Packard Laptops (remove only)
"7ED8A70C-9597-40BE-AEA0-0573182F1F51" = Super Granny from Hewlett-Packard Laptops (remove only)
"7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54" = Polar Bowler from Hewlett-Packard Laptops (remove only)
"9F3399B2-9ED6-4339-84A2-686432638B86" = Blasterball 2 from Hewlett-Packard Laptops (remove only)
"ASIO4ALL" = ASIO4ALL
"AVG" = AVG 2011
"B0202B33-E73D-4FCD-AC88-0B2971AFC116" = Slyder from Hewlett-Packard Laptops (remove only)
"B0769D17-E72A-4E87-A83F-1F7A3F080008" = Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"C264D692-8E15-4141-96A2-5621332E5DD0" = Slingo Deluxe from Hewlett-Packard Laptops (remove only)
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m" = Soft Data Fax Modem with SmartCP
"D2E44AA4-8665-4490-A6C9-2D0744B47B27" = Polar Golfer from Hewlett-Packard Laptops (remove only)
"DED8E2B5-BA9F-448F-84E8-0AEF79876F95" = Snowboard SuperJam
"Drumaxx" = Drumaxx
"E332F38A-75F6-4EF2-88CC-246E8A1CB5D7" = Oasis from Hewlett-Packard Laptops (remove only)
"E76A7EFF-7758-49EE-B3FA-9699830A2D6B" = Mah Jong Quest from Hewlett-Packard Laptops (remove only)
"E90E3AE9-73E4-4E5C-BB0F-673989A808D0" = Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
"E94C7046-2F7D-4D4D-B76F-C412DCCEAAC2" = Crystal Maze from Hewlett-Packard Laptops (remove only)
"EF860173-4FB7-4DE1-8BE8-5400F05A0DC5" = Puzzle Express from Hewlett-Packard Laptops (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESPNMotion" = ESPNMotion
"F2566CC2-D4C4-44ED-A838-3F8288D8D3FE" = Flip Words from Hewlett-Packard Laptops (remove only)
"FL Studio 9" = FL Studio 9
"HP Game Console" = HP Game Console and games
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Rhapsody" = HP Rhapsody
"IL Download Manager" = IL Download Manager
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"LiveUpdate" = LiveUpdate 2.7 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2006b" = Microsoft Money 2006
"Netscape Browser" = Netscape Browser (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"PoiZone" = PoiZone
"Sakura" = Sakura
"Sawer" = Sawer
"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security 2006 (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Toxic Biohazard" = Toxic Biohazard
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/6/2011 9:31:34 PM | Computer Name = LAFFEY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1203641

Error - 4/6/2011 9:31:36 PM | Computer Name = LAFFEY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/6/2011 9:31:36 PM | Computer Name = LAFFEY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1205594

Error - 4/6/2011 9:31:36 PM | Computer Name = LAFFEY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1205594

Error - 4/6/2011 9:31:38 PM | Computer Name = LAFFEY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/6/2011 9:31:38 PM | Computer Name = LAFFEY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1207563

Error - 4/6/2011 9:31:38 PM | Computer Name = LAFFEY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1207563

Error - 4/6/2011 9:31:40 PM | Computer Name = LAFFEY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/6/2011 9:31:40 PM | Computer Name = LAFFEY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1209532

Error - 4/6/2011 9:31:40 PM | Computer Name = LAFFEY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1209532

[ System Events ]
Error - 4/15/2011 10:01:49 PM | Computer Name = LAFFEY | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.102 on
the Network Card with network address 001636A8BE88.

Error - 4/16/2011 10:44:31 AM | Computer Name = LAFFEY | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.102 on
the Network Card with network address 001636A8BE88.


< End of report >

OTL.txt

OTL logfile created on: 4/16/2011 12:22:04 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Beat Machine\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 99.23 Gb Total Space | 59.62 Gb Free Space | 60.08% Space Free | Partition Type: NTFS
Drive D: | 11.52 Gb Total Space | 1.22 Gb Free Space | 10.57% Space Free | Partition Type: FAT32

Computer Name: LAFFEY | User Name: Beat Machine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/16 12:21:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Beat Machine\My Documents\Downloads\OTL.exe
PRC - [2011/03/23 13:49:21 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Beat Machine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/02/17 06:22:00 | 003,384,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgui.exe
PRC - [2011/02/17 06:21:58 | 002,190,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/11 06:25:52 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:32:48 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/08 05:32:46 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/12/20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/19 15:46:58 | 001,119,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2006/05/09 16:11:10 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) -- C:\Program Files\Vongo\VongoService.exe
PRC - [2005/11/09 15:32:06 | 000,091,136 | ---- | M] (M-Audio, an Avid Technology, Inc. company) -- C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
PRC - [2005/10/07 17:25:36 | 000,133,744 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
PRC - [2005/09/17 17:27:12 | 000,169,584 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/09/17 17:27:10 | 000,202,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2005/09/17 17:27:06 | 000,192,112 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/09/16 09:21:14 | 001,160,800 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2005/06/15 14:00:40 | 000,049,152 | ---- | M] (M-Audio) -- C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe


========== Modules (SafeList) ==========

MOD - [2011/04/16 12:21:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Beat Machine\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2007/01/19 15:46:58 | 001,119,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/06/12 17:27:28 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2006/05/09 16:11:10 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) [Auto | Running] -- C:\Program Files\Vongo\VongoService.exe -- (Vongo Service)
SRV - [2005/10/23 11:28:54 | 000,045,696 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\comHost.exe -- (comHost)
SRV - [2005/10/14 01:48:40 | 000,072,280 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - [2005/10/07 17:25:36 | 000,133,744 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2005/10/06 22:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005/09/25 09:10:58 | 000,749,696 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2005/09/20 04:24:20 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/09/17 17:27:12 | 000,169,584 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/09/17 17:27:10 | 000,202,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2005/09/17 17:27:06 | 000,192,112 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/09/16 09:21:14 | 001,160,800 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/08/27 07:22:48 | 000,198,368 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2005/06/15 14:00:40 | 000,049,152 | ---- | M] (M-Audio) [Auto | Running] -- C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe -- (MobilePreInstallerService)


========== Driver Services (SafeList) ==========

DRV - [2011/03/30 17:17:22 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:54:00 | 000,296,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/19 04:32:56 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009/08/04 14:09:42 | 000,018,560 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ymidusb.sys -- (YMIDUSB)
DRV - [2007/01/19 15:46:58 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/06/19 15:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/02 03:02:36 | 000,572,928 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/05/14 05:00:00 | 000,799,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060514.008\NAVEX15.SYS -- (NAVEX15)
DRV - [2006/05/14 05:00:00 | 000,077,864 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060514.008\NAVENG.SYS -- (NAVENG)
DRV - [2006/04/28 20:12:00 | 000,429,184 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/04/19 13:03:20 | 000,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/04/19 13:02:40 | 000,208,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/04/19 13:02:36 | 000,727,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/03/06 02:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/03/03 03:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 03:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/02/23 02:19:06 | 000,107,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/01/27 03:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/11/16 07:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/09 17:00:12 | 000,032,000 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MA763004.sys -- (ma763004)
DRV - [2005/11/01 05:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/11/01 04:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/09/20 04:23:52 | 000,196,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/09/19 18:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 18:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 18:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/09/16 09:21:14 | 000,389,728 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/09/02 12:07:36 | 000,199,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20050901.036\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2005/08/27 07:22:50 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/08/27 07:22:48 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/08/04 09:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/04/14 19:34:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2011/03/11 14:54:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2011/03/11 14:54:58 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/03/16 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (M-Audio, an Avid Technology, Inc. company)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Beat Machine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Beat Machine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 23:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 15:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/15 21:42:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Beat Machine\Application Data\Malwarebytes
[2011/04/15 21:41:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/15 21:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/15 21:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/15 21:41:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/15 21:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/08 11:46:39 | 002,539,018 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\MADIOUSB.dll
[2011/04/08 11:46:39 | 000,014,336 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\drivers\madfu804.sys
[2011/04/08 11:46:38 | 000,167,936 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\mobpre.cpl
[2011/04/08 11:46:37 | 000,091,136 | ---- | C] (M-Audio, an Avid Technology, Inc. company) -- C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
[2011/04/08 11:46:37 | 000,049,152 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\MPInstFix.dll
[2011/04/08 11:46:37 | 000,032,000 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\drivers\MA763004.sys
[2011/04/08 11:46:35 | 000,163,840 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\mausbasi.dll
[2011/04/08 11:46:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\M-Audio
[2011/04/08 11:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\M-Audio MobilePre
[2011/04/08 11:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\M-Audio
[2011/03/25 12:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Beat Machine\My Documents\OneNote Notebooks
[2011/03/25 12:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Beat Machine\Application Data\AdobeUM
[2011/03/24 13:51:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/03/24 12:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/03/24 12:15:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/03/24 12:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/03/24 12:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Beat Machine\Application Data\Sun
[2011/03/20 15:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Beat Machine\Local Settings\Application Data\Adobe
[2011/03/17 19:42:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/16 12:09:57 | 112,569,820 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/04/16 11:27:07 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1453074721-2307454591-1502823079-1005UA.job
[2011/04/16 10:58:56 | 000,394,542 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/16 10:58:56 | 000,056,968 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/16 10:54:01 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/04/16 10:53:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/16 10:53:43 | 2917,773,312 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/15 13:27:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1453074721-2307454591-1502823079-1005Core.job
[2011/04/14 19:34:10 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/04/13 12:02:53 | 003,890,032 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\nickiminaj.mp3
[2011/04/13 11:59:37 | 003,063,005 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\sunny afternoon.mp3
[2011/04/07 23:12:06 | 001,094,407 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\crunk.mp3
[2011/04/07 20:56:30 | 004,151,779 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\Saw (original).mp3
[2011/04/07 20:56:13 | 004,127,752 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\funkyfresh.mp3
[2011/04/06 21:39:36 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/06 14:15:01 | 003,358,181 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\taylor swift.mp3
[2011/04/06 14:14:47 | 004,708,188 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\djdirty.mp3
[2011/03/30 17:17:22 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSDriver.sys
[2011/03/28 21:16:36 | 000,687,612 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\dancy.mp3
[2011/03/26 14:28:04 | 000,002,315 | ---- | M] () -- C:\Documents and Settings\Beat Machine\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/26 14:28:03 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\Beat Machine\Desktop\Google Chrome.lnk
[2011/03/25 20:00:01 | 000,000,562 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Beat Machine.job
[2011/03/25 16:49:56 | 000,315,106 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\homemade shizzy.mp3
[2011/03/25 12:52:23 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\Beat Machine\Start Menu\Programs\StartUp\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/03/20 22:10:51 | 000,841,212 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\katy perry.mp3
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/12 18:46:49 | 003,063,005 | ---- | C] () -- C:\Documents and Settings\Beat Machine\My Documents\sunny afternoon.mp3
[2011/04/09 23:16:30 | 003,890,032 | ---- | C] () -- C:\Documents and Settings\Beat Machine\My Documents\nickiminaj.mp3
[2011/04/08 11:46:38 | 000,006,010 | R--- | C] () -- C:\WINDOWS\System32\drivers\ma004103.bin
[2011/04/07 20:50:11 | 004,127,752 | ---- | C] () -- C:\Documents and Settings\Beat Machine\My Documents\funkyfresh.mp3
[2011/04/06 20:48:19 | 001,094,407 | ---- | C] () -- C:\Documents and Settings\Beat Machine\My Documents\crunk.mp3
[2011/04/06 13:41:25 | 004,151,779 | ---- | C] () -- C:\Documents and Settings\Beat Machine\My Documents\Saw (original).mp3
[2011/03/28 19:56:30 | 000,687,612 | ---- | C] () -- C:\Documents and Settings\Beat Machine\My Documents\dancy.mp3
[2011/03/25 14:09:07 | 000,315,106 | ---- | C] () -- C:\Documents and Settings\Beat Machine\My Documents\homemade shizzy.mp3
[2011/03/25 12:52:23 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\Beat Machine\Start Menu\Programs\StartUp\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/03/23 20:59:13 | 003,358,181 | ---- | C] () -- C:\Documents and Settings\Beat Machine\My Documents\taylor swift.mp3
[2011/03/20 22:10:41 | 000,841,212 | ---- | C] () -- C:\Documents and Settings\Beat Machine\My Documents\katy perry.mp3
[2011/03/11 14:56:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Beat Machine\Application Data\wklnhst.dat
[2011/03/11 04:49:57 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Beat Machine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/10 01:40:07 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Beat Machine\Local Settings\Application Data\fusioncache.dat
[2007/01/19 16:23:47 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/01/19 16:19:40 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2007/01/19 16:19:40 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2007/01/19 16:06:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/19 15:55:31 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/29 22:18:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/29 22:18:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 21:49:18 | 000,087,268 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/06/29 21:46:56 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 21:43:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/29 21:27:08 | 000,394,542 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/29 21:27:08 | 000,056,968 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/29 21:18:06 | 000,374,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/29 21:13:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/29 21:08:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/29 08:00:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/29 08:00:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/06/29 08:00:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/29 08:00:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/06/29 08:00:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/29 08:00:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/29 08:00:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/06/29 08:00:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/06/29 08:00:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/16 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/16 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/16 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/16 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/16 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/16 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/16 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/16 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/03/04 10:07:34 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/02 21:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/06 05:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2002/05/29 00:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/29 00:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2011/03/11 14:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/03/11 14:35:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/04 23:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2011/04/14 19:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/12 15:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/11 14:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/03/12 14:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Beat Machine\Application Data\AVG
[2011/03/11 14:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Beat Machine\Application Data\AVG10
[2011/03/12 17:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Beat Machine\Application Data\SynthMaker

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >
  • 0

Advertisements

#2
Render
Posted 02 May 2011 - 05:49 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi, GetCoy! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyze and fix your PC in the long run.

Sorry for the delay.

Please do the following:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
GetCoy
Posted 02 May 2011 - 02:10 PM

GetCoy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
aswMBR version 0.9.5.247 Copyright© 2011 AVAST Software
Run date: 2011-05-02 16:09:47
-----------------------------
16:09:47.835 OS Version: Windows 5.1.2600 Service Pack 3
16:09:47.835 Number of processors: 2 586 0x4802
16:09:47.835 ComputerName: LAFFEY UserName:
16:09:49.397 Initialize success
16:10:02.099 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000084
16:10:02.115 Disk 0 Vendor: FUJITSU_MHV2120BH_PL 892C Size: 114473MB BusType: 3
16:10:02.146 Disk 0 MBR read successfully
16:10:02.146 Disk 0 MBR scan
16:10:02.161 Disk 0 unknown MBR code
16:10:02.177 Disk 0 scanning sectors +234436545
16:10:02.224 Disk 0 scanning C:\WINDOWS\system32\drivers
16:10:08.317 Service scanning
16:10:09.567 Disk 0 trace - called modules:
16:10:09.598 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
16:10:09.614 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa9aab8]
16:10:09.629 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\00000085[0x8aabe6c8]
16:10:09.645 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\00000084[0x8aa30030]
16:10:09.676 Scan finished successfully
16:10:18.769 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Beat Machine\Desktop\MBR.dat"
16:10:18.800 The log file has been saved successfully to "C:\Documents and Settings\Beat Machine\Desktop\aswMBR.txt"
  • 0

#4
Render
Posted 02 May 2011 - 02:31 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

On your desktop should be a file MBR.dat. Please go to http://virustotal.com, hit the Browse button then point it at your desktop and the file MBR.dat and then Open. Then hit Send file and then Reanalyse. It will query about 40 anti-virus companies and ask their opinion of the file. IF it doesn't say 0/40 or so please copy the report and paste it into a reply.

NEXT...

Rootkit Unhooker:
  • Please download Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest and then click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
  • 0

#5
GetCoy
Posted 02 May 2011 - 02:43 PM

GetCoy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I couldnt find where it said Reanalyse


0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: MBR.dat
Submission date: 2011-05-02 20:40:22 (UTC)
Current status: finished
Result: 1/ 41 (2.4%)
VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.05.03.00 2011.05.02 -
AntiVir 7.11.7.115 2011.05.02 -
Antiy-AVL 2.0.3.7 2011.05.02 -
Avast 4.8.1351.0 2011.05.02 -
Avast5 5.0.677.0 2011.05.02 -
AVG 10.0.0.1190 2011.05.02 -
BitDefender 7.2 2011.05.02 -
CAT-QuickHeal 11.00 2011.05.02 -
ClamAV 0.97.0.0 2011.05.02 -
Commtouch 5.3.2.6 2011.05.02 -
Comodo 8559 2011.05.02 -
DrWeb 5.0.2.03300 2011.05.02 -
eSafe 7.0.17.0 2011.05.02 -
eTrust-Vet 36.1.8303 2011.05.02 -
F-Prot 4.6.2.117 2011.05.02 -
F-Secure 9.0.16440.0 2011.05.02 -
Fortinet 4.2.257.0 2011.05.01 -
GData 22 2011.05.02 -
Ikarus T3.1.1.103.0 2011.05.02 -
Jiangmin 13.0.900 2011.05.01 -
K7AntiVirus 9.98.4541 2011.05.02 -
Kaspersky 9.0.0.837 2011.05.02 -
McAfee 5.400.0.1158 2011.05.02 -
McAfee-GW-Edition 2010.1D 2011.05.02 Heuristic.BehavesLike.Exploit.CodeExec.NLMM
Microsoft 1.6802 2011.05.02 -
NOD32 6089 2011.05.02 -
Norman 6.07.07 2011.05.02 -
Panda 10.0.3.5 2011.05.02 -
PCTools 7.0.3.5 2011.05.02 -
Prevx 3.0 2011.05.02 -
Rising 23.55.04.03 2011.04.29 -
Sophos 4.64.0 2011.05.02 -
SUPERAntiSpyware 4.40.0.1006 2011.05.02 -
Symantec 20101.3.2.89 2011.05.02 -
TheHacker 6.7.0.1.186 2011.05.01 -
TrendMicro 9.200.0.1012 2011.05.02 -
TrendMicro-HouseCall 9.200.0.1012 2011.05.02 -
VBA32 3.12.16.0 2011.05.02 -
VIPRE 9179 2011.05.02 -
ViRobot 2011.5.2.4441 2011.05.02 -
VirusBuster 13.6.332.1 2011.05.02 -
Additional informationShow all
MD5 : 049a065641719781d06ab3a8195ef1e8
SHA1 : d0622c44419beaa782f8520301c3127cf128762e
SHA256: 61890cd4aa14f7bdfdc5c54b948d9b74e3a0abf2238c76c32ec0a2171e
  • 0

#6
GetCoy
Posted 02 May 2011 - 02:49 PM

GetCoy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3989504 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 84.98 )
0xF5A65000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 3682304 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 84.98 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF2767000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 999424 bytes (Conexant Systems, Inc., HSF_DP driver)
0xB690F000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060514.008\NavEx15.Sys 794624 bytes (Symantec Corporation, AV Engine)
0xF26B5000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 729088 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF28B2000 C:\WINDOWS\system32\drivers\CHDAud.sys 610304 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
0xF71DD000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xEB159000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xEB226000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 401408 bytes (Symantec Corporation, SPBBC Driver)
0xF57F2000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xED011000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB69D1000 c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS 360448 bytes (Symantec Corporation, AutoProtect)
0xB7E4A000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xF59AA000 C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 311296 bytes (REDC, RICOH XD SM Driver)
0xF5937000 C:\WINDOWS\system32\DRIVERS\NVNRM.SYS 307200 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.)
0xEECEF000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 290816 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xB7FA7000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xEB11D000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xEF30B000 C:\WINDOWS\System32\Drivers\SYMTDI.SYS 241664 bytes (Symantec Corporation, Network Dispatch Driver)
0xF5900000 C:\WINDOWS\system32\DRIVERS\NVSNPU.SYS 225280 bytes (NVIDIA Corporation, NVIDIA Networking Soft-NPU Driver.)
0xF285B000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 208896 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xF5878000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF58D0000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 196608 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xF7358000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB80D8000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF71B0000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xEB1C9000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF5982000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xEB2AA000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF72E4000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xEB2D2000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xEB0F9000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF288E000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF5A2D000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF5A0A000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEB288000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xEF147000 C:\Program Files\Symantec\SYMEVENT.SYS 139264 bytes (Symantec Corporation, Symantec Event Library)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB7884000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 131072 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0xF7293000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF730A000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7329000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xEB208000 C:\WINDOWS\System32\Drivers\usbvideo.sys 122880 bytes (Microsoft Corporation, USB Video Class Driver)
0xF7196000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xEB0E0000 C:\WINDOWS\System32\Drivers\dump_nvata.sys 102400 bytes
0xF72B3000 nvata.sys 102400 bytes (NVIDIA Corporation, NVIDIA® nForce™ IDE Performance Driver)
0xF72CC000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF726A000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF58B9000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB7EA2000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xEB1F4000 c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS 81920 bytes (Symantec Corporation, SAVRTPEL)
0xF59F6000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xF5A51000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEC406000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB68FD000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060514.008\NAVENG.Sys 73728 bytes (Symantec Corporation, AV Engine)
0xF7281000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7347000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF58A8000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB7B14000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF76B7000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7507000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF7497000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF74F7000 Serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xEDF34000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF7647000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF76C7000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF76F7000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7627000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF74A7000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF7687000 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 57344 bytes (Advanced Micro Devices, AMD Processor Driver)
0xF74E7000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF6509000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF64F9000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF76D7000 C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 53248 bytes (REDC, RICOH MS Driver)
0xF74C7000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xEB45F000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF64D9000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB79FC000 C:\DOCUME~1\BEATMA~1\LOCALS~1\Temp\aswMBR.sys 45056 bytes
0xEDEE4000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF76A7000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF74B7000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF64E9000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7487000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF5F42000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF64B9000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF74D7000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7697000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF64C9000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xEDF24000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF5F32000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7637000 C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 36864 bytes (NVIDIA Corporation, NVIDIA Networking Function Driver.)
0xEDF44000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF0487000 C:\WINDOWS\system32\drivers\MA763004.sys 32768 bytes (M-Audio, M-Audio MobilePre)
0xEF4C3000 C:\WINDOWS\system32\drivers\mbamswissarmy.sys 32768 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xF786F000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF5E19000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF77FF000 C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 32768 bytes (REDC, RICOH MMC Driver)
0xEBD13000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF77EF000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF771F000 avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xF77DF000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF77F7000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7807000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF780F000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xEF4E3000 C:\WINDOWS\system32\drivers\symlcbrd.sys 24576 bytes (Symantec Corporation, Symantec Core Component)
0xEBD03000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF783F000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0xF77BF000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xEBCFB000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF781F000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7717000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7827000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7817000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF77E7000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xECFE1000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF78A7000 AVGIDSEH.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xF789F000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF6A95000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF795F000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB808C000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0xF5DF4000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xEC883000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF794B000 C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 16384 bytes (NVIDIA Corporation, NVIDIA Networking Bus Driver.)
0xF78A3000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF789B000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF6A91000 C:\WINDOWS\system32\DRIVERS\cpqbttn.sys 12288 bytes (Hewlett-Packard Development Company, L.P., HP Tablet PC Key Button HID Driver)
0xF0757000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xEE033000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xEC88F000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xEE023000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF794F000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7937000 C:\WINDOWS\system32\DRIVERS\nvsmu.sys 12288 bytes (NVIDIA Corporation, NVIDIA® nForce™ SMU Microcontroller Driver)
0xEBB63000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF6A8D000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xF798F000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xF7993000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7991000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF79F1000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF79F9000 C:\WINDOWS\system32\DRIVERS\eabfiltr.sys 8192 bytes (Hewlett-Packard Development Company, L.P., QLB PS/2 Keyboard filter driver)
0xF7A4D000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF798B000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7995000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7997000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79C1000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79BF000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF798D000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7A6C000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xED61B000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xEC35B000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A50000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
  • 0

#7
Render
Posted 02 May 2011 - 02:59 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

There are no signs of rootkits from provided logs. Are you experiencing any problems ?

I need a fresh OTL log. Please do this:

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Check the boxes beside LOP Check and Purity Check.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

  • 0

#8
GetCoy
Posted 02 May 2011 - 04:14 PM

GetCoy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Not Really. Some times when try to shut down or close my laptop it will restart and say your computer has recovered for a serious error. But other than that its fine.



OTL logfile created on: 5/2/2011 6:07:50 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Beat Machine\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 99.23 Gb Total Space | 59.15 Gb Free Space | 59.61% Space Free | Partition Type: NTFS
Drive D: | 11.52 Gb Total Space | 1.22 Gb Free Space | 10.57% Space Free | Partition Type: FAT32

Computer Name: LAFFEY | User Name: Beat Machine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/16 12:21:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Beat Machine\My Documents\Downloads\OTL.exe
PRC - [2011/03/23 13:49:21 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Beat Machine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/02/17 06:21:58 | 002,190,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/11 06:25:52 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:32:48 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/08 05:32:46 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/19 15:46:58 | 001,119,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2006/05/09 16:11:10 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) -- C:\Program Files\Vongo\VongoService.exe
PRC - [2005/11/09 15:32:06 | 000,091,136 | ---- | M] (M-Audio, an Avid Technology, Inc. company) -- C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
PRC - [2005/10/07 17:25:36 | 000,133,744 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
PRC - [2005/09/17 17:27:12 | 000,169,584 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/09/17 17:27:10 | 000,202,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2005/09/17 17:27:06 | 000,192,112 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/09/16 09:21:14 | 001,160,800 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2005/06/15 14:00:40 | 000,049,152 | ---- | M] (M-Audio) -- C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe


========== Modules (SafeList) ==========

MOD - [2011/04/16 12:21:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Beat Machine\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2007/01/19 15:46:58 | 001,119,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/06/12 17:27:28 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2006/05/09 16:11:10 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) [Auto | Running] -- C:\Program Files\Vongo\VongoService.exe -- (Vongo Service)
SRV - [2005/10/23 11:28:54 | 000,045,696 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\comHost.exe -- (comHost)
SRV - [2005/10/14 01:48:40 | 000,072,280 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - [2005/10/07 17:25:36 | 000,133,744 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2005/10/06 22:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005/09/25 09:10:58 | 000,749,696 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2005/09/20 04:24:20 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/09/17 17:27:12 | 000,169,584 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/09/17 17:27:10 | 000,202,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2005/09/17 17:27:06 | 000,192,112 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/09/16 09:21:14 | 001,160,800 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/08/27 07:22:48 | 000,198,368 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2005/06/15 14:00:40 | 000,049,152 | ---- | M] (M-Audio) [Auto | Running] -- C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe -- (MobilePreInstallerService)


========== Driver Services (SafeList) ==========

DRV - [2011/03/30 17:17:22 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:54:00 | 000,296,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/19 04:32:56 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/08/04 14:09:42 | 000,018,560 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ymidusb.sys -- (YMIDUSB)
DRV - [2007/01/19 15:46:58 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/06/19 15:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/02 03:02:36 | 000,572,928 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/05/14 05:00:00 | 000,799,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060514.008\NAVEX15.SYS -- (NAVEX15)
DRV - [2006/05/14 05:00:00 | 000,077,864 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060514.008\NAVENG.SYS -- (NAVENG)
DRV - [2006/04/28 20:12:00 | 000,429,184 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/04/19 13:03:20 | 000,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/04/19 13:02:40 | 000,208,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/04/19 13:02:36 | 000,727,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/03/06 02:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/03/03 03:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 03:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/02/23 02:19:06 | 000,107,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/01/27 03:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/11/16 07:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/09 17:00:12 | 000,032,000 | ---- | M] (M-Audio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MA763004.sys -- (ma763004)
DRV - [2005/11/01 05:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/11/01 04:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/09/20 04:23:52 | 000,196,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/09/19 18:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 18:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 18:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/09/16 09:21:14 | 000,389,728 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/09/02 12:07:36 | 000,199,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20050901.036\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2005/08/27 07:22:50 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/08/27 07:22:48 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/08/04 09:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/04/26 21:01:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2011/03/11 14:54:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2011/03/11 14:54:58 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/03/16 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (M-Audio, an Avid Technology, Inc. company)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Beat Machine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Beat Machine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 23:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 15:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/24 16:33:46 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2011/04/24 16:33:46 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2011/04/24 16:33:45 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2011/04/19 12:06:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/04/18 12:23:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/04/15 21:42:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Beat Machine\Application Data\Malwarebytes
[2011/04/15 21:41:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/15 21:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/15 21:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/15 21:41:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/15 21:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/08 11:48:43 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2011/04/08 11:46:39 | 002,539,018 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\MADIOUSB.dll
[2011/04/08 11:46:39 | 000,014,336 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\drivers\madfu804.sys
[2011/04/08 11:46:38 | 000,167,936 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\mobpre.cpl
[2011/04/08 11:46:37 | 000,091,136 | ---- | C] (M-Audio, an Avid Technology, Inc. company) -- C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
[2011/04/08 11:46:37 | 000,049,152 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\MPInstFix.dll
[2011/04/08 11:46:37 | 000,032,000 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\drivers\MA763004.sys
[2011/04/08 11:46:35 | 000,163,840 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\mausbasi.dll
[2011/04/08 11:46:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\M-Audio
[2011/04/08 11:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\M-Audio MobilePre
[2011/04/08 11:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\M-Audio
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/02 17:02:39 | 000,607,486 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\Gangst Mosh.mp3
[2011/05/02 16:44:33 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Beat Machine\Desktop\RKUnhookerLE.EXE
[2011/05/02 16:32:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1453074721-2307454591-1502823079-1005UA.job
[2011/05/02 16:10:18 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Beat Machine\Desktop\MBR.dat
[2011/05/02 11:48:17 | 113,938,578 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/01 17:32:20 | 000,394,542 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/01 17:32:20 | 000,056,968 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/01 17:27:31 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/01 17:27:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/01 17:27:12 | 2917,773,312 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/29 20:07:52 | 000,697,016 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\AJ ill will.mp3
[2011/04/29 20:00:01 | 000,000,562 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Beat Machine.job
[2011/04/29 18:32:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1453074721-2307454591-1502823079-1005Core.job
[2011/04/29 12:17:10 | 000,185,870 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\3rd Day.mp3
[2011/04/27 19:57:31 | 003,764,645 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\Best Yet.mp3
[2011/04/27 12:11:36 | 004,051,989 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\pad.mp3
[2011/04/26 21:01:59 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/04/19 19:24:47 | 000,374,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/19 19:06:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/13 12:02:53 | 003,890,032 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\nickiminaj.mp3
[2011/04/13 11:59:37 | 003,063,005 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\sunny afternoon.mp3
[2011/04/07 23:12:06 | 001,094,407 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\crunk.mp3
[2011/04/07 20:56:30 | 004,151,779 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\Saw (original).mp3
[2011/04/07 20:56:13 | 004,127,752 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\funkyfresh.mp3
[2011/04/06 14:15:01 | 003,358,181 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\taylor swift.mp3
[2011/04/06 14:14:47 | 004,708,188 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\djdirty.mp3
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/02 16:44:32 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Beat Machine\Desktop\RKUnhookerLE.EXE
[2011/05/02 16:10:18 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Beat Machine\Desktop\MBR.dat
[2011/05/01 15:51:18 | 000,607,486 | ---- | C] () -- C:\Documents and Settings\Beat Machine\My Documents\Gangst Mosh.mp3
[2011/04/29 20:07:21 | 000,697,016 | ---- | C] () -- C:\Documents and Settings\Beat Machine\My Documents\AJ ill will.mp3
[2011/04/28 18:26:31 | 000,185,870 | ---- | C] () -- C:\Documents and Settings\Beat Machine\My Documents\3rd Day.mp3
[2011/04/27 14:11:21 | 003,764,645 | ---- | C] () -- C:\Documents and Settings\Beat Machine\My Documents\Best Yet.mp3
[2011/04/26 20:52:12 | 004,051,989 | ---- | C] () -- C:\Documents and Settings\Beat Machine\My Documents\pad.mp3
[2011/04/12 18:46:49 | 003,063,005 | ---- | C] () -- C:\Documents and Settings\Beat Machine\My Documents\sunny afternoon.mp3
[2011/04/09 23:16:30 | 003,890,032 | ---- | C] () -- C:\Documents and Settings\Beat Machine\My Documents\nickiminaj.mp3
[2011/04/07 20:50:11 | 004,127,752 | ---- | C] () -- C:\Documents and Settings\Beat Machine\My Documents\funkyfresh.mp3
[2011/04/06 20:48:19 | 001,094,407 | ---- | C] () -- C:\Documents and Settings\Beat Machine\My Documents\crunk.mp3
[2011/04/06 13:41:25 | 004,151,779 | ---- | C] () -- C:\Documents and Settings\Beat Machine\My Documents\Saw (original).mp3
[2011/03/11 14:56:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Beat Machine\Application Data\wklnhst.dat
[2011/03/11 04:49:57 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Beat Machine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/10 01:40:07 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Beat Machine\Local Settings\Application Data\fusioncache.dat
[2007/01/19 16:23:47 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/01/19 16:19:40 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2007/01/19 16:19:40 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2007/01/19 16:06:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/19 15:55:31 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/29 22:18:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/29 22:18:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 21:49:18 | 000,087,268 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/06/29 21:46:56 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 21:43:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/29 21:27:08 | 000,394,542 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/29 21:27:08 | 000,056,968 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/29 21:18:06 | 000,374,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/29 21:13:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/29 21:08:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/29 08:00:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/29 08:00:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/06/29 08:00:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/29 08:00:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/06/29 08:00:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/29 08:00:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/29 08:00:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/06/29 08:00:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/06/29 08:00:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/16 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/16 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/16 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/16 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/16 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/16 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/16 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/16 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/03/04 10:07:34 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/02 21:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/06 05:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2002/05/29 00:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/29 00:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2011/05/01 17:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/03/11 14:35:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/04 23:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2011/04/14 19:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/12 15:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/11 14:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/03/12 14:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Beat Machine\Application Data\AVG
[2011/03/11 14:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Beat Machine\Application Data\AVG10
[2011/03/12 17:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Beat Machine\Application Data\SynthMaker

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006/03/16 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/03/16 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/03/16 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/03/16 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Beat Machine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/03/23 13:49:21 | 001,004,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Beat Machine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/03/23 13:49:21 | 001,004,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Beat Machine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/03/23 13:49:21 | 001,004,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Beat Machine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/03/23 13:49:21 | 001,004,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Beat Machine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/03/23 13:49:21 | 001,004,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\Internet Explorer\iexplore.exe" [2008/04/13 20:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.exe" HIDE [2005/11/28 21:05:03 | 000,038,923 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.exe" REGISTER [2005/11/28 21:05:03 | 000,038,923 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.EXE" SHOW [2005/11/28 21:05:03 | 000,038,923 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\shell\open\command\\:
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\shell\properties\command\\: -chrome "chrome://browser/content/pref/pref.xul"

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Beat Machine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/03/23 13:49:21 | 001,004,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Beat Machine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/03/23 13:49:21 | 001,004,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Beat Machine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/03/23 13:49:21 | 001,004,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Beat Machine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/03/23 13:49:21 | 001,004,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Beat Machine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/03/23 13:49:21 | 001,004,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\Internet Explorer\iexplore.exe" [2008/04/13 20:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.exe" HIDE [2005/11/28 21:05:03 | 000,038,923 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.exe" REGISTER [2005/11/28 21:05:03 | 000,038,923 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.EXE" SHOW [2005/11/28 21:05:03 | 000,038,923 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\shell\open\command\\:
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\shell\properties\command\\: -chrome "chrome://browser/content/pref/pref.xul"

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >
  • 0

#9
Render
Posted 02 May 2011 - 04:54 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Please follow the steps below:

Step 1

It appears from your logs you've multiple antivirus programs running simultaneously, which is not a safe practice at all, as you're more likely to get infected and have other performance issues with your computer.

  • AVG 2011
  • Norton Internet Security
  • Norton AntiVirus 2006

I recommend you to uninstall two of them and use only one.

How to unistall program in Windows XP:

  • Click Start, click Control Panel, and then double-click Add or Remove Programs.
  • In the Currently installed programs box, click the program that you want to remove, and then click Remove.
  • If you are prompted to confirm the removal of the program, click Yes.

Step 2

Posted Image Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware.
  • Select the Update tab.
  • Click on Check for Updates button.
  • Click on OK.
  • Select the Scanner tab.
  • Select Perform quick scan, then click on Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3

Download AVPTool from Here to your desktop

Run the program you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
  • On the first tab select all elements down to Computer and then select start scan
  • Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan
  • Select the Manual Disinfection tab
  • Press the Gather System Information button
  • Once done Open the last report saved folder then attach the zip file to your next post zip
  • The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image

How to add an attachment to a new topic or reply

When completed the above, please post back the following in the order asked for:
  • MBAM log
  • AVP Tool scan report and attached file avptool_sysinfo.zip

  • 0

#10
GetCoy
Posted 02 May 2011 - 06:29 PM

GetCoy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I can't find norton antivirus 2006 on the list. The norton internet security says..... "a norton internet security account with supervisor access must be logged in to uninstall this product". So it tells me to go to the start menu and go to norton internet security.... blah blah blah.... I never even knew that anything other then avg was on the computer.
  • 0

Advertisements

#11
Render
Posted 02 May 2011 - 11:41 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Looks like there are orphaned files and registry entries from old Norton AV's installations and were not properly removed.

To remove them please do the following:
  • Download the Norton Removal Tool from here and save the file to the Windows desktop.
  • On the Windows desktop, double-click the Norton Removal Tool icon.
  • Follow the on-screen instructions.
  • Restart your computer.
Then please proceed with steps 2 and 3 from my previous post if you haven't already done so.
  • 0

#12
GetCoy
Posted 03 May 2011 - 12:29 PM

GetCoy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6500

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

5/3/2011 12:57:43 PM
mbam-log-2011-05-03 (12-57-43).txt

Scan type: Quick scan
Objects scanned: 157933
Time elapsed: 4 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------------------------------------------------------------------------------------------------------------------------------------------



Autoscan: completed 9 minutes ago (events: 2, objects: 414464, time: 01:10:08)

----------------------------------------------------------------------------------------------------------------------------------------------

Attached Files


  • 0

#13
Render
Posted 03 May 2011 - 02:49 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
From logs looking good but how is in practice ?

Please give me a fresh OTL scan log:

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Check the boxes beside LOP Check and Purity Check.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

  • 0

#14
GetCoy
Posted 03 May 2011 - 04:41 PM

GetCoy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
From logs looking good but how is in practice ?


I dont understand what you are saying?^



OTL logfile created on: 5/3/2011 6:33:56 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Beat Machine\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 99.23 Gb Total Space | 58.70 Gb Free Space | 59.16% Space Free | Partition Type: NTFS
Drive D: | 11.52 Gb Total Space | 1.22 Gb Free Space | 10.57% Space Free | Partition Type: FAT32

Computer Name: LAFFEY | User Name: Beat Machine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Beat Machine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/04/16 12:21:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Beat Machine\My Documents\Downloads\OTL.exe
PRC - [2011/02/17 06:21:58 | 002,190,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/11 06:25:52 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:32:48 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/08 05:32:46 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/05/09 16:11:10 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) -- C:\Program Files\Vongo\VongoService.exe
PRC - [2005/11/09 15:32:06 | 000,091,136 | ---- | M] (M-Audio, an Avid Technology, Inc. company) -- C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
PRC - [2005/06/15 14:00:40 | 000,049,152 | ---- | M] (M-Audio) -- C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe


========== Modules (SafeList) ==========

MOD - [2011/04/16 12:21:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Beat Machine\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2006/06/12 17:27:28 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2006/05/09 16:11:10 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) [Auto | Running] -- C:\Program Files\Vongo\VongoService.exe -- (Vongo Service)
SRV - [2005/10/06 22:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005/06/15 14:00:40 | 000,049,152 | ---- | M] (M-Audio) [Auto | Running] -- C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe -- (MobilePreInstallerService)


========== Driver Services (SafeList) ==========

DRV - [2011/03/30 17:17:22 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:54:00 | 000,296,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/19 04:32:56 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\21188622.sys -- (21188622)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\2118862.sys -- (setup_9.0.0.722_03.05.2011_19-34drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\21188621.sys -- (21188621)
DRV - [2009/08/04 14:09:42 | 000,018,560 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ymidusb.sys -- (YMIDUSB)
DRV - [2006/06/19 15:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/02 03:02:36 | 000,572,928 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/04/28 20:12:00 | 000,429,184 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/04/19 13:03:20 | 000,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/04/19 13:02:40 | 000,208,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/04/19 13:02:36 | 000,727,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/03/06 02:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/03/03 03:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 03:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/27 03:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/11/16 07:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/09 17:00:12 | 000,032,000 | ---- | M] (M-Audio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MA763004.sys -- (ma763004)
DRV - [2005/11/01 05:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/11/01 04:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/09/19 18:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 18:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 18:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/08/04 09:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/04/26 21:01:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2011/03/11 14:54:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2011/03/11 14:54:58 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/03/16 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (M-Audio, an Avid Technology, Inc. company)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\Beat Machine\Start Menu\Programs\StartUp\setup_9.0.0.722_03.05.2011_19-34.lnk = C:\Documents and Settings\Beat Machine\Desktop\Virus Removal Tool\setup_9.0.0.722_03.05.2011_19-34\startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Beat Machine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Beat Machine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 23:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 15:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/03 13:02:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/05/03 13:02:43 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\2118862.sys
[2011/05/03 13:02:43 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\21188621.sys
[2011/05/03 13:02:43 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\21188622.sys
[2011/05/03 13:02:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Beat Machine\Desktop\Virus Removal Tool
[2011/05/03 12:59:33 | 112,318,480 | ---- | C] ( ) -- C:\Documents and Settings\Beat Machine\Desktop\setup_9.0.0.722_03.05.2011_19-34.exe
[2011/04/24 16:33:46 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2011/04/24 16:33:46 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2011/04/24 16:33:45 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2011/04/19 12:06:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/04/18 12:23:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/04/15 21:42:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Beat Machine\Application Data\Malwarebytes
[2011/04/15 21:41:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/15 21:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/15 21:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/15 21:41:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/15 21:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/08 11:48:43 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2011/04/08 11:46:39 | 002,539,018 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\MADIOUSB.dll
[2011/04/08 11:46:39 | 000,014,336 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\drivers\madfu804.sys
[2011/04/08 11:46:38 | 000,167,936 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\mobpre.cpl
[2011/04/08 11:46:37 | 000,091,136 | ---- | C] (M-Audio, an Avid Technology, Inc. company) -- C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
[2011/04/08 11:46:37 | 000,049,152 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\MPInstFix.dll
[2011/04/08 11:46:37 | 000,032,000 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\drivers\MA763004.sys
[2011/04/08 11:46:35 | 000,163,840 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\mausbasi.dll
[2011/04/08 11:46:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\M-Audio
[2011/04/08 11:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\M-Audio MobilePre
[2011/04/08 11:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\M-Audio
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/03 18:32:01 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1453074721-2307454591-1502823079-1005UA.job
[2011/05/03 18:32:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1453074721-2307454591-1502823079-1005Core.job
[2011/05/03 13:03:55 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\Beat Machine\Start Menu\Programs\StartUp\setup_9.0.0.722_03.05.2011_19-34.lnk
[2011/05/03 13:01:58 | 112,318,480 | ---- | M] ( ) -- C:\Documents and Settings\Beat Machine\Desktop\setup_9.0.0.722_03.05.2011_19-34.exe
[2011/05/03 12:48:15 | 000,394,542 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/03 12:48:15 | 000,056,968 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/03 12:43:56 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/03 12:43:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/03 12:43:44 | 2917,773,312 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/03 12:34:25 | 114,072,665 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/03 12:32:36 | 000,932,400 | ---- | M] () -- C:\Documents and Settings\Beat Machine\Desktop\Norton_Removal_Tool.exe
[2011/05/02 20:33:49 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\Beat Machine\Desktop\Google Chrome.lnk
[2011/05/02 20:33:49 | 000,002,315 | ---- | M] () -- C:\Documents and Settings\Beat Machine\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/02 17:02:39 | 000,607,486 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\Gangst Mosh.mp3
[2011/05/02 16:44:33 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Beat Machine\Desktop\RKUnhookerLE.EXE
[2011/05/02 16:10:18 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Beat Machine\Desktop\MBR.dat
[2011/04/29 20:07:52 | 000,697,016 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\AJ ill will.mp3
[2011/04/29 12:17:10 | 000,185,870 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\3rd Day.mp3
[2011/04/27 19:57:31 | 003,764,645 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\Best Yet.mp3
[2011/04/27 12:11:36 | 004,051,989 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\pad.mp3
[2011/04/26 21:01:59 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/04/19 19:24:47 | 000,374,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/19 19:06:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/13 12:02:53 | 003,890,032 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\nickiminaj.mp3
[2011/04/13 11:59:37 | 003,063,005 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\sunny afternoon.mp3
[2011/04/07 23:12:06 | 001,094,407 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\crunk.mp3
[2011/04/07 20:56:30 | 004,151,779 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\Saw (original).mp3
[2011/04/07 20:56:13 | 004,127,752 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\funkyfresh.mp3
[2011/04/06 14:15:01 | 003,358,181 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\taylor swift.mp3
[2011/04/06 14:14:47 | 004,708,188 | ---- | M] () -- C:\Documents and Settings\Beat Machine\My Documents\djdirty.mp3
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/03 13:03:55 | 000,002,267 | ---- | C] () -- C:\Documents and Settings\Beat Machine\Start Menu\Programs\StartUp\setup_9.0.0.722_03.05.2011_19-34.lnk
[2011/05/03 12:32:34 | 000,932,400 | ---- | C] () -- C:\Documents and Settings\Beat Machine\Desktop\Norton_Removal_Tool.exe
[2011/05/02 16:44:32 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Beat Machine\Desktop\RKUnhookerLE.EXE
[2011/05/02 16:10:18 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Beat Machine\Desktop\MBR.dat
[2011/05/01 15:51:18 | 000,607,486 | ---- | C] () -- C:\Documents and Settings\Beat Machine\My Documents\Gangst Mosh.mp3
[2011/04/29 20:07:21 | 000,697,016 | ---- | C] () -- C:\Documents and Settings\Beat Machine\My Documents\AJ ill will.mp3
[2011/04/28 18:26:31 | 000,185,870 | ---- | C] () -- C:\Documents and Settings\Beat Machine\My Documents\3rd Day.mp3
[2011/04/27 14:11:21 | 003,764,645 | ---- | C] () -- C:\Documents and Settings\Beat Machine\My Documents\Best Yet.mp3
[2011/04/26 20:52:12 | 004,051,989 | ---- | C] () -- C:\Documents and Settings\Beat Machine\My Documents\pad.mp3
[2011/04/12 18:46:49 | 003,063,005 | ---- | C] () -- C:\Documents and Settings\Beat Machine\My Documents\sunny afternoon.mp3
[2011/04/09 23:16:30 | 003,890,032 | ---- | C] () -- C:\Documents and Settings\Beat Machine\My Documents\nickiminaj.mp3
[2011/04/07 20:50:11 | 004,127,752 | ---- | C] () -- C:\Documents and Settings\Beat Machine\My Documents\funkyfresh.mp3
[2011/04/06 20:48:19 | 001,094,407 | ---- | C] () -- C:\Documents and Settings\Beat Machine\My Documents\crunk.mp3
[2011/04/06 13:41:25 | 004,151,779 | ---- | C] () -- C:\Documents and Settings\Beat Machine\My Documents\Saw (original).mp3
[2011/03/11 14:56:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Beat Machine\Application Data\wklnhst.dat
[2011/03/11 04:49:57 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Beat Machine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/10 01:40:07 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Beat Machine\Local Settings\Application Data\fusioncache.dat
[2007/01/19 16:23:47 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/01/19 16:19:40 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2007/01/19 16:19:40 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2007/01/19 16:06:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/19 15:55:31 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/29 22:18:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/29 22:18:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 21:49:18 | 000,087,268 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/06/29 21:46:56 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 21:43:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/29 21:27:08 | 000,394,542 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/29 21:27:08 | 000,056,968 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/29 21:18:06 | 000,374,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/29 21:13:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/29 21:08:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/29 08:00:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/29 08:00:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/06/29 08:00:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/29 08:00:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/06/29 08:00:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/29 08:00:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/29 08:00:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/06/29 08:00:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/06/29 08:00:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/16 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/16 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/16 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/16 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/16 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/16 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/16 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/16 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/03/04 10:07:34 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/02 21:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/06 05:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2002/05/29 00:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/29 00:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2011/05/01 17:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/03/11 14:35:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/04 23:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2011/04/14 19:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/12 15:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/11 14:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/03/12 14:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Beat Machine\Application Data\AVG
[2011/03/11 14:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Beat Machine\Application Data\AVG10
[2011/03/12 17:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Beat Machine\Application Data\SynthMaker

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006/03/16 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/03/16 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/03/16 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/03/16 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Beat Machine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Beat Machine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Beat Machine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Beat Machine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Beat Machine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\Internet Explorer\iexplore.exe" [2008/04/13 20:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.exe" HIDE [2005/11/28 21:05:03 | 000,038,923 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.exe" REGISTER [2005/11/28 21:05:03 | 000,038,923 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.EXE" SHOW [2005/11/28 21:05:03 | 000,038,923 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\shell\open\command\\:
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\shell\properties\command\\: -chrome "chrome://browser/content/pref/pref.xul"

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Beat Machine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Beat Machine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Beat Machine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Beat Machine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Beat Machine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\Internet Explorer\iexplore.exe" [2008/04/13 20:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.exe" HIDE [2005/11/28 21:05:03 | 000,038,923 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.exe" REGISTER [2005/11/28 21:05:03 | 000,038,923 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.EXE" SHOW [2005/11/28 21:05:03 | 000,038,923 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\shell\open\command\\:
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\shell\properties\command\\: -chrome "chrome://browser/content/pref/pref.xul"

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >
  • 0

#15
Render
Posted 03 May 2011 - 05:46 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

I dont understand what you are saying?^


:) I'm sorry. English is not my native language. I meant to ask you how is your computer running now. Are you experiencing any problems with your computer?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP