Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malwarebytes and Avast cannot find it

Started by moe jr , May 02 2011 10:10 PM

  • This topic is locked This topic is locked

#16
moe jr
Posted 07 May 2011 - 08:08 PM

moe jr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
I've attached the analysis scan.
  • 0

Advertisements

#17
Render
Posted 08 May 2011 - 05:02 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Let's try with this now:

Posted Image Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

Notes:
  • Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • ComboFix may reset a number of Internet Explorer's settings, including making Internet Explorer the default browser.
  • Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
  • CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
  • If you are using personal certificates I recommend you to export them before running ComboFix and save them to external media.
Please carefully follow all steps below:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes. ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.
  • 0

#18
moe jr
Posted 08 May 2011 - 08:13 AM

moe jr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
I'm having problems with their suggestion to disable Avast. They say I can disable it for 1 minute or 1 hour but I clicked on shields and I don't see anything like that.
  • 0

#19
Render
Posted 08 May 2011 - 08:53 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
  • Please right click in the notification area of the computer toolbar.
  • You can locate the notification area on the right side of the toolbar.
  • When you right click on the Avast antivirus; you will get Avast shield control entry.
  • Now you can see the expandable menu that offers additional options.
  • Now in that window just click disable permanently to completely turn off the antivirus.

  • 0

#20
moe jr
Posted 08 May 2011 - 09:13 AM

moe jr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
I can't find a notification area on my toolbar and the only way I can get to the shield settings on Avast is to left click and open the program and go to 'shields' and I still don't see an option for disabling.
  • 0

#21
moe jr
Posted 08 May 2011 - 09:15 AM

moe jr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
By the way, I still get this window popping up when I first startup that says:

'The specific module could not be found'
  • 0

#22
Render
Posted 08 May 2011 - 09:30 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

By the way, I still get this window popping up when I first startup that says:

'The specific module could not be found'

Yes. I know that.:)

Please follow these steps:

Step 1

  • Go here and download avast! Free Antivirus 6 on your desktop.
  • Please do not install it yet.
Step 2

  • Download aswclear.exe on your desktop
  • Start Windows in Safe Mode

    How to start Windows XP in Safe mode

    When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
    Select the option for Safe Mode using the arrow keys.
    Then press enter on your keyboard to boot into Safe Mode.

  • Open (execute) the uninstall utility (aswclear.exe)
  • If you installed avast! in a different folder than the default, browse for it. (Note: Be careful! The content of any folder you choose will be deleted!)
  • Click REMOVE
  • Restart your computer

Step 3

Please proceed with Combofix as instructed in my previous post here.
  • 0

#23
moe jr
Posted 08 May 2011 - 09:39 AM

moe jr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
I'm sorry but I'm very confused. You say download AVast but don't install it. Aren't they one and the same?
  • 0

#24
Render
Posted 08 May 2011 - 09:47 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Yes. We will uninstall your Avast 5 to be able to run Combofix. So in that period of time you will be without real-time AV protection. Prior that we want to download Avast 6 and have it ready for install after the step 3.
It's safer to go on-line and download it now when you have real-time AV protection than later without it. OK?
  • 0

#25
moe jr
Posted 08 May 2011 - 11:05 AM

moe jr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
OK, I think I got it. Heres' the log and I restarted my computer and the window about the missing code did not show up! It does seem to run faster but do I think I still need to instal AVast?

ComboFix 11-05-07.03 - catman3152 05/08/2011 8:16.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1278.935 [GMT -8:00]
Running from: c:\documents and settings\catman3152\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\catman3152\WINDOWS
c:\temp\sanR24
c:\temp\sanR24\lDii.log
c:\windows\bulib.dll
c:\windows\debyla._sy
c:\windows\ezobahu.exe
c:\windows\heco._sy
c:\windows\ihicy.exe
c:\windows\lyky.scr
c:\windows\ojadihab.scr
c:\windows\rijad._sy
c:\windows\system32\2243651138.dat
c:\windows\ybumara._sy
c:\windows\ziweg.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-08 to 2011-05-08 )))))))))))))))))))))))))))))))
.
.
2011-05-07 21:32 . 2009-10-22 21:54 37392 ----a-w- c:\windows\system32\drivers\86061092.sys
2011-05-07 21:32 . 2009-09-26 01:59 128016 ----a-w- c:\windows\system32\drivers\86061091.sys
2011-05-07 21:32 . 2009-10-10 07:31 315408 ----a-w- c:\windows\system32\drivers\8606109.sys
2011-05-07 16:32 . 2011-05-07 16:32 -------- d-----w- C:\_OTL
2011-05-06 02:43 . 2011-05-06 02:43 1409 ----a-w- c:\windows\QTFont.for
2011-05-04 19:15 . 2001-08-18 06:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-05-04 19:15 . 2004-08-04 07:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-05-03 16:52 . 2011-05-03 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\QFX Software
2011-05-03 15:21 . 2011-04-24 22:14 225856 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2011-05-03 15:21 . 2011-05-03 15:21 -------- d-----w- c:\program files\KeyScrambler
2011-04-18 21:56 . 2011-04-18 21:56 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-23 15:04 . 2010-07-12 16:16 40648 ----a-w- c:\windows\avastSS.scr
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" [2004-08-06 2502656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2004-04-20 131072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-06-25 294998]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-04-20 53248]
"USPTO Direct Recovery"="c:\program files\USPTO\etdirrcv.exe" [2006-01-25 651264]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-18 282624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1037:TCP"= 1037:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 86061092;86061092 Boot Guard Driver;c:\windows\SYSTEM32\DRIVERS\86061092.sys [5/7/2011 1:32 PM 37392]
R1 86061091;86061091;c:\windows\SYSTEM32\DRIVERS\86061091.sys [5/7/2011 1:32 PM 128016]
R1 setup_9.0.0.722_07.05.2011_23-37drv;setup_9.0.0.722_07.05.2011_23-37drv;c:\windows\SYSTEM32\DRIVERS\8606109.sys [5/7/2011 1:32 PM 315408]
R3 KeyScrambler;KeyScrambler;c:\windows\SYSTEM32\DRIVERS\keyscrambler.sys [5/3/2011 7:21 AM 225856]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 Revoflt;Revoflt;c:\windows\SYSTEM32\DRIVERS\revoflt.sys [3/1/2010 2:11 PM 27064]
S3 utezotu4;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\utezotu4.sys --> c:\windows\system32\Drivers\utezotu4.sys [?]
S3 VQ21FIL;ViewQuest USB Filter Driver (FILTER);c:\windows\SYSTEM32\DRIVERS\VQ2101XP.SYS [2/4/2004 9:38 AM 5593]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-07 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\SYSTEM32\cleanmgr.exe [2002-08-29 07:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycdict.htm
TCP: {79898F25-7187-46B0-9CFB-D8D0F0E4064C} = 151.164.1.8,206.13.28.12
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {13EC470D-6583-42A3-B07D-648F70BC5CA0} - hxxp://extranet.protomold.net/ProtoView/current/setup.exe
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
HKCU-Run-Sonic RecordNow! - (no file)
HKLM-Run-Yvimemamerihes - c:\windows\ijamerihesogol.dll
SafeBoot-MCODS
AddRemove-SBC Yahoo! UMUninstaller - c:\program files\SBC Yahoo!\umuninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-08 08:26
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???x???x???????????????????x???????????x???x???????????x???????????x???x??????????????????????????????????????????w????????????j??w????x???x??????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-05-08 08:33:07
ComboFix-quarantined-files.txt 2011-05-08 16:33
.
Pre-Run: 16,128,991,232 bytes free
Post-Run: 16,682,225,664 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - D63AC7013FF8B3C7F0CFABBAAD7A2385
  • 0

Advertisements

#26
Render
Posted 08 May 2011 - 11:55 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
That's good.

I can not compel you to use AV but I strongly recommend to use it.

Now it's time to install Avast back. So double-click on previously downloaded Avast 6 installer and install it. Restart computer after installation.

NEXT...

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Check the boxes beside LOP Check and Purity Check.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

  • 0

#27
moe jr
Posted 08 May 2011 - 03:32 PM

moe jr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
Render, sorry about the delay. I was called away. But I did download an upgraded version of Avast to get complete protection and here's the last log:

OTL logfile created on: 5/8/2011 12:39:59 PM - Run 7
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\catman3152\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 15.13 Gb Free Space | 40.64% Space Free | Partition Type: NTFS

Computer Name: NUMEROUNO | User Name: catman3152 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/02 20:32:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\catman3152\Desktop\OTL.exe
PRC - [2011/04/18 09:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/04/18 09:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/04/18 09:25:09 | 000,121,000 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/04/20 12:24:50 | 000,131,072 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
PRC - [2003/08/13 08:27:40 | 000,028,672 | ---- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe


========== Modules (SafeList) ==========

MOD - [2011/05/02 20:32:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\catman3152\Desktop\OTL.exe
MOD - [2011/04/18 09:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2006/08/25 07:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/04/18 09:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/18 09:25:09 | 000,121,000 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)


========== Driver Services (SafeList) ==========

DRV - [2011/04/24 14:14:38 | 000,225,856 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\keyscrambler.sys -- (KeyScrambler)
DRV - [2011/04/18 09:18:45 | 000,102,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2011/04/18 09:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 09:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 09:17:20 | 000,192,984 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2011/04/18 09:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 09:16:06 | 000,102,488 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/04/18 09:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 09:13:02 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/04/18 09:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/04/18 08:49:53 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\revoflt.sys -- (Revoflt)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\86061092.sys -- (86061092)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\8606109.sys -- (setup_9.0.0.722_07.05.2011_23-37drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\86061091.sys -- (86061091)
DRV - [2006/06/11 17:06:28 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DGIVECP.SYS -- (DgiVecp)
DRV - [2004/08/03 21:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 21:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 21:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 21:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 21:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 21:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 21:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 21:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 21:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 21:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/07/04 18:37:15 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2003/08/29 03:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/05/23 10:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/11/08 11:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/07/26 19:09:20 | 000,005,593 | ---- | M] (VIEWQUEST THCHNOLOGIES LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\VQ2101XP.SYS -- (VQ21FIL) ViewQuest USB Filter Driver (FILTER)
DRV - [2001/08/17 10:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/05/08 08:26:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [USPTO Direct Recovery] C:\Program Files\USPTO\etdirrcv.exe (Entrust®)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\catman3152\Start Menu\Programs\Startup\setup_9.0.0.722_07.05.2011_23-37.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2010/03/01 13:35:50 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2010/03/01 13:35:50 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2010/03/01 13:35:50 | 000,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {13EC470D-6583-42A3-B07D-648F70BC5CA0} http://extranet.prot...rrent/setup.exe (ProtoView Class)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://download.micr...b?1083551604734 (MSSecurityAdvisor Class)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.micr.../WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by15fd.bay15....ex/HMAtchmt.ocx (Hotmail Attachments Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 06:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Documents and Settings\catman3152\My Documents\Fwd_ Fw_ Fwd_ free blockbuster movies...
[2011/05/08 09:57:51 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2011/05/08 09:57:19 | 000,192,984 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2011/05/08 09:56:57 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2011/05/08 09:55:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Internet Security
[2011/05/08 09:54:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/08 09:11:44 | 000,307,288 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/08 09:11:44 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/05/08 09:11:37 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/08 09:11:36 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/08 09:11:35 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/08 09:11:34 | 000,102,488 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/08 09:11:34 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/08 09:11:33 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/08 09:10:57 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/08 09:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/08 09:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/08 08:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/08 08:13:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/08 08:07:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/08 08:07:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/08 08:07:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/08 08:07:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/08 08:05:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/08 07:53:43 | 000,306,736 | ---- | C] (AVAST Software) -- C:\Documents and Settings\catman3152\Desktop\aswclear.exe
[2011/05/07 13:32:51 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\86061091.sys
[2011/05/07 13:32:51 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\86061092.sys
[2011/05/07 13:32:50 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\8606109.sys
[2011/05/07 08:32:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/04 11:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\catman3152\Local Settings\Application Data\PhotoChannel
[2011/05/04 11:15:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2011/05/04 11:15:28 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2011/05/03 08:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\catman3152\Application Data\QFX Software
[2011/05/03 08:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QFX Software
[2011/05/03 07:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KeyScrambler
[2011/05/03 07:21:50 | 000,225,856 | ---- | C] (QFX Software Corporation) -- C:\WINDOWS\System32\drivers\keyscrambler.sys
[2011/05/03 07:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2011/05/02 20:31:56 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\catman3152\Desktop\OTL.exe

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\catman3152\My Documents\Fwd_ Fw_ Fwd_ free blockbuster movies...
[2011/05/08 10:06:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/05/08 10:06:48 | 1340,149,760 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/08 10:05:07 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/08 09:55:12 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2011/05/08 09:47:32 | 095,258,664 | ---- | M] () -- C:\Documents and Settings\catman3152\Desktop\setup_ais.exe
[2011/05/08 08:26:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/05/08 08:14:04 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2011/05/08 08:03:28 | 004,343,565 | R--- | M] () -- C:\Documents and Settings\catman3152\Desktop\ComboFix.exe
[2011/05/08 07:53:45 | 000,306,736 | ---- | M] (AVAST Software) -- C:\Documents and Settings\catman3152\Desktop\aswclear.exe
[2011/05/08 07:53:15 | 056,189,640 | ---- | M] () -- C:\Documents and Settings\catman3152\Desktop\setup_av_free.exe
[2011/05/08 06:55:30 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/05/07 17:58:34 | 000,016,672 | ---- | M] () -- C:\Documents and Settings\catman3152\My Documents\avptool_sysinfo.zip
[2011/05/07 13:36:06 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\catman3152\Start Menu\Programs\Startup\setup_9.0.0.722_07.05.2011_23-37.lnk
[2011/05/07 02:35:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2011/05/05 18:43:45 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/05/02 20:32:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\catman3152\Desktop\OTL.exe
[2011/04/29 18:01:01 | 000,096,059 | ---- | M] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 2 OZ Rnd CRnrs Lt TEST PDF.pdf
[2011/04/25 18:37:09 | 000,096,116 | ---- | M] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 16 OZ Rnd CRnrs L PDF.pdf
[2011/04/25 18:35:27 | 000,486,400 | ---- | M] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 16 OZ Rnd CRnrs Lt Bkgrnd.zdl
[2011/04/24 14:14:38 | 000,225,856 | ---- | M] (QFX Software Corporation) -- C:\WINDOWS\System32\drivers\keyscrambler.sys
[2011/04/22 13:34:40 | 000,038,021 | ---- | M] () -- C:\invoice 3 EAST WEST.rtf
[2011/04/20 10:05:49 | 000,096,059 | ---- | M] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 2 OZ Rnd CRnrs Lt pdf final.pdf
[2011/04/20 09:58:37 | 000,956,928 | ---- | M] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 2 OZ Rnd CRnrs Lt Bkgrnd.zdl
[2011/04/18 13:59:05 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/04/18 09:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/04/18 09:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/04/18 09:18:45 | 000,102,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2011/04/18 09:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/18 09:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/04/18 09:17:20 | 000,192,984 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2011/04/18 09:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/04/18 09:16:06 | 000,102,488 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/04/18 09:16:02 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/04/18 09:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/04/18 09:13:02 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/04/18 09:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/04/18 08:49:53 | 000,012,112 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys

========== Files Created - No Company Name ==========

[2011/05/08 09:55:12 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2011/05/08 09:47:26 | 095,258,664 | ---- | C] () -- C:\Documents and Settings\catman3152\Desktop\setup_ais.exe
[2011/05/08 08:14:04 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/08 08:14:00 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/08 08:07:03 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/08 08:07:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/08 08:07:03 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/08 08:07:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/08 08:07:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/08 08:03:19 | 004,343,565 | R--- | C] () -- C:\Documents and Settings\catman3152\Desktop\ComboFix.exe
[2011/05/08 07:59:48 | 1340,149,760 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/08 07:53:12 | 056,189,640 | ---- | C] () -- C:\Documents and Settings\catman3152\Desktop\setup_av_free.exe
[2011/05/07 18:07:59 | 000,016,672 | ---- | C] () -- C:\Documents and Settings\catman3152\My Documents\avptool_sysinfo.zip
[2011/05/07 13:36:06 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\catman3152\Start Menu\Programs\Startup\setup_9.0.0.722_07.05.2011_23-37.lnk
[2011/05/05 18:43:45 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/05/05 18:43:45 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/04/29 18:00:54 | 000,096,059 | ---- | C] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 2 OZ Rnd CRnrs Lt TEST PDF.pdf
[2011/04/25 18:37:03 | 000,096,116 | ---- | C] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 16 OZ Rnd CRnrs L PDF.pdf
[2011/04/25 18:35:27 | 000,486,400 | ---- | C] () -- C:\Documents and Settings\catman3152\My Documents\Root Beer Oil 16 OZ Rnd CRnrs Lt Bkgrnd.zdl
[2011/04/22 13:34:40 | 000,038,021 | ---- | C] () -- C:\invoice 3 EAST WEST.rtf
[2011/01/31 17:11:12 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/12/25 09:12:30 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2010/12/23 10:19:56 | 000,006,690 | ---- | C] () -- C:\Documents and Settings\catman3152\Application Data\B40A.FB7
[2010/12/16 06:05:30 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\catman3152\Application Data\html.html
[2009/11/03 14:55:06 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/09/22 23:20:13 | 000,018,426 | ---- | C] () -- C:\WINDOWS\System32\uzos.bin
[2009/09/22 23:20:13 | 000,018,144 | ---- | C] () -- C:\WINDOWS\uzofedojyc.com
[2009/09/21 12:11:22 | 000,015,583 | ---- | C] () -- C:\WINDOWS\kovecyciq.com
[2009/09/21 11:38:44 | 000,011,562 | ---- | C] () -- C:\WINDOWS\System32\qivyn.dat
[2009/09/21 11:35:19 | 000,018,386 | ---- | C] () -- C:\WINDOWS\System32\ikyjuzeri.dat
[2009/09/21 11:21:27 | 000,015,054 | ---- | C] () -- C:\WINDOWS\edyzohewu.bin
[2009/09/21 11:21:26 | 000,010,124 | ---- | C] () -- C:\WINDOWS\imebypit.bin
[2009/09/21 08:53:35 | 000,019,609 | ---- | C] () -- C:\WINDOWS\wuwijenybe.dat
[2009/09/21 08:53:35 | 000,019,010 | ---- | C] () -- C:\WINDOWS\System32\etun.exe
[2009/09/21 08:53:35 | 000,018,906 | ---- | C] () -- C:\WINDOWS\erydezul.com
[2009/09/20 22:06:37 | 000,014,215 | ---- | C] () -- C:\WINDOWS\osutiwum.dat
[2009/09/20 22:06:37 | 000,014,093 | ---- | C] () -- C:\WINDOWS\yripahuqik.com
[2009/09/20 21:57:07 | 000,019,089 | ---- | C] () -- C:\WINDOWS\vynozemiwo.dat
[2009/09/20 21:57:07 | 000,016,378 | ---- | C] () -- C:\WINDOWS\kidivi.com
[2009/09/20 21:57:07 | 000,010,569 | ---- | C] () -- C:\WINDOWS\System32\qovu.dat
[2009/09/20 21:38:42 | 000,014,752 | ---- | C] () -- C:\WINDOWS\System32\hivedexyco.exe
[2009/09/20 21:38:42 | 000,013,051 | ---- | C] () -- C:\WINDOWS\sypopakej.bin
[2009/09/20 18:41:45 | 000,017,165 | ---- | C] () -- C:\WINDOWS\giqinufole.dat
[2009/09/20 18:41:45 | 000,015,846 | ---- | C] () -- C:\WINDOWS\uledow.bin
[2009/09/20 18:41:45 | 000,013,700 | ---- | C] () -- C:\WINDOWS\System32\agyhape.com
[2009/09/20 18:41:45 | 000,013,224 | ---- | C] () -- C:\WINDOWS\System32\civusoqeka.dat
[2009/09/20 18:41:44 | 000,019,270 | ---- | C] () -- C:\WINDOWS\System32\agikygyr.exe
[2009/09/19 13:48:08 | 000,019,659 | ---- | C] () -- C:\WINDOWS\tycecyzax.dat
[2009/09/19 13:48:07 | 000,011,769 | ---- | C] () -- C:\WINDOWS\fimaxewa.com
[2009/06/30 14:42:35 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\tiff2pdf.dll
[2009/04/29 11:58:34 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2008/02/29 10:07:53 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/01/26 10:51:51 | 000,001,387 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/04 11:04:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\uninstpw.exe
[2006/01/04 10:19:16 | 004,464,640 | ---- | C] () -- C:\WINDOWS\System32\ImageMagickObject.dll
[2004/12/08 12:22:33 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/10/02 08:09:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/22 08:11:00 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\catman3152\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/05/02 18:32:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24581_up.exe
[2004/04/29 06:37:36 | 000,000,136 | -H-- | C] () -- C:\WINDOWS\pcconfig.dat
[2004/02/25 20:50:28 | 000,028,775 | ---- | C] () -- C:\WINDOWS\javaw.exe
[2004/02/25 20:50:28 | 000,024,677 | ---- | C] () -- C:\WINDOWS\java.exe
[2004/02/24 17:28:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/02/23 22:16:59 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\catman3152\Local Settings\Application Data\fusioncache.dat
[2004/02/23 22:05:12 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/02/20 20:57:50 | 000,000,029 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2004/02/20 20:57:19 | 000,000,014 | ---- | C] () -- C:\WINDOWS\exchng32.ini
[2004/02/20 20:57:19 | 000,000,012 | ---- | C] () -- C:\WINDOWS\datalink.ini
[2004/02/20 20:56:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WINHELP.INI
[2004/02/04 09:38:00 | 000,000,027 | ---- | C] () -- C:\WINDOWS\V2101LOC.INI
[2004/02/04 08:56:20 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\Fpl.dll
[2004/02/04 08:56:19 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2004/02/04 08:56:19 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2004/02/04 08:56:19 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2004/02/03 20:41:46 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\catman3152\Application Data\PFP110JPR.{PB
[2004/02/03 20:41:46 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\catman3152\Application Data\PFP110JCM.{PB
[2004/02/03 19:36:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/01/31 08:52:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/01/29 18:04:08 | 000,000,695 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2004/01/29 16:09:03 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2004/01/29 09:25:36 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2004/01/21 18:33:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/21 18:27:52 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/01/21 18:22:11 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/01/21 18:20:40 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/01/21 18:07:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/01/21 18:05:33 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/21 18:05:28 | 000,813,782 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/01/21 18:05:28 | 000,158,464 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/01/21 18:05:12 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/21 17:51:44 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/08/19 11:41:32 | 000,377,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/08/19 11:40:04 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2003/08/19 11:38:56 | 000,000,889 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/08/13 20:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/14 11:30:28 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2003/07/14 11:30:27 | 000,034,816 | ---- | C] () -- C:\WINDOWS\patch.exe
[2002/11/13 11:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbavs.dll
[2002/10/08 12:24:44 | 000,000,177 | ---- | C] () -- C:\WINDOWS\System32\dlbacoin.ini
[2002/09/03 06:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 06:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 06:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 06:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 03:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\TRAFFIC.DLL
[2002/08/29 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 03:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[1999/01/22 17:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996/03/20 00:00:00 | 000,151,040 | ---- | C] () -- C:\WINDOWS\System32\IR32.DLL
[1996/03/20 00:00:00 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\TTEMB32.DLL
[1996/03/20 00:00:00 | 000,077,664 | ---- | C] () -- C:\WINDOWS\System32\IR21_R.DLL
[1996/03/20 00:00:00 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OPENENU.DLL
[1996/03/20 00:00:00 | 000,002,041 | ---- | C] () -- C:\WINDOWS\MSFNTMAP.INI
[1996/03/20 00:00:00 | 000,000,280 | ---- | C] () -- C:\WINDOWS\TTEMBED.INI

========== LOP Check ==========

[2010/02/15 21:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/05/08 09:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/03/24 20:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2004/01/29 18:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/03/21 07:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/02/26 10:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2011/03/06 12:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dKiFoJf06510
[2006/02/02 11:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McNeel
[2010/12/25 09:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pCiFh08200
[2011/03/18 07:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/05/03 08:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QFX Software
[2010/02/22 17:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/12/15 20:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2007/06/19 10:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catman3152\Application Data\ICAClient
[2004/01/31 08:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catman3152\Application Data\Leadertech
[2011/01/31 17:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catman3152\Application Data\pdfforge
[2011/05/03 08:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catman3152\Application Data\QFX Software
[2011/01/31 17:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catman3152\Application Data\Search Settings
[2011/05/07 02:35:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2006/01/04 10:17:03 | 005,743,477 | ---- | M] (USPTO) -- C:\ABX121.exe
[2006/01/13 12:23:26 | 008,054,797 | ---- | M] () -- C:\DesignWorkshop_Lite-Win.exe
[2006/01/17 19:12:33 | 006,054,832 | ---- | M] (SolidWorks Corporation ) -- C:\eDrawingsEnglish.exe


< MD5 for: EXPLORER.EXE >
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[2007/06/13 03:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\explorer.exe
[2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\SYSTEM32\DLLCACHE\explorer.exe
[2004/08/03 23:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2004/08/03 23:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: SVCHOST.EXE >
[2002/08/29 03:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\I386\SVCHOST.EXE
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[2004/08/03 23:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2004/08/03 23:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2004/08/03 23:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\SYSTEM32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/03 23:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2004/08/03 23:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004/08/03 23:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\SYSTEM32\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[2002/08/29 03:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\I386\USERINIT.EXE

< MD5 for: WINLOGON.EXE >
[2004/08/03 23:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2004/08/03 23:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004/08/03 23:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\SYSTEM32\winlogon.exe
[2002/08/29 03:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\I386\WINLOGON.EXE
[2002/08/29 03:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\$NtUninstallKB840987$\winlogon.exe
[2004/05/26 17:38:46 | 000,483,328 | ---- | M] (Microsoft Corporation) MD5=E7F9D2E4E4A94A6F58014E5FFA16A65E -- C:\WINDOWS\SoftwareDistribution\Download\cf113cf67754a276d1983478748b20da\sp1qfe\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/05/05 05:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/05/05 05:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/05/05 05:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/05/05 05:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/05/05 05:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/05/05 05:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >
  • 0

#28
Render
Posted 08 May 2011 - 04:39 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
No problem for the delay.:)

Please open Windows Explorer and go into My Documents map.
Do you see there that file: Fwd_ Fw_ Fwd_ free blockbuster movies...?

And please tell me how is your computer running now? Any problems?
  • 0

#29
moe jr
Posted 08 May 2011 - 05:27 PM

moe jr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
Yes, I see the file. I've been trying to delete it for years and it won't let me. Right now my computer's running fairly well.
  • 0

#30
Render
Posted 08 May 2011 - 05:32 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Let's try to remove that file.

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    :OTL
    [2009/09/22 23:20:13 | 000,018,426 | ---- | C] () -- C:\WINDOWS\System32\uzos.bin
    [2009/09/22 23:20:13 | 000,018,144 | ---- | C] () -- C:\WINDOWS\uzofedojyc.com
    [2009/09/21 12:11:22 | 000,015,583 | ---- | C] () -- C:\WINDOWS\kovecyciq.com
    [2009/09/21 11:38:44 | 000,011,562 | ---- | C] () -- C:\WINDOWS\System32\qivyn.dat
    [2009/09/21 11:35:19 | 000,018,386 | ---- | C] () -- C:\WINDOWS\System32\ikyjuzeri.dat
    [2009/09/21 11:21:27 | 000,015,054 | ---- | C] () -- C:\WINDOWS\edyzohewu.bin
    [2009/09/21 11:21:26 | 000,010,124 | ---- | C] () -- C:\WINDOWS\imebypit.bin
    [2009/09/21 08:53:35 | 000,019,609 | ---- | C] () -- C:\WINDOWS\wuwijenybe.dat
    [2009/09/21 08:53:35 | 000,019,010 | ---- | C] () -- C:\WINDOWS\System32\etun.exe
    [2009/09/21 08:53:35 | 000,018,906 | ---- | C] () -- C:\WINDOWS\erydezul.com
    [2009/09/20 22:06:37 | 000,014,215 | ---- | C] () -- C:\WINDOWS\osutiwum.dat
    [2009/09/20 22:06:37 | 000,014,093 | ---- | C] () -- C:\WINDOWS\yripahuqik.com
    [2009/09/20 21:57:07 | 000,019,089 | ---- | C] () -- C:\WINDOWS\vynozemiwo.dat
    [2009/09/20 21:57:07 | 000,016,378 | ---- | C] () -- C:\WINDOWS\kidivi.com
    [2009/09/20 21:57:07 | 000,010,569 | ---- | C] () -- C:\WINDOWS\System32\qovu.dat
    [2009/09/20 21:38:42 | 000,014,752 | ---- | C] () -- C:\WINDOWS\System32\hivedexyco.exe
    [2009/09/20 21:38:42 | 000,013,051 | ---- | C] () -- C:\WINDOWS\sypopakej.bin
    [2009/09/20 18:41:45 | 000,017,165 | ---- | C] () -- C:\WINDOWS\giqinufole.dat
    [2009/09/20 18:41:45 | 000,015,846 | ---- | C] () -- C:\WINDOWS\uledow.bin
    [2009/09/20 18:41:45 | 000,013,700 | ---- | C] () -- C:\WINDOWS\System32\agyhape.com
    [2009/09/20 18:41:45 | 000,013,224 | ---- | C] () -- C:\WINDOWS\System32\civusoqeka.dat
    [2009/09/20 18:41:44 | 000,019,270 | ---- | C] () -- C:\WINDOWS\System32\agikygyr.exe
    [2009/09/19 13:48:08 | 000,019,659 | ---- | C] () -- C:\WINDOWS\tycecyzax.dat
    [2009/09/19 13:48:07 | 000,011,769 | ---- | C] () -- C:\WINDOWS\fimaxewa.com
    File not found -- C:\Documents and Settings\catman3152\My Documents\Fwd_ Fw_ Fwd_ free blockbuster movies...

    :Files
    C:\Documents and Settings\catman3152\My Documents\Fwd_ Fw_ Fwd_ free*.*

    ipconfig /flushdns /c

    :Reg

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP