Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

hijacked browser

Started by sonicpulse , Jun 22 2011 11:06 PM

  • Please log in to reply

#1
sonicpulse
Posted 22 June 2011 - 11:06 PM

sonicpulse

    Member

  • Member
  • PipPip
  • 14 posts
hi there i seemed to have picked up something nasty which has hijacked my browser(both firefox and chrome)
when i click on a google link it keeps redirecting me to other random websites..
i have done a scan with avg free and malwarebytes and they arent picking anything up..
super anti spyware is picking up an adware tracking cookie but seems to be unable to get rid of it because its there again when i do another scan..
its not doing it all the time,but most of the time,enough to be very annoying
any help would be much appreciated thanks...

heres the(updated) OTL log...


OTL logfile created on: 27/06/2011 3:48:41 PM - Run 3
OTL by OldTimer - Version 3.2.24.1 Folder = E:\Documents and Settings\Troy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1023.48 Mb Total Physical Memory | 471.79 Mb Available Physical Memory | 46.10% Memory free
2.90 Gb Paging File | 2.23 Gb Available in Paging File | 76.68% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 111.79 Gb Total Space | 102.55 Gb Free Space | 91.74% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 104.01 Gb Total Space | 13.48 Gb Free Space | 12.96% Space Free | Partition Type: NTFS
Drive F: | 361.75 Gb Total Space | 32.77 Gb Free Space | 9.06% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 4.40 Gb Free Space | 0.47% Space Free | Partition Type: NTFS

Computer Name: TROY | User Name: Troy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/27 15:48:13 | 000,579,072 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Troy\Desktop\OTL.exe
PRC - [2011/06/24 20:06:10 | 000,924,632 | ---- | M] (Mozilla Corporation) -- E:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/01 14:10:00 | 000,821,080 | ---- | M] (IObit) -- E:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/06/01 14:09:58 | 004,385,112 | ---- | M] (IObit) -- E:\Program Files\IObit\IObit Malware Fighter\IMF.exe
PRC - [2011/05/30 16:50:20 | 003,378,688 | ---- | M] (IObit) -- E:\Program Files\IObit\Advanced SystemCare 4\ASC.exe
PRC - [2011/05/28 14:46:56 | 000,803,728 | ---- | M] (IObit) -- E:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/05/28 14:46:56 | 000,412,560 | ---- | M] (IObit) -- E:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- E:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/27 15:48:13 | 000,579,072 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Troy\Desktop\OTL.exe
MOD - [2010/08/24 02:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/06/01 14:10:00 | 000,821,080 | ---- | M] (IObit) [Auto | Running] -- E:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- E:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)


========== Driver Services (SafeList) ==========

DRV - [2011/04/27 19:18:34 | 000,239,472 | ---- | M] () [File_System | On_Demand | Running] -- E:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011/03/23 01:00:08 | 000,016,080 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- E:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011/03/23 01:00:06 | 000,030,368 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- E:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2011/02/23 17:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- E:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/05/18 15:54:57 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- E:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- E:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/06/17 22:24:15 | 000,092,544 | ---- | M] (Midiman/M-Audio) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\deltafw.sys -- (DELTAFW)
DRV - [2009/06/17 22:24:15 | 000,013,312 | ---- | M] (Midiman/M-Audio) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\mafwboot.sys -- (MAFWBOOT) Bootloader Service for M-Audio FW Driver (WDM)
DRV - [2008/12/22 11:06:02 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- E:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/12/22 11:06:00 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/12/22 11:05:58 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/08/01 18:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 18:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/05/06 16:01:50 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- E:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/01/24 16:36:16 | 004,127,488 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2005/10/28 06:46:14 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2005/10/27 20:46:44 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2005/09/30 03:01:51 | 000,066,048 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- E:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005/08/10 22:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- E:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/05/16 23:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- E:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yoower.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.jzip.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:3.2.5.2
FF - prefs.js..keyword.URL: "http://search.yahoo....type=642886&p="

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2011/06/24 20:06:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2011/02/12 17:38:12 | 000,000,000 | ---D | M]

[2009/06/09 06:35:38 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Troy\Application Data\Mozilla\Extensions
[2011/06/24 21:20:43 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\extensions
[2009/09/02 09:22:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- E:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/09 19:26:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- E:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/06/24 21:20:40 | 000,000,000 | ---D | M] (Softonic-Eng7 Community Toolbar) -- E:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2011/06/24 21:20:41 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- E:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2011/06/24 21:20:43 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- E:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/06/15 16:49:48 | 000,000,000 | ---D | M] (Conduit Engine) -- E:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\extensions\[email protected]
[2011/05/25 16:15:26 | 000,000,923 | ---- | M] () -- E:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\searchplugins\conduit.xml
[2009/06/23 19:26:18 | 000,001,632 | ---- | M] () -- E:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\searchplugins\live-search.xml
[2009/07/11 10:56:50 | 000,001,196 | ---- | M] () -- E:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\searchplugins\winamp-search.xml
[2011/03/06 20:38:43 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/06/24 20:06:10 | 000,142,296 | ---- | M] (Mozilla Foundation) -- E:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 18:00:00 | 000,001,538 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 18:00:00 | 000,002,252 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 18:00:00 | 000,000,947 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 18:00:00 | 000,001,180 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/06 20:38:17 | 000,002,050 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchdesktop.xml
[2010/01/01 18:00:00 | 000,001,135 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/06/23 16:16:47 | 000,000,098 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - E:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - E:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] E:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] E:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] E:\WINDOWS\System32\nwiz.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O15 - HKCU\..Trusted Domains: msn.com ([www] http in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1244489369402 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O20 - AppInit_DLLs: (E:\PROGRA~1\WINDOW~3\Datamngr\datamngr.dll) - File not found
O20 - AppInit_DLLs: (E:\PROGRA~1\WINDOW~3\Datamngr\IEBHO.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: E:\Documents and Settings\Troy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: E:\Documents and Settings\Troy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{004b3f73-95dc-11de-a6c5-044b80808003}\Shell - "" = AutoRun
O33 - MountPoints2\{004b3f73-95dc-11de-a6c5-044b80808003}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{004b3f73-95dc-11de-a6c5-044b80808003}\Shell\AutoRun\command - "" = E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNAUT~1\autorun.pif
O33 - MountPoints2\{004b3f74-95dc-11de-a6c5-044b80808003}\Shell - "" = AutoRun
O33 - MountPoints2\{004b3f74-95dc-11de-a6c5-044b80808003}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{004b3f74-95dc-11de-a6c5-044b80808003}\Shell\AutoRun\command - "" = E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe W32PT.dll.vbs
O33 - MountPoints2\{40728aa4-0a8c-11e0-a86d-044b80808003}\Shell - "" = AutoRun
O33 - MountPoints2\{40728aa4-0a8c-11e0-a86d-044b80808003}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{40728aa4-0a8c-11e0-a86d-044b80808003}\Shell\AutoRun\command - "" = E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe W32PT.dll.vbs
O33 - MountPoints2\{7399548e-d766-11df-a840-044b80808003}\Shell - "" = AutoRun
O33 - MountPoints2\{7399548e-d766-11df-a840-044b80808003}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7399548e-d766-11df-a840-044b80808003}\Shell\AutoRun\command - "" = E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe W32PT.dll.vbs
O33 - MountPoints2\{7e030862-5b33-11de-9e75-044b80808003}\Shell - "" = AutoRun
O33 - MountPoints2\{7e030862-5b33-11de-9e75-044b80808003}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7e030862-5b33-11de-9e75-044b80808003}\Shell\AutoRun\command - "" = E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe W32PT.dll.vbs
O33 - MountPoints2\{7f64555e-c2b0-11df-a833-044b80808003}\Shell - "" = AutoRun
O33 - MountPoints2\{7f64555e-c2b0-11df-a833-044b80808003}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7f64555e-c2b0-11df-a833-044b80808003}\Shell\AutoRun\command - "" = E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe W32PT.dll.vbs
O33 - MountPoints2\{85e8d6da-9b2d-11de-a6d3-044b80808003}\Shell - "" = AutoRun
O33 - MountPoints2\{85e8d6da-9b2d-11de-a6d3-044b80808003}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{85e8d6da-9b2d-11de-a6d3-044b80808003}\Shell\AutoRun\command - "" = E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe W32PT.dll.vbs
O33 - MountPoints2\{b6c18256-9b06-11de-a6d2-044b80808003}\Shell - "" = AutoRun
O33 - MountPoints2\{b6c18256-9b06-11de-a6d2-044b80808003}\Shell\1\Command - "" = RUNAUT~1\autorun.pif
O33 - MountPoints2\{b6c18256-9b06-11de-a6d2-044b80808003}\Shell\2\Command - "" = RUNAUT~1\autorun.pif
O33 - MountPoints2\{b6c18256-9b06-11de-a6d2-044b80808003}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b6c18256-9b06-11de-a6d2-044b80808003}\Shell\AutoRun\command - "" = E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNAUT~1\autorun.pif
O33 - MountPoints2\{c2a90220-be0a-11de-a717-044b80808003}\Shell - "" = AutoRun
O33 - MountPoints2\{c2a90220-be0a-11de-a717-044b80808003}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c2a90220-be0a-11de-a717-044b80808003}\Shell\AutoRun\command - "" = E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe W32PT.dll.vbs
O33 - MountPoints2\{c34a905e-d282-11de-a734-044b80808003}\Shell - "" = AutoRun
O33 - MountPoints2\{c34a905e-d282-11de-a734-044b80808003}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c34a905e-d282-11de-a734-044b80808003}\Shell\AutoRun\command - "" = E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe W32PT.dll.vbs
O33 - MountPoints2\{dc5c31ed-69e1-11de-a65f-044b80808003}\Shell - "" = AutoRun
O33 - MountPoints2\{dc5c31ed-69e1-11de-a65f-044b80808003}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dc5c31ed-69e1-11de-a65f-044b80808003}\Shell\AutoRun\command - "" = E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe W32PT.dll.vbs
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\M\Shell\AutoRun\command - "" = E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe W32PT.dll.vbs
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/27 15:48:12 | 000,579,072 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\Troy\Desktop\OTL.exe
[2011/06/27 13:52:29 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Troy\Desktop\smart defrag 2
[2011/06/27 11:33:57 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Troy\Application Data\IObit
[2011/06/27 11:27:02 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Troy\Local Settings\Application Data\MyAshampoo
[2011/06/27 11:23:47 | 000,000,000 | RH-D | C] -- E:\Documents and Settings\Troy\Recent
[2011/06/26 18:17:10 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Troy\Desktop\Metaphorical Cloud - Morphing - MP3 320
[2011/06/26 09:59:46 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\winrm
[2011/06/26 09:59:46 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\WindowsPowerShell
[2011/06/26 09:59:46 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\GroupPolicy
[2011/06/26 09:59:38 | 000,000,000 | -H-D | C] -- E:\WINDOWS\$968930Uinstall_KB968930$
[2011/06/26 09:46:59 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\IObit Malware Fighter
[2011/06/26 09:46:36 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 4
[2011/06/26 09:46:34 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\IObit
[2011/06/26 09:45:21 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 2
[2011/06/26 09:45:19 | 000,000,000 | ---D | C] -- E:\Program Files\IObit
[2011/06/26 09:16:35 | 000,000,000 | ---D | C] -- E:\WINDOWS\pss
[2011/06/25 18:46:49 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Troy\Desktop\Tone2.VST.Bundle.Suite.Various.Crack.Teams
[2011/06/24 11:46:21 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Troy\Application Data\NCH Swift Sound
[2011/06/23 16:16:45 | 000,000,000 | ---D | C] -- E:\_OTM
[2011/06/23 16:14:52 | 000,000,000 | ---D | C] -- E:\WINDOWS\ERDNT
[2011/06/23 15:54:49 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Sonnox Plugins
[2011/06/23 15:54:48 | 000,000,000 | ---D | C] -- E:\Program Files\Sonnox
[2011/06/23 15:10:59 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/23 15:10:55 | 000,000,000 | ---D | C] -- E:\Program Files\Spybot - Search & Destroy
[2011/06/23 14:48:06 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Troy\Start Menu\Programs\Google Chrome
[2011/06/23 13:20:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Troy\Local Settings\Application Data\MediaGet2
[2011/06/21 02:48:16 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Troy\Desktop\gate-sp-00
[2011/06/20 19:43:56 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Xilisoft
[2011/06/20 09:38:24 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/20 09:38:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/20 09:38:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2011/06/20 09:38:17 | 000,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2011/06/18 10:11:02 | 000,000,000 | ---D | C] -- E:\Documents and Settings\NetworkService\Local Settings\Application Data\MyAshampoo
[2011/06/14 18:06:48 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Ashampoo
[2011/06/14 18:06:40 | 000,000,000 | ---D | C] -- E:\Program Files\Ashampoo
[2011/06/14 18:00:48 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\WinZip
[2011/06/14 09:08:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Troy\Local Settings\Application Data\Xilisoft
[2011/06/14 09:08:00 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Troy\Application Data\Xilisoft
[2011/06/12 19:45:10 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Troy\My Documents\Soulseek Chat Logs
[2011/06/10 11:13:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Troy\Application Data\iZotope
[2011/06/10 11:06:48 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Troy\My Documents\iZotope Nectar
[2011/06/10 11:06:48 | 000,000,000 | ---D | C] -- E:\Program Files\iZotope
[2011/06/03 11:51:31 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Cool Edit Pro 2.1
[2011/06/03 11:43:13 | 000,000,000 | ---D | C] -- E:\Program Files\coolpro2

========== Files - Modified Within 30 Days ==========

[2011/06/27 15:48:13 | 000,579,072 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Troy\Desktop\OTL.exe
[2011/06/27 15:30:04 | 000,308,350 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\gg.flp
[2011/06/27 14:52:01 | 000,000,922 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-436374069-725345543-1003Core.job
[2011/06/27 14:52:00 | 000,000,974 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-436374069-725345543-1003UA.job
[2011/06/27 14:49:17 | 000,311,885 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\aaa.flp
[2011/06/27 13:50:54 | 000,000,278 | ---- | M] () -- E:\WINDOWS\tasks\SmartDefrag_Startup.job
[2011/06/27 13:02:01 | 000,215,383 | ---- | M] () -- E:\WINDOWS\System32\nvapps.xml
[2011/06/27 13:01:58 | 000,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2011/06/27 13:01:57 | 000,000,268 | ---- | M] () -- E:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/06/27 12:55:49 | 000,000,304 | -HS- | M] () -- E:\WINDOWS\tasks\igofhhdr.job
[2011/06/27 12:55:43 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2011/06/27 11:19:50 | 000,332,071 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\vvvv.flp
[2011/06/27 02:00:00 | 000,000,340 | ---- | M] () -- E:\WINDOWS\tasks\AdobeAAMUpdater-1.0-TROY-Troy.job
[2011/06/26 12:35:02 | 000,000,016 | ---- | M] () -- E:\WINDOWS\System32\w3data.vss
[2011/06/26 12:35:02 | 000,000,016 | ---- | M] () -- E:\WINDOWS\System32\msvcsv60.dll
[2011/06/26 12:35:02 | 000,000,016 | ---- | M] () -- E:\WINDOWS\msocreg32.dat
[2011/06/26 09:46:59 | 000,000,832 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[2011/06/26 09:46:36 | 000,000,898 | ---- | M] () -- E:\Documents and Settings\Troy\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
[2011/06/26 09:46:36 | 000,000,880 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/06/26 09:45:21 | 000,000,829 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk
[2011/06/26 09:03:38 | 004,295,472 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\Kenji Kawai - Ghost In The Shell - Original Soundtrack - 01 - M01 Making of Cyborg (Chant I).MP3
[2011/06/25 19:54:48 | 000,930,517 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\jjjj.flp
[2011/06/25 13:24:28 | 000,296,070 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\gggggggg.flp
[2011/06/25 10:11:00 | 000,000,284 | ---- | M] () -- E:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/24 12:58:55 | 000,173,470 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\fast one.flp
[2011/06/23 16:16:47 | 000,000,098 | ---- | M] () -- E:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/23 16:08:10 | 000,592,045 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\verynice1.flp
[2011/06/23 15:10:59 | 000,000,939 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\Spybot - Search & Destroy.lnk
[2011/06/23 14:48:08 | 000,002,283 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\Google Chrome.lnk
[2011/06/23 14:48:08 | 000,002,261 | ---- | M] () -- E:\Documents and Settings\Troy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/21 03:04:17 | 000,432,356 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2011/06/21 03:04:17 | 000,067,312 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
[2011/06/20 19:43:56 | 000,001,772 | ---- | M] () -- E:\Documents and Settings\Troy\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft DVD Creator 6.lnk
[2011/06/20 19:43:56 | 000,001,754 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Xilisoft DVD Creator 6.lnk
[2011/06/20 13:10:54 | 000,507,644 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\ccc.flp
[2011/06/20 09:38:24 | 000,000,702 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/17 08:49:37 | 000,126,976 | RHS- | M] () -- E:\WINDOWS\System32\vbisurfn.dll
[2011/06/16 11:49:34 | 000,000,854 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\Adobe Photoshop CS5.1.lnk
[2011/06/15 11:44:18 | 000,183,157 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\Itinerary.pdf
[2011/06/14 18:06:49 | 000,000,872 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Ashampoo Burning Studio 2010.lnk
[2011/06/14 17:41:49 | 000,034,308 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\mazuki.dll
[2011/06/06 14:32:51 | 000,000,354 | ---- | M] () -- E:\WINDOWS\System32\q3p20qj.tgz
[2011/06/06 14:32:50 | 000,000,114 | ---- | M] () -- E:\WINDOWS\System32\prsgrc.tgz
[2011/06/06 14:32:50 | 000,000,100 | ---- | M] () -- E:\WINDOWS\System32\prsgrc.dll
[2011/06/06 14:32:50 | 000,000,086 | ---- | M] () -- E:\WINDOWS\System32\ssprs.tgz
[2011/06/05 19:56:31 | 000,389,217 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\Allen Carr-Easy Way To Stop Smoking.pdf
[2011/06/03 11:51:31 | 000,000,688 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Cool Edit Pro 2.1.lnk

========== Files Created - No Company Name ==========

[2011/06/27 14:49:17 | 000,311,885 | ---- | C] () -- E:\Documents and Settings\Troy\Desktop\aaa.flp
[2011/06/27 12:41:54 | 000,308,350 | ---- | C] () -- E:\Documents and Settings\Troy\Desktop\gg.flp
[2011/06/26 12:04:14 | 000,332,071 | ---- | C] () -- E:\Documents and Settings\Troy\Desktop\vvvv.flp
[2011/06/26 10:00:45 | 000,225,262 | ---- | C] () -- E:\WINDOWS\System32\dllcache\msimain.sdb
[2011/06/26 09:46:59 | 000,000,832 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[2011/06/26 09:46:52 | 000,000,268 | ---- | C] () -- E:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/06/26 09:46:36 | 000,000,898 | ---- | C] () -- E:\Documents and Settings\Troy\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
[2011/06/26 09:46:36 | 000,000,880 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/06/26 09:46:03 | 000,000,278 | ---- | C] () -- E:\WINDOWS\tasks\SmartDefrag_Startup.job
[2011/06/26 09:45:23 | 000,029,520 | ---- | C] () -- E:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/06/26 09:45:22 | 000,013,496 | ---- | C] () -- E:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/06/26 09:45:21 | 000,000,829 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk
[2011/06/26 09:00:33 | 004,295,472 | ---- | C] () -- E:\Documents and Settings\Troy\Desktop\Kenji Kawai - Ghost In The Shell - Original Soundtrack - 01 - M01 Making of Cyborg (Chant I).MP3
[2011/06/25 14:53:01 | 000,930,517 | ---- | C] () -- E:\Documents and Settings\Troy\Desktop\jjjj.flp
[2011/06/24 20:57:02 | 000,296,070 | ---- | C] () -- E:\Documents and Settings\Troy\Desktop\gggggggg.flp
[2011/06/23 15:10:59 | 000,000,939 | ---- | C] () -- E:\Documents and Settings\Troy\Desktop\Spybot - Search & Destroy.lnk
[2011/06/23 14:48:08 | 000,002,283 | ---- | C] () -- E:\Documents and Settings\Troy\Desktop\Google Chrome.lnk
[2011/06/23 14:48:08 | 000,002,261 | ---- | C] () -- E:\Documents and Settings\Troy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/23 14:47:17 | 000,000,974 | ---- | C] () -- E:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-436374069-725345543-1003UA.job
[2011/06/23 14:47:17 | 000,000,922 | ---- | C] () -- E:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-436374069-725345543-1003Core.job
[2011/06/22 19:47:18 | 000,592,045 | ---- | C] () -- E:\Documents and Settings\Troy\Desktop\verynice1.flp
[2011/06/21 20:31:59 | 000,000,340 | ---- | C] () -- E:\WINDOWS\tasks\AdobeAAMUpdater-1.0-TROY-Troy.job
[2011/06/21 20:07:19 | 000,000,860 | ---- | C] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2011/06/21 13:18:14 | 000,173,470 | ---- | C] () -- E:\Documents and Settings\Troy\Desktop\fast one.flp
[2011/06/20 19:43:56 | 000,001,772 | ---- | C] () -- E:\Documents and Settings\Troy\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft DVD Creator 6.lnk
[2011/06/20 19:43:56 | 000,001,754 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Xilisoft DVD Creator 6.lnk
[2011/06/20 09:38:24 | 000,000,702 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/17 12:13:25 | 000,507,644 | ---- | C] () -- E:\Documents and Settings\Troy\Desktop\ccc.flp
[2011/06/17 08:49:37 | 000,126,976 | RHS- | C] () -- E:\WINDOWS\System32\vbisurfn.dll
[2011/06/17 08:49:37 | 000,000,304 | -HS- | C] () -- E:\WINDOWS\tasks\igofhhdr.job
[2011/06/15 11:44:18 | 000,183,157 | ---- | C] () -- E:\Documents and Settings\Troy\Desktop\Itinerary.pdf
[2011/06/14 18:06:49 | 000,000,872 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Ashampoo Burning Studio 2010.lnk
[2011/06/14 17:37:40 | 000,034,308 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\mazuki.dll
[2011/06/05 20:03:18 | 000,389,217 | ---- | C] () -- E:\Documents and Settings\Troy\Desktop\Allen Carr-Easy Way To Stop Smoking.pdf
[2011/06/03 11:51:31 | 000,000,688 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Cool Edit Pro 2.1.lnk
[2011/05/27 16:47:25 | 000,000,132 | ---- | C] () -- E:\Documents and Settings\Troy\Application Data\Adobe PNG Format CS5 Prefs
[2011/05/20 20:32:57 | 000,000,016 | ---- | C] () -- E:\WINDOWS\Wininit.ini
[2011/05/20 20:32:50 | 000,035,328 | ---- | C] () -- E:\WINDOWS\INETWH32.DLL
[2011/05/20 20:32:50 | 000,009,136 | ---- | C] () -- E:\WINDOWS\INETWH16.DLL
[2011/05/20 20:32:50 | 000,004,528 | ---- | C] () -- E:\WINDOWS\SETBROWS.EXE
[2011/05/20 20:19:13 | 000,002,791 | ---- | C] () -- E:\WINDOWS\BlacBox2.INI
[2011/02/14 20:25:24 | 000,000,016 | ---- | C] () -- E:\WINDOWS\System32\msvcsv60.dll
[2011/02/14 20:25:24 | 000,000,016 | ---- | C] () -- E:\WINDOWS\msocreg32.dat
[2010/06/08 17:52:47 | 000,000,066 | ---- | C] () -- E:\WINDOWS\Ahead DVD Ripper.INI
[2010/05/22 22:15:20 | 000,000,005 | ---- | C] () -- E:\WINDOWS\obggonfe.ini
[2010/05/17 16:32:31 | 000,111,932 | ---- | C] () -- E:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/05/17 16:32:31 | 000,031,053 | ---- | C] () -- E:\WINDOWS\System32\EPPICPattern131.dat
[2010/05/17 16:32:31 | 000,027,417 | ---- | C] () -- E:\WINDOWS\System32\EPPICPattern121.dat
[2010/05/17 16:32:31 | 000,026,154 | ---- | C] () -- E:\WINDOWS\System32\EPPICPattern1.dat
[2010/05/17 16:32:31 | 000,024,903 | ---- | C] () -- E:\WINDOWS\System32\EPPICPattern3.dat
[2010/05/17 16:32:31 | 000,021,390 | ---- | C] () -- E:\WINDOWS\System32\EPPICPattern5.dat
[2010/05/17 16:32:31 | 000,020,148 | ---- | C] () -- E:\WINDOWS\System32\EPPICPattern2.dat
[2010/05/17 16:32:31 | 000,011,811 | ---- | C] () -- E:\WINDOWS\System32\EPPICPattern4.dat
[2010/05/17 16:32:31 | 000,004,943 | ---- | C] () -- E:\WINDOWS\System32\EPPICPattern6.dat
[2010/05/17 16:32:31 | 000,001,146 | ---- | C] () -- E:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/05/17 16:32:31 | 000,001,139 | ---- | C] () -- E:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/05/17 16:32:31 | 000,001,139 | ---- | C] () -- E:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/05/17 16:32:31 | 000,001,136 | ---- | C] () -- E:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/05/17 16:32:31 | 000,001,129 | ---- | C] () -- E:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/05/17 16:32:31 | 000,001,129 | ---- | C] () -- E:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/05/17 16:32:31 | 000,001,120 | ---- | C] () -- E:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/05/17 16:32:31 | 000,001,107 | ---- | C] () -- E:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/05/17 16:32:31 | 000,001,104 | ---- | C] () -- E:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/05/17 16:32:31 | 000,000,097 | ---- | C] () -- E:\WINDOWS\System32\PICSDK.ini
[2010/03/26 13:29:46 | 000,000,028 | ---- | C] () -- E:\WINDOWS\System32\autoscan.dll
[2010/03/19 11:31:36 | 000,000,005 | ---- | C] () -- E:\WINDOWS\obggonmn.ini
[2010/03/19 11:31:36 | 000,000,005 | ---- | C] () -- E:\WINDOWS\obggonjm.ini
[2010/03/13 12:57:33 | 000,002,892 | ---- | C] () -- E:\WINDOWS\System32\audcon.sys
[2010/03/13 12:57:16 | 000,000,045 | ---- | C] () -- E:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2010/03/13 12:57:15 | 000,086,016 | ---- | C] () -- E:\WINDOWS\System32\SYNSOPOS.exe
[2009/10/27 16:11:12 | 000,000,005 | ---- | C] () -- E:\WINDOWS\obggonlh.ini
[2009/10/27 16:11:12 | 000,000,005 | ---- | C] () -- E:\WINDOWS\obggoneg.ini
[2009/09/02 08:37:12 | 000,514,016 | ---- | C] () -- E:\Documents and Settings\Troy\Application Data\f789f2056a146661cc1c1dffd88320ff-i686.cache-2
[2009/08/25 12:19:24 | 000,000,412 | ---- | C] () -- E:\WINDOWS\AoADVDRipper.INI
[2009/08/04 21:58:39 | 000,002,756 | ---- | C] () -- E:\WINDOWS\System32\sslibkh.dll
[2009/08/04 21:58:38 | 000,002,756 | ---- | C] () -- E:\WINDOWS\System32\ssolekuy.dll
[2009/08/04 21:58:38 | 000,002,756 | ---- | C] () -- E:\WINDOWS\System32\ssoleht.dll
[2009/08/04 21:58:38 | 000,002,756 | ---- | C] () -- E:\WINDOWS\System32\ssolefw.dll
[2009/08/04 21:58:38 | 000,002,756 | ---- | C] () -- E:\WINDOWS\System32\solegeh.dll
[2009/08/04 21:58:38 | 000,002,756 | ---- | C] () -- E:\WINDOWS\System32\slibgs.dll
[2009/08/04 21:58:38 | 000,002,756 | ---- | C] () -- E:\WINDOWS\System32\slibfg.dll
[2009/07/25 09:29:37 | 000,000,056 | -H-- | C] () -- E:\WINDOWS\System32\ezsidmv.dat
[2009/07/11 17:06:36 | 000,000,604 | ---- | C] () -- E:\Documents and Settings\Troy\Local Settings\Application Data\Notes.stt
[2009/07/11 17:06:36 | 000,000,117 | ---- | C] () -- E:\Documents and Settings\Troy\Local Settings\Application Data\Reminders.stt
[2009/06/20 15:47:51 | 000,002,240 | ---- | C] () -- E:\WINDOWS\LENDIG.sys
[2009/06/18 16:55:58 | 000,121,344 | ---- | C] () -- E:\Documents and Settings\Troy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/18 12:57:40 | 000,000,005 | ---- | C] () -- E:\WINDOWS\obggonnd.ini
[2009/06/18 12:54:40 | 000,000,005 | ---- | C] () -- E:\WINDOWS\obggonha.ini
[2009/06/18 12:54:40 | 000,000,005 | ---- | C] () -- E:\WINDOWS\obggonad.ini
[2009/06/18 11:39:55 | 000,000,005 | ---- | C] () -- E:\WINDOWS\obggonoe.ini
[2009/06/18 11:39:55 | 000,000,005 | ---- | C] () -- E:\WINDOWS\obggonmi.ini
[2009/06/18 11:39:55 | 000,000,005 | ---- | C] () -- E:\WINDOWS\obggonif.ini
[2009/06/18 11:39:55 | 000,000,005 | ---- | C] () -- E:\WINDOWS\obggondi.ini
[2009/06/18 01:18:53 | 000,165,376 | ---- | C] () -- E:\Program Files\UNWISE.EXE
[2009/06/18 01:18:53 | 000,000,058 | ---- | C] () -- E:\Program Files\Native Instruments Homepage.url
[2009/06/17 21:40:12 | 000,000,008 | ---- | C] () -- E:\WINDOWS\System32\nvModes.dat
[2009/06/09 06:35:39 | 000,000,000 | ---- | C] () -- E:\WINDOWS\nsreg.dat
[2009/06/09 06:28:43 | 000,004,984 | ---- | C] () -- E:\WINDOWS\System32\drivers\nvphy.bin
[2009/06/08 22:53:50 | 000,004,161 | ---- | C] () -- E:\WINDOWS\ODBCINST.INI
[2009/06/08 22:51:00 | 003,431,136 | ---- | C] () -- E:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/08 14:33:04 | 000,040,960 | ---- | C] () -- E:\WINDOWS\System32\ChCfg.exe
[2009/06/08 14:33:04 | 000,000,164 | ---- | C] () -- E:\WINDOWS\avrack.ini
[2009/06/08 14:14:15 | 000,147,456 | R--- | C] () -- E:\WINDOWS\System32\RTLCPAPI.dll
[2009/06/08 13:05:06 | 000,002,048 | --S- | C] () -- E:\WINDOWS\bootstat.dat
[2009/06/08 12:59:47 | 000,021,640 | ---- | C] () -- E:\WINDOWS\System32\emptyregdb.dat
[2009/05/01 00:31:10 | 001,657,376 | ---- | C] () -- E:\WINDOWS\System32\nwiz.exe
[2009/05/01 00:31:08 | 000,449,056 | ---- | C] () -- E:\WINDOWS\System32\nvappbar.exe
[2009/05/01 00:31:08 | 000,436,768 | ---- | C] () -- E:\WINDOWS\System32\keystone.exe
[2009/05/01 00:31:06 | 001,724,416 | ---- | C] () -- E:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/01 00:31:06 | 001,507,328 | ---- | C] () -- E:\WINDOWS\System32\nview.dll
[2009/05/01 00:31:06 | 001,101,824 | ---- | C] () -- E:\WINDOWS\System32\nvwimg.dll
[2009/05/01 00:31:06 | 000,466,944 | ---- | C] () -- E:\WINDOWS\System32\nvshell.dll
[2009/04/30 22:02:00 | 001,579,630 | ---- | C] () -- E:\WINDOWS\System32\nvdata.bin
[2009/03/28 00:03:00 | 001,346,080 | ---- | C] () -- E:\WINDOWS\System32\nvdspsch.exe
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- E:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelFrench.dll
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- E:\WINDOWS\System32\dcache.bin
[2004/08/04 00:56:44 | 000,001,024 | ---- | C] () -- E:\WINDOWS\System32\v2gyt5w.dll
[2004/08/04 00:56:44 | 000,001,024 | ---- | C] () -- E:\WINDOWS\System32\grcauth2.dll
[2004/08/04 00:56:44 | 000,001,024 | ---- | C] () -- E:\WINDOWS\System32\grcauth1.dll
[2004/08/04 00:56:44 | 000,001,024 | ---- | C] () -- E:\WINDOWS\System32\clauth2.dll
[2004/08/04 00:56:44 | 000,001,024 | ---- | C] () -- E:\WINDOWS\System32\clauth1.dll
[2004/08/04 00:56:44 | 000,000,340 | ---- | C] () -- E:\WINDOWS\System32\q3p20qj.dll
[2004/08/04 00:56:44 | 000,000,100 | ---- | C] () -- E:\WINDOWS\System32\prsgrc.dll
[2004/08/04 00:56:44 | 000,000,072 | ---- | C] () -- E:\WINDOWS\System32\ssprs.dll
[2004/08/04 00:56:44 | 000,000,016 | -H-- | C] () -- E:\WINDOWS\System32\gyyo050.dll
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- E:\WINDOWS\System32\secupd.dat
[2003/10/09 05:18:10 | 000,143,360 | ---- | C] () -- E:\WINDOWS\System32\mafwTray.exe
[2003/10/09 05:18:10 | 000,013,824 | ---- | C] () -- E:\WINDOWS\System32\mafwpnl.dll
[2001/08/23 22:00:00 | 013,107,200 | ---- | C] () -- E:\WINDOWS\System32\oembios.bin
[2001/08/23 22:00:00 | 000,673,088 | ---- | C] () -- E:\WINDOWS\System32\mlang.dat
[2001/08/23 22:00:00 | 000,432,356 | ---- | C] () -- E:\WINDOWS\System32\perfh009.dat
[2001/08/23 22:00:00 | 000,272,128 | ---- | C] () -- E:\WINDOWS\System32\perfi009.dat
[2001/08/23 22:00:00 | 000,218,003 | ---- | C] () -- E:\WINDOWS\System32\dssec.dat
[2001/08/23 22:00:00 | 000,067,312 | ---- | C] () -- E:\WINDOWS\System32\perfc009.dat
[2001/08/23 22:00:00 | 000,046,258 | ---- | C] () -- E:\WINDOWS\System32\mib.bin
[2001/08/23 22:00:00 | 000,028,626 | ---- | C] () -- E:\WINDOWS\System32\perfd009.dat
[2001/08/23 22:00:00 | 000,004,463 | ---- | C] () -- E:\WINDOWS\System32\oembios.dat
[2001/08/23 22:00:00 | 000,000,741 | ---- | C] () -- E:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/02/12 18:22:57 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\ArtsAcoustic
[2009/06/17 23:31:08 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\ashampoo
[2011/02/17 22:19:03 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Audio Damage
[2011/02/11 07:44:25 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\AVG10
[2011/01/04 14:21:14 | 000,000,000 | -H-D | M] -- E:\Documents and Settings\All Users\Application Data\Common Files
[2010/03/13 13:39:45 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\eLicenser
[2011/06/26 10:02:26 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\IObit
[2009/06/18 01:09:41 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\iZotope
[2011/02/10 22:35:56 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/24 14:43:55 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/05/18 19:27:20 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Note
[2011/03/06 20:38:43 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\PageshotsPro
[2010/05/18 17:53:05 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Panasonic
[2011/01/18 19:01:08 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\PreSonus
[2009/08/02 14:06:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2011/05/21 15:20:39 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Redfield
[2011/06/21 20:17:32 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/06/26 08:59:39 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Soulseek
[2011/06/26 09:58:32 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Spectrasonics
[2010/03/13 12:57:33 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Syncrosoft
[2010/07/31 17:02:48 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\System Doctor
[2010/06/09 18:49:26 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/08 11:02:39 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/05/24 23:14:06 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\VertusTech
[2009/06/18 12:53:42 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Wave Arts
[2011/06/14 18:00:48 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\WinZip
[2011/06/14 17:38:46 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Troy\Application Data\Ashampoo
[2011/01/04 14:23:38 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Troy\Application Data\AVG10
[2009/06/18 11:02:30 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Troy\Application Data\BitZipper
[2010/05/18 15:06:04 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Troy\Application Data\DAEMON Tools Pro
[2011/06/25 12:20:17 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Troy\Application Data\FabFilter
[2009/06/18 09:36:44 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Troy\Application Data\ImgBurn
[2011/06/27 13:07:28 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Troy\Application Data\IObit
[2011/06/10 11:13:03 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Troy\Application Data\iZotope
[2011/02/12 18:57:25 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Troy\Application Data\jziptoolbar
[2011/02/11 15:05:31 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Troy\Application Data\Leadertech
[2011/06/24 11:46:21 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Troy\Application Data\NCH Swift Sound
[2009/06/09 08:35:01 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Troy\Application Data\OpenOffice.org
[2011/01/18 19:01:06 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Troy\Application Data\PreSonus
[2009/08/02 14:24:41 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Troy\Application Data\Propellerhead Software
[2011/05/24 20:29:53 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Troy\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/02/05 16:19:39 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Troy\Application Data\Stellarium
[2010/07/31 17:03:16 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Troy\Application Data\System Doctor
[2010/07/08 11:02:47 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Troy\Application Data\TuneUp Software
[2011/05/24 18:12:44 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Troy\Application Data\Ultra Fractal 4
[2011/06/26 00:10:27 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Troy\Application Data\uTorrent
[2010/03/17 11:35:22 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Troy\Application Data\Waldorf
[2009/08/05 18:21:39 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Troy\Application Data\Waves Audio
[2011/06/14 09:08:00 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Troy\Application Data\Xilisoft
[2011/05/23 19:38:36 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Troy\Application Data\Xilisoft Corporation
[2011/06/27 13:01:57 | 000,000,268 | ---- | M] () -- E:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job
[2011/06/27 12:55:49 | 000,000,304 | -HS- | M] () -- E:\WINDOWS\Tasks\igofhhdr.job
[2011/06/27 13:50:54 | 000,000,278 | ---- | M] () -- E:\WINDOWS\Tasks\SmartDefrag_Startup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 200 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD
@Alternate Data Stream - 134 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:FB198ECA
@Alternate Data Stream - 129 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 125 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Edited by sonicpulse, 27 June 2011 - 12:17 AM.

  • 0

Advertisements

#2
RKinner
Posted 27 June 2011 - 11:46 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Uninstall:
SUPERAntiSpyware
Obit Malware Fighter
Advanced SystemCare 4
Conduit Engine
uTorrent


Copy the text in the code box by highlighting and Ctrl + c 


:OTL
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
[2011/06/15 16:49:48 | 000,000,000 | ---D | M] (Conduit Engine) -- E:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\extensions\[email protected]
[2011/05/25 16:15:26 | 000,000,923 | ---- | M] () -- E:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\searchplugins\conduit.xml
O2 - BHO: (no name) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - E:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - E:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O20 - AppInit_DLLs: (E:\PROGRA~1\WINDOW~3\Datamngr\datamngr.dll) - File not found
O20 - AppInit_DLLs: (E:\PROGRA~1\WINDOW~3\Datamngr\IEBHO.dll) - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O33 - MountPoints2\{004b3f73-95dc-11de-a6c5-044b80808003}\Shell - "" = AutoRun
O33 - MountPoints2\{004b3f73-95dc-11de-a6c5-044b80808003}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{004b3f73-95dc-11de-a6c5-044b80808003}\Shell\AutoRun\command - "" = E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNAUT~1\autorun.pif
O33 - MountPoints2\{004b3f74-95dc-11de-a6c5-044b80808003}\Shell - "" = AutoRun
O33 - MountPoints2\{004b3f74-95dc-11de-a6c5-044b80808003}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{004b3f74-95dc-11de-a6c5-044b80808003}\Shell\AutoRun\command - "" = E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe W32PT.dll.vbs
O33 - MountPoints2\{40728aa4-0a8c-11e0-a86d-044b80808003}\Shell - "" = AutoRun
O33 - MountPoints2\{40728aa4-0a8c-11e0-a86d-044b80808003}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{40728aa4-0a8c-11e0-a86d-044b80808003}\Shell\AutoRun\command - "" = E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe W32PT.dll.vbs
O33 - MountPoints2\{7399548e-d766-11df-a840-044b80808003}\Shell - "" = AutoRun
O33 - MountPoints2\{7399548e-d766-11df-a840-044b80808003}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7399548e-d766-11df-a840-044b80808003}\Shell\AutoRun\command - "" = E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe W32PT.dll.vbs
O33 - MountPoints2\{7e030862-5b33-11de-9e75-044b80808003}\Shell - "" = AutoRun
O33 - MountPoints2\{7e030862-5b33-11de-9e75-044b80808003}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7e030862-5b33-11de-9e75-044b80808003}\Shell\AutoRun\command - "" = E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe W32PT.dll.vbs
O33 - MountPoints2\{7f64555e-c2b0-11df-a833-044b80808003}\Shell - "" = AutoRun
O33 - MountPoints2\{7f64555e-c2b0-11df-a833-044b80808003}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7f64555e-c2b0-11df-a833-044b80808003}\Shell\AutoRun\command - "" = E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe W32PT.dll.vbs
O33 - MountPoints2\{85e8d6da-9b2d-11de-a6d3-044b80808003}\Shell - "" = AutoRun
O33 - MountPoints2\{85e8d6da-9b2d-11de-a6d3-044b80808003}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{85e8d6da-9b2d-11de-a6d3-044b80808003}\Shell\AutoRun\command - "" = E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe W32PT.dll.vbs
O33 - MountPoints2\{b6c18256-9b06-11de-a6d2-044b80808003}\Shell - "" = AutoRun
O33 - MountPoints2\{b6c18256-9b06-11de-a6d2-044b80808003}\Shell\1\Command - "" = RUNAUT~1\autorun.pif
O33 - MountPoints2\{b6c18256-9b06-11de-a6d2-044b80808003}\Shell\2\Command - "" = RUNAUT~1\autorun.pif
O33 - MountPoints2\{b6c18256-9b06-11de-a6d2-044b80808003}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b6c18256-9b06-11de-a6d2-044b80808003}\Shell\AutoRun\command - "" = E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNAUT~1\autorun.pif
O33 - MountPoints2\{c2a90220-be0a-11de-a717-044b80808003}\Shell - "" = AutoRun
O33 - MountPoints2\{c2a90220-be0a-11de-a717-044b80808003}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c2a90220-be0a-11de-a717-044b80808003}\Shell\AutoRun\command - "" = E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe W32PT.dll.vbs
O33 - MountPoints2\{c34a905e-d282-11de-a734-044b80808003}\Shell - "" = AutoRun
O33 - MountPoints2\{c34a905e-d282-11de-a734-044b80808003}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c34a905e-d282-11de-a734-044b80808003}\Shell\AutoRun\command - "" = E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe W32PT.dll.vbs
O33 - MountPoints2\{dc5c31ed-69e1-11de-a65f-044b80808003}\Shell - "" = AutoRun
O33 - MountPoints2\{dc5c31ed-69e1-11de-a65f-044b80808003}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dc5c31ed-69e1-11de-a65f-044b80808003}\Shell\AutoRun\command - "" = E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe W32PT.dll.vbs
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\M\Shell\AutoRun\command - "" = E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe W32PT.dll.vbs
[2011/06/14 17:37:40 | 000,034,308 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\mazuki.dll
[2011/06/17 08:49:37 | 000,126,976 | RHS- | C] () -- E:\WINDOWS\System32\vbisurfn.dll
[2011/06/27 13:01:57 | 000,000,268 | ---- | M] () -- E:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job
[2011/06/27 12:55:49 | 000,000,304 | -HS- | M] () -- E:\WINDOWS\Tasks\igofhhdr.job
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- E:\WINDOWS\System32\dcache.bin
[2004/08/04 00:56:44 | 000,001,024 | ---- | C] () -- E:\WINDOWS\System32\v2gyt5w.dll
[2004/08/04 00:56:44 | 000,001,024 | ---- | C] () -- E:\WINDOWS\System32\grcauth2.dll
[2004/08/04 00:56:44 | 000,001,024 | ---- | C] () -- E:\WINDOWS\System32\grcauth1.dll
[2004/08/04 00:56:44 | 000,001,024 | ---- | C] () -- E:\WINDOWS\System32\clauth2.dll
[2004/08/04 00:56:44 | 000,001,024 | ---- | C] () -- E:\WINDOWS\System32\clauth1.dll
[2004/08/04 00:56:44 | 000,000,340 | ---- | C] () -- E:\WINDOWS\System32\q3p20qj.dll
[2004/08/04 00:56:44 | 000,000,100 | ---- | C] () -- E:\WINDOWS\System32\prsgrc.dll
[2004/08/04 00:56:44 | 000,000,072 | ---- | C] () -- E:\WINDOWS\System32\ssprs.dll
[2004/08/04 00:56:44 | 000,000,016 | -H-- | C] () -- E:\WINDOWS\System32\gyyo050.dll

:files
E:\WINDOWS\W32PT.dll.vbs
E:\Documents and Settings\Troy\Application Data\AVG10
E:\Documents and Settings\All Users\Application Data\AVG10
     
:Commands
[RESETHOSTS]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image


Ron
  • 0

#3
sonicpulse
Posted 28 June 2011 - 03:08 AM

sonicpulse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
hi Ron thanx very much for the reply i really appreciate it...

i have uninstalled all of the programs you asked me to and gone through all of the steps you outlined..

already my computer is booting up straight away again!

everything went smoothly except for one little hiccup when i ran ComboFix..after the scan started a message popped up saying that my
AVG free was active and to please disable it...however its not installed on my computer anymore(it has been untill recently but i
uninstalled it a few days ago)...so i just clicked the ok,continue anyway and it completed its scan...

here is the first OTL log generated after inserting the text you gave me...




========== OTL ==========
Prefs.js: "http://search.condui...={searchTerms}" removed from browser.search.defaulturl
Prefs.js: [email protected]:3.2.5.2 removed from extensions.enabledItems
E:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\extensions\[email protected]\searchplugin folder moved successfully.
E:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\extensions\[email protected]\META-INF folder moved successfully.
E:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\extensions\[email protected]\lib folder moved successfully.
E:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\extensions\[email protected]\DualPackage folder moved successfully.
E:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\extensions\[email protected]\defaults folder moved successfully.
E:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\extensions\[email protected]\components folder moved successfully.
E:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\extensions\[email protected]\chrome folder moved successfully.
E:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\extensions\[email protected] folder moved successfully.
E:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\searchplugins\conduit.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File E:\Program Files\ConduitEngine\ConduitEngine.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File E:\Program Files\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:E:\PROGRA~1\WINDOW~3\Datamngr\datamngr.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:E:\PROGRA~1\WINDOW~3\Datamngr\IEBHO.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{004b3f73-95dc-11de-a6c5-044b80808003}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{004b3f73-95dc-11de-a6c5-044b80808003}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{004b3f73-95dc-11de-a6c5-044b80808003}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{004b3f73-95dc-11de-a6c5-044b80808003}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{004b3f73-95dc-11de-a6c5-044b80808003}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{004b3f73-95dc-11de-a6c5-044b80808003}\ not found.
File E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNAUT~1\autorun.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{004b3f74-95dc-11de-a6c5-044b80808003}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{004b3f74-95dc-11de-a6c5-044b80808003}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{004b3f74-95dc-11de-a6c5-044b80808003}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{004b3f74-95dc-11de-a6c5-044b80808003}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{004b3f74-95dc-11de-a6c5-044b80808003}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{004b3f74-95dc-11de-a6c5-044b80808003}\ not found.
File E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe W32PT.dll.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40728aa4-0a8c-11e0-a86d-044b80808003}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40728aa4-0a8c-11e0-a86d-044b80808003}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40728aa4-0a8c-11e0-a86d-044b80808003}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40728aa4-0a8c-11e0-a86d-044b80808003}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40728aa4-0a8c-11e0-a86d-044b80808003}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40728aa4-0a8c-11e0-a86d-044b80808003}\ not found.
File E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe W32PT.dll.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7399548e-d766-11df-a840-044b80808003}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7399548e-d766-11df-a840-044b80808003}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7399548e-d766-11df-a840-044b80808003}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7399548e-d766-11df-a840-044b80808003}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7399548e-d766-11df-a840-044b80808003}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7399548e-d766-11df-a840-044b80808003}\ not found.
File E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe W32PT.dll.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e030862-5b33-11de-9e75-044b80808003}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e030862-5b33-11de-9e75-044b80808003}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e030862-5b33-11de-9e75-044b80808003}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e030862-5b33-11de-9e75-044b80808003}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e030862-5b33-11de-9e75-044b80808003}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e030862-5b33-11de-9e75-044b80808003}\ not found.
File E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe W32PT.dll.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f64555e-c2b0-11df-a833-044b80808003}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f64555e-c2b0-11df-a833-044b80808003}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f64555e-c2b0-11df-a833-044b80808003}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f64555e-c2b0-11df-a833-044b80808003}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f64555e-c2b0-11df-a833-044b80808003}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f64555e-c2b0-11df-a833-044b80808003}\ not found.
File E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe W32PT.dll.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85e8d6da-9b2d-11de-a6d3-044b80808003}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85e8d6da-9b2d-11de-a6d3-044b80808003}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85e8d6da-9b2d-11de-a6d3-044b80808003}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85e8d6da-9b2d-11de-a6d3-044b80808003}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85e8d6da-9b2d-11de-a6d3-044b80808003}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85e8d6da-9b2d-11de-a6d3-044b80808003}\ not found.
File E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe W32PT.dll.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6c18256-9b06-11de-a6d2-044b80808003}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6c18256-9b06-11de-a6d2-044b80808003}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6c18256-9b06-11de-a6d2-044b80808003}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6c18256-9b06-11de-a6d2-044b80808003}\ not found.
File RUNAUT~1\autorun.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6c18256-9b06-11de-a6d2-044b80808003}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6c18256-9b06-11de-a6d2-044b80808003}\ not found.
File RUNAUT~1\autorun.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6c18256-9b06-11de-a6d2-044b80808003}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6c18256-9b06-11de-a6d2-044b80808003}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6c18256-9b06-11de-a6d2-044b80808003}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6c18256-9b06-11de-a6d2-044b80808003}\ not found.
File E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNAUT~1\autorun.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2a90220-be0a-11de-a717-044b80808003}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2a90220-be0a-11de-a717-044b80808003}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2a90220-be0a-11de-a717-044b80808003}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2a90220-be0a-11de-a717-044b80808003}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2a90220-be0a-11de-a717-044b80808003}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2a90220-be0a-11de-a717-044b80808003}\ not found.
File E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe W32PT.dll.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c34a905e-d282-11de-a734-044b80808003}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c34a905e-d282-11de-a734-044b80808003}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c34a905e-d282-11de-a734-044b80808003}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c34a905e-d282-11de-a734-044b80808003}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c34a905e-d282-11de-a734-044b80808003}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c34a905e-d282-11de-a734-044b80808003}\ not found.
File E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe W32PT.dll.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc5c31ed-69e1-11de-a65f-044b80808003}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc5c31ed-69e1-11de-a65f-044b80808003}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc5c31ed-69e1-11de-a65f-044b80808003}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc5c31ed-69e1-11de-a65f-044b80808003}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc5c31ed-69e1-11de-a65f-044b80808003}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc5c31ed-69e1-11de-a65f-044b80808003}\ not found.
File E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe W32PT.dll.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\ not found.
File E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe W32PT.dll.vbs not found.
E:\Documents and Settings\All Users\Application Data\mazuki.dll moved successfully.
E:\WINDOWS\system32\vbisurfn.dll moved successfully.
E:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job moved successfully.
E:\WINDOWS\Tasks\igofhhdr.job moved successfully.
E:\WINDOWS\system32\dcache.bin moved successfully.
E:\WINDOWS\system32\v2gyt5w.dll moved successfully.
E:\WINDOWS\system32\grcauth2.dll moved successfully.
E:\WINDOWS\system32\grcauth1.dll moved successfully.
E:\WINDOWS\system32\clauth2.dll moved successfully.
E:\WINDOWS\system32\clauth1.dll moved successfully.
E:\WINDOWS\system32\q3p20qj.dll moved successfully.
E:\WINDOWS\system32\prsgrc.dll moved successfully.
E:\WINDOWS\system32\ssprs.dll moved successfully.
E:\WINDOWS\system32\gyyo050.dll moved successfully.
========== FILES ==========
File\Folder E:\WINDOWS\W32PT.dll.vbs not found.
E:\Documents and Settings\Troy\Application Data\AVG10\cfgall folder moved successfully.
E:\Documents and Settings\Troy\Application Data\AVG10 folder moved successfully.
E:\Documents and Settings\All Users\Application Data\AVG10\log folder moved successfully.
E:\Documents and Settings\All Users\Application Data\AVG10 folder moved successfully.
========== COMMANDS ==========
E:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.24.1 log created on 06282011_174234

Edited by sonicpulse, 28 June 2011 - 04:19 AM.

  • 0

#4
sonicpulse
Posted 28 June 2011 - 03:11 AM

sonicpulse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
here are the two OTL logs generated after doing the scan....



OTL logfile created on: 28/06/2011 5:57:18 PM - Run 4
OTL by OldTimer - Version 3.2.24.1 Folder = E:\Documents and Settings\Troy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1023.48 Mb Total Physical Memory | 602.41 Mb Available Physical Memory | 58.86% Memory free
2.90 Gb Paging File | 2.64 Gb Available in Paging File | 90.89% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 111.79 Gb Total Space | 100.49 Gb Free Space | 89.90% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 104.01 Gb Total Space | 13.23 Gb Free Space | 12.72% Space Free | Partition Type: NTFS
Drive F: | 361.75 Gb Total Space | 34.20 Gb Free Space | 9.45% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 2.05 Gb Free Space | 0.22% Space Free | Partition Type: NTFS

Computer Name: TROY | User Name: Troy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/27 15:48:13 | 000,579,072 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Troy\Desktop\OTL.exe
PRC - [2011/06/24 20:06:10 | 000,924,632 | ---- | M] (Mozilla Corporation) -- E:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/08 20:19:24 | 001,583,960 | ---- | M] (IObit) -- E:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/27 15:48:13 | 000,579,072 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Troy\Desktop\OTL.exe
MOD - [2010/08/24 02:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 17:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- E:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/05/18 15:54:57 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- E:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- E:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/06/17 22:24:15 | 000,092,544 | ---- | M] (Midiman/M-Audio) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\deltafw.sys -- (DELTAFW)
DRV - [2009/06/17 22:24:15 | 000,013,312 | ---- | M] (Midiman/M-Audio) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\mafwboot.sys -- (MAFWBOOT) Bootloader Service for M-Audio FW Driver (WDM)
DRV - [2008/08/01 18:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 18:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/05/06 16:01:50 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- E:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/01/24 16:36:16 | 004,127,488 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2005/10/28 06:46:14 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2005/10/27 20:46:44 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2005/09/30 03:01:51 | 000,066,048 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- E:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005/08/10 22:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- E:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/05/16 23:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- E:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yoower.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.jzip.com/"

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2011/06/24 20:06:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2011/02/12 17:38:12 | 000,000,000 | ---D | M]

[2009/06/09 06:35:38 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Troy\Application Data\Mozilla\Extensions
[2011/06/24 21:20:43 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\extensions
[2009/09/02 09:22:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- E:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/09 19:26:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- E:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/06/24 21:20:40 | 000,000,000 | ---D | M] (Softonic-Eng7 Community Toolbar) -- E:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2011/06/24 21:20:41 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- E:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2011/06/24 21:20:43 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- E:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2009/06/23 19:26:18 | 000,001,632 | ---- | M] () -- E:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\searchplugins\live-search.xml
[2009/07/11 10:56:50 | 000,001,196 | ---- | M] () -- E:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\searchplugins\winamp-search.xml
[2011/03/06 20:38:43 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/06/24 20:06:10 | 000,142,296 | ---- | M] (Mozilla Foundation) -- E:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 18:00:00 | 000,001,538 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 18:00:00 | 000,002,252 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 18:00:00 | 000,000,947 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 18:00:00 | 000,001,180 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/06 20:38:17 | 000,002,050 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchdesktop.xml
[2010/01/01 18:00:00 | 000,001,135 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/06/28 17:42:35 | 000,000,098 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] E:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] E:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] E:\WINDOWS\System32\nwiz.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O15 - HKCU\..Trusted Domains: msn.com ([www] http in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1244489369402 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: E:\Documents and Settings\Troy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: E:\Documents and Settings\Troy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/28 17:42:34 | 000,000,000 | ---D | C] -- E:\_OTL
[2011/06/27 15:48:12 | 000,579,072 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\Troy\Desktop\OTL.exe
[2011/06/27 13:52:29 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Troy\Desktop\smart defrag 2
[2011/06/27 11:33:57 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Troy\Application Data\IObit
[2011/06/27 11:27:02 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Troy\Local Settings\Application Data\MyAshampoo
[2011/06/27 11:23:47 | 000,000,000 | RH-D | C] -- E:\Documents and Settings\Troy\Recent
[2011/06/26 18:17:10 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Troy\Desktop\Metaphorical Cloud - Morphing - MP3 320
[2011/06/26 09:59:46 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\winrm
[2011/06/26 09:59:46 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\WindowsPowerShell
[2011/06/26 09:59:46 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\GroupPolicy
[2011/06/26 09:59:38 | 000,000,000 | -H-D | C] -- E:\WINDOWS\$968930Uinstall_KB968930$
[2011/06/26 09:46:34 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\IObit
[2011/06/26 09:45:21 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 2
[2011/06/26 09:45:19 | 000,000,000 | ---D | C] -- E:\Program Files\IObit
[2011/06/26 09:16:35 | 000,000,000 | ---D | C] -- E:\WINDOWS\pss
[2011/06/25 18:46:49 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Troy\Desktop\Tone2.VST.Bundle.Suite.Various.Crack.Teams
[2011/06/24 11:46:21 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Troy\Application Data\NCH Swift Sound
[2011/06/23 16:16:45 | 000,000,000 | ---D | C] -- E:\_OTM
[2011/06/23 16:14:52 | 000,000,000 | ---D | C] -- E:\WINDOWS\ERDNT
[2011/06/23 15:54:49 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Sonnox Plugins
[2011/06/23 15:54:48 | 000,000,000 | ---D | C] -- E:\Program Files\Sonnox
[2011/06/23 15:10:59 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/23 15:10:55 | 000,000,000 | ---D | C] -- E:\Program Files\Spybot - Search & Destroy
[2011/06/23 14:48:06 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Troy\Start Menu\Programs\Google Chrome
[2011/06/23 13:20:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Troy\Local Settings\Application Data\MediaGet2
[2011/06/21 02:48:16 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Troy\Desktop\gate-sp-00
[2011/06/20 19:43:56 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Xilisoft
[2011/06/20 09:38:24 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/20 09:38:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/20 09:38:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2011/06/20 09:38:17 | 000,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2011/06/18 10:11:02 | 000,000,000 | ---D | C] -- E:\Documents and Settings\NetworkService\Local Settings\Application Data\MyAshampoo
[2011/06/17 07:08:12 | 000,105,472 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\mup.sys
[2011/06/14 18:06:48 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Ashampoo
[2011/06/14 18:06:40 | 000,000,000 | ---D | C] -- E:\Program Files\Ashampoo
[2011/06/14 18:00:48 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\WinZip
[2011/06/14 09:08:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Troy\Local Settings\Application Data\Xilisoft
[2011/06/14 09:08:00 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Troy\Application Data\Xilisoft
[2011/06/12 19:45:10 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Troy\My Documents\Soulseek Chat Logs
[2011/06/10 11:13:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Troy\Application Data\iZotope
[2011/06/10 11:06:48 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Troy\My Documents\iZotope Nectar
[2011/06/10 11:06:48 | 000,000,000 | ---D | C] -- E:\Program Files\iZotope
[2011/06/03 11:51:31 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Cool Edit Pro 2.1
[2011/06/03 11:43:13 | 000,000,000 | ---D | C] -- E:\Program Files\coolpro2

========== Files - Modified Within 30 Days ==========

[2011/06/28 17:52:00 | 000,000,974 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-436374069-725345543-1003UA.job
[2011/06/28 17:44:18 | 000,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2011/06/28 17:44:09 | 000,215,383 | ---- | M] () -- E:\WINDOWS\System32\nvapps.xml
[2011/06/28 17:44:06 | 000,000,278 | ---- | M] () -- E:\WINDOWS\tasks\SmartDefrag_Startup.job
[2011/06/28 17:43:59 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2011/06/28 17:42:35 | 000,000,098 | ---- | M] () -- E:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/28 14:52:00 | 000,000,922 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-436374069-725345543-1003Core.job
[2011/06/28 09:24:21 | 000,178,391 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\16_abberack_800.jpg
[2011/06/28 09:23:32 | 000,359,269 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\01_cylathorn_800.jpg
[2011/06/28 09:19:23 | 000,085,411 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\DSC00087_800.jpg
[2011/06/27 17:09:18 | 000,530,688 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\aaa.flp
[2011/06/27 15:48:13 | 000,579,072 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Troy\Desktop\OTL.exe
[2011/06/27 15:30:04 | 000,308,350 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\gg.flp
[2011/06/27 11:19:50 | 000,332,071 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\vvvv.flp
[2011/06/27 02:00:00 | 000,000,340 | ---- | M] () -- E:\WINDOWS\tasks\AdobeAAMUpdater-1.0-TROY-Troy.job
[2011/06/26 12:35:02 | 000,000,016 | ---- | M] () -- E:\WINDOWS\System32\w3data.vss
[2011/06/26 12:35:02 | 000,000,016 | ---- | M] () -- E:\WINDOWS\System32\msvcsv60.dll
[2011/06/26 12:35:02 | 000,000,016 | ---- | M] () -- E:\WINDOWS\msocreg32.dat
[2011/06/26 09:45:21 | 000,000,829 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk
[2011/06/26 09:03:38 | 004,295,472 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\Kenji Kawai - Ghost In The Shell - Original Soundtrack - 01 - M01 Making of Cyborg (Chant I).MP3
[2011/06/25 19:54:48 | 000,930,517 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\jjjj.flp
[2011/06/25 13:24:28 | 000,296,070 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\gggggggg.flp
[2011/06/25 10:11:00 | 000,000,284 | ---- | M] () -- E:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/24 12:58:55 | 000,173,470 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\fast one.flp
[2011/06/23 16:08:10 | 000,592,045 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\verynice1.flp
[2011/06/23 15:10:59 | 000,000,939 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\Spybot - Search & Destroy.lnk
[2011/06/23 14:48:08 | 000,002,283 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\Google Chrome.lnk
[2011/06/23 14:48:08 | 000,002,261 | ---- | M] () -- E:\Documents and Settings\Troy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/21 03:04:17 | 000,432,356 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2011/06/21 03:04:17 | 000,067,312 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
[2011/06/20 19:43:56 | 000,001,772 | ---- | M] () -- E:\Documents and Settings\Troy\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft DVD Creator 6.lnk
[2011/06/20 19:43:56 | 000,001,754 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Xilisoft DVD Creator 6.lnk
[2011/06/20 13:10:54 | 000,507,644 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\ccc.flp
[2011/06/20 09:38:24 | 000,000,702 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/16 11:49:34 | 000,000,854 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\Adobe Photoshop CS5.1.lnk
[2011/06/15 11:44:18 | 000,183,157 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\Itinerary.pdf
[2011/06/14 18:06:49 | 000,000,872 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Ashampoo Burning Studio 2010.lnk
[2011/06/06 14:32:51 | 000,000,354 | ---- | M] () -- E:\WINDOWS\System32\q3p20qj.tgz
[2011/06/06 14:32:50 | 000,000,114 | ---- | M] () -- E:\WINDOWS\System32\prsgrc.tgz
[2011/06/06 14:32:50 | 000,000,086 | ---- | M] () -- E:\WINDOWS\System32\ssprs.tgz
[2011/06/05 19:56:31 | 000,389,217 | ---- | M] () -- E:\Documents and Settings\Troy\Desktop\Allen Carr-Easy Way To Stop Smoking.pdf
[2011/06/03 11:51:31 | 000,000,688 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Cool Edit Pro 2.1.lnk
[2011/05/31 08:19:48 | 005,964,800 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\mshtml.dll

========== Files Created - No Company Name ==========

[2011/06/28 09:24:21 | 000,178,391 | ---- | C] () -- E:\Documents and Settings\Troy\Desktop\16_abberack_800.jpg
[2011/06/28 09:23:32 | 000,359,269 | ---- | C] () -- E:\Documents and Settings\Troy\Desktop\01_cylathorn_800.jpg
[2011/06/28 09:19:22 | 000,085,411 | ---- | C] () -- E:\Documents and Settings\Troy\Desktop\DSC00087_800.jpg
[2011/06/27 14:49:17 | 000,530,688 | ---- | C] () -- E:\Documents and Settings\Troy\Desktop\aaa.flp
[2011/06/27 12:41:54 | 000,308,350 | ---- | C] () -- E:\Documents and Settings\Troy\Desktop\gg.flp
[2011/06/26 12:04:14 | 000,332,071 | ---- | C] () -- E:\Documents and Settings\Troy\Desktop\vvvv.flp
[2011/06/26 10:00:45 | 000,225,262 | ---- | C] () -- E:\WINDOWS\System32\dllcache\msimain.sdb
[2011/06/26 09:46:03 | 000,000,278 | ---- | C] () -- E:\WINDOWS\tasks\SmartDefrag_Startup.job
[2011/06/26 09:45:23 | 000,029,520 | ---- | C] () -- E:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/06/26 09:45:22 | 000,013,496 | ---- | C] () -- E:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/06/26 09:45:21 | 000,000,829 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk
[2011/06/26 09:00:33 | 004,295,472 | ---- | C] () -- E:\Documents and Settings\Troy\Desktop\Kenji Kawai - Ghost In The Shell - Original Soundtrack - 01 - M01 Making of Cyborg (Chant I).MP3
[2011/06/25 14:53:01 | 000,930,517 | ---- | C] () -- E:\Documents and Settings\Troy\Desktop\jjjj.flp
[2011/06/24 20:57:02 | 000,296,070 | ---- | C] () -- E:\Documents and Settings\Troy\Desktop\gggggggg.flp
[2011/06/23 15:10:59 | 000,000,939 | ---- | C] () -- E:\Documents and Settings\Troy\Desktop\Spybot - Search & Destroy.lnk
[2011/06/23 14:48:08 | 000,002,283 | ---- | C] () -- E:\Documents and Settings\Troy\Desktop\Google Chrome.lnk
[2011/06/23 14:48:08 | 000,002,261 | ---- | C] () -- E:\Documents and Settings\Troy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/23 14:47:17 | 000,000,974 | ---- | C] () -- E:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-436374069-725345543-1003UA.job
[2011/06/23 14:47:17 | 000,000,922 | ---- | C] () -- E:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-436374069-725345543-1003Core.job
[2011/06/22 19:47:18 | 000,592,045 | ---- | C] () -- E:\Documents and Settings\Troy\Desktop\verynice1.flp
[2011/06/21 20:31:59 | 000,000,340 | ---- | C] () -- E:\WINDOWS\tasks\AdobeAAMUpdater-1.0-TROY-Troy.job
[2011/06/21 20:07:19 | 000,000,860 | ---- | C] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2011/06/21 13:18:14 | 000,173,470 | ---- | C] () -- E:\Documents and Settings\Troy\Desktop\fast one.flp
[2011/06/20 19:43:56 | 000,001,772 | ---- | C] () -- E:\Documents and Settings\Troy\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft DVD Creator 6.lnk
[2011/06/20 19:43:56 | 000,001,754 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Xilisoft DVD Creator 6.lnk
[2011/06/20 09:38:24 | 000,000,702 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/17 12:13:25 | 000,507,644 | ---- | C] () -- E:\Documents and Settings\Troy\Desktop\ccc.flp
[2011/06/15 11:44:18 | 000,183,157 | ---- | C] () -- E:\Documents and Settings\Troy\Desktop\Itinerary.pdf
[2011/06/14 18:06:49 | 000,000,872 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Ashampoo Burning Studio 2010.lnk
[2011/06/05 20:03:18 | 000,389,217 | ---- | C] () -- E:\Documents and Settings\Troy\Desktop\Allen Carr-Easy Way To Stop Smoking.pdf
[2011/06/03 11:51:31 | 000,000,688 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Cool Edit Pro 2.1.lnk
[2011/05/27 16:47:25 | 000,000,132 | ---- | C] () -- E:\Documents and Settings\Troy\Application Data\Adobe PNG Format CS5 Prefs
[2011/05/20 20:32:57 | 000,000,016 | ---- | C] () -- E:\WINDOWS\Wininit.ini
[2011/05/20 20:32:50 | 000,035,328 | ---- | C] () -- E:\WINDOWS\INETWH32.DLL
[2011/05/20 20:32:50 | 000,009,136 | ---- | C] () -- E:\WINDOWS\INETWH16.DLL
[2011/05/20 20:32:50 | 000,004,528 | ---- | C] () -- E:\WINDOWS\SETBROWS.EXE
[2011/05/20 20:19:13 | 000,002,791 | ---- | C] () -- E:\WINDOWS\BlacBox2.INI
[2011/02/14 20:25:24 | 000,000,016 | ---- | C] () -- E:\WINDOWS\System32\msvcsv60.dll
[2011/02/14 20:25:24 | 000,000,016 | ---- | C] () -- E:\WINDOWS\msocreg32.dat
[2010/06/08 17:52:47 | 000,000,066 | ---- | C] () -- E:\WINDOWS\Ahead DVD Ripper.INI
[2010/05/22 22:15:20 | 000,000,005 | ---- | C] () -- E:\WINDOWS\obggonfe.ini
[2010/05/17 16:32:31 | 000,111,932 | ---- | C] () -- E:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/05/17 16:32:31 | 000,031,053 | ---- | C] () -- E:\WINDOWS\System32\EPPICPattern131.dat
[2010/05/17 16:32:31 | 000,027,417 | ---- | C] () -- E:\WINDOWS\System32\EPPICPattern121.dat
[2010/05/17 16:32:31 | 000,026,154 | ---- | C] () -- E:\WINDOWS\System32\EPPICPattern1.dat
[2010/05/17 16:32:31 | 000,024,903 | ---- | C] () -- E:\WINDOWS\System32\EPPICPattern3.dat
[2010/05/17 16:32:31 | 000,021,390 | ---- | C] () -- E:\WINDOWS\System32\EPPICPattern5.dat
[2010/05/17 16:32:31 | 000,020,148 | ---- | C] () -- E:\WINDOWS\System32\EPPICPattern2.dat
[2010/05/17 16:32:31 | 000,011,811 | ---- | C] () -- E:\WINDOWS\System32\EPPICPattern4.dat
[2010/05/17 16:32:31 | 000,004,943 | ---- | C] () -- E:\WINDOWS\System32\EPPICPattern6.dat
[2010/05/17 16:32:31 | 000,001,146 | ---- | C] () -- E:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/05/17 16:32:31 | 000,001,139 | ---- | C] () -- E:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/05/17 16:32:31 | 000,001,139 | ---- | C] () -- E:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/05/17 16:32:31 | 000,001,136 | ---- | C] () -- E:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/05/17 16:32:31 | 000,001,129 | ---- | C] () -- E:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/05/17 16:32:31 | 000,001,129 | ---- | C] () -- E:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/05/17 16:32:31 | 000,001,120 | ---- | C] () -- E:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/05/17 16:32:31 | 000,001,107 | ---- | C] () -- E:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/05/17 16:32:31 | 000,001,104 | ---- | C] () -- E:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/05/17 16:32:31 | 000,000,097 | ---- | C] () -- E:\WINDOWS\System32\PICSDK.ini
[2010/03/26 13:29:46 | 000,000,028 | ---- | C] () -- E:\WINDOWS\System32\autoscan.dll
[2010/03/19 11:31:36 | 000,000,005 | ---- | C] () -- E:\WINDOWS\obggonmn.ini
[2010/03/19 11:31:36 | 000,000,005 | ---- | C] () -- E:\WINDOWS\obggonjm.ini
[2010/03/13 12:57:33 | 000,002,892 | ---- | C] () -- E:\WINDOWS\System32\audcon.sys
[2010/03/13 12:57:16 | 000,000,045 | ---- | C] () -- E:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2010/03/13 12:57:15 | 000,086,016 | ---- | C] () -- E:\WINDOWS\System32\SYNSOPOS.exe
[2009/10/27 16:11:12 | 000,000,005 | ---- | C] () -- E:\WINDOWS\obggonlh.ini
[2009/10/27 16:11:12 | 000,000,005 | ---- | C] () -- E:\WINDOWS\obggoneg.ini
[2009/09/02 08:37:12 | 000,514,016 | ---- | C] () -- E:\Documents and Settings\Troy\Application Data\f789f2056a146661cc1c1dffd88320ff-i686.cache-2
[2009/08/25 12:19:24 | 000,000,412 | ---- | C] () -- E:\WINDOWS\AoADVDRipper.INI
[2009/08/04 21:58:39 | 000,002,756 | ---- | C] () -- E:\WINDOWS\System32\sslibkh.dll
[2009/08/04 21:58:38 | 000,002,756 | ---- | C] () -- E:\WINDOWS\System32\ssolekuy.dll
[2009/08/04 21:58:38 | 000,002,756 | ---- | C] () -- E:\WINDOWS\System32\ssoleht.dll
[2009/08/04 21:58:38 | 000,002,756 | ---- | C] () -- E:\WINDOWS\System32\ssolefw.dll
[2009/08/04 21:58:38 | 000,002,756 | ---- | C] () -- E:\WINDOWS\System32\solegeh.dll
[2009/08/04 21:58:38 | 000,002,756 | ---- | C] () -- E:\WINDOWS\System32\slibgs.dll
[2009/08/04 21:58:38 | 000,002,756 | ---- | C] () -- E:\WINDOWS\System32\slibfg.dll
[2009/07/25 09:29:37 | 000,000,056 | -H-- | C] () -- E:\WINDOWS\System32\ezsidmv.dat
[2009/07/11 17:06:36 | 000,000,604 | ---- | C] () -- E:\Documents and Settings\Troy\Local Settings\Application Data\Notes.stt
[2009/07/11 17:06:36 | 000,000,117 | ---- | C] () -- E:\Documents and Settings\Troy\Local Settings\Application Data\Reminders.stt
[2009/06/20 15:47:51 | 000,002,240 | ---- | C] () -- E:\WINDOWS\LENDIG.sys
[2009/06/18 16:55:58 | 000,121,344 | ---- | C] () -- E:\Documents and Settings\Troy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/18 12:57:40 | 000,000,005 | ---- | C] () -- E:\WINDOWS\obggonnd.ini
[2009/06/18 12:54:40 | 000,000,005 | ---- | C] () -- E:\WINDOWS\obggonha.ini
[2009/06/18 12:54:40 | 000,000,005 | ---- | C] () -- E:\WINDOWS\obggonad.ini
[2009/06/18 11:39:55 | 000,000,005 | ---- | C] () -- E:\WINDOWS\obggonoe.ini
[2009/06/18 11:39:55 | 000,000,005 | ---- | C] () -- E:\WINDOWS\obggonmi.ini
[2009/06/18 11:39:55 | 000,000,005 | ---- | C] () -- E:\WINDOWS\obggonif.ini
[2009/06/18 11:39:55 | 000,000,005 | ---- | C] () -- E:\WINDOWS\obggondi.ini
[2009/06/18 01:18:53 | 000,165,376 | ---- | C] () -- E:\Program Files\UNWISE.EXE
[2009/06/18 01:18:53 | 000,000,058 | ---- | C] () -- E:\Program Files\Native Instruments Homepage.url
[2009/06/17 21:40:12 | 000,000,008 | ---- | C] () -- E:\WINDOWS\System32\nvModes.dat
[2009/06/09 06:35:39 | 000,000,000 | ---- | C] () -- E:\WINDOWS\nsreg.dat
[2009/06/09 06:28:43 | 000,004,984 | ---- | C] () -- E:\WINDOWS\System32\drivers\nvphy.bin
[2009/06/08 22:53:50 | 000,004,161 | ---- | C] () -- E:\WINDOWS\ODBCINST.INI
[2009/06/08 22:51:00 | 003,431,136 | ---- | C] () -- E:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/08 14:33:04 | 000,040,960 | ---- | C] () -- E:\WINDOWS\System32\ChCfg.exe
[2009/06/08 14:33:04 | 000,000,164 | ---- | C] () -- E:\WINDOWS\avrack.ini
[2009/06/08 14:14:15 | 000,147,456 | R--- | C] () -- E:\WINDOWS\System32\RTLCPAPI.dll
[2009/06/08 13:05:06 | 000,002,048 | --S- | C] () -- E:\WINDOWS\bootstat.dat
[2009/06/08 12:59:47 | 000,021,640 | ---- | C] () -- E:\WINDOWS\System32\emptyregdb.dat
[2009/05/01 00:31:10 | 001,657,376 | ---- | C] () -- E:\WINDOWS\System32\nwiz.exe
[2009/05/01 00:31:08 | 000,449,056 | ---- | C] () -- E:\WINDOWS\System32\nvappbar.exe
[2009/05/01 00:31:08 | 000,436,768 | ---- | C] () -- E:\WINDOWS\System32\keystone.exe
[2009/05/01 00:31:06 | 001,724,416 | ---- | C] () -- E:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/01 00:31:06 | 001,507,328 | ---- | C] () -- E:\WINDOWS\System32\nview.dll
[2009/05/01 00:31:06 | 001,101,824 | ---- | C] () -- E:\WINDOWS\System32\nvwimg.dll
[2009/05/01 00:31:06 | 000,466,944 | ---- | C] () -- E:\WINDOWS\System32\nvshell.dll
[2009/04/30 22:02:00 | 001,579,630 | ---- | C] () -- E:\WINDOWS\System32\nvdata.bin
[2009/03/28 00:03:00 | 001,346,080 | ---- | C] () -- E:\WINDOWS\System32\nvdspsch.exe
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- E:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelFrench.dll
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- E:\WINDOWS\System32\secupd.dat
[2003/10/09 05:18:10 | 000,143,360 | ---- | C] () -- E:\WINDOWS\System32\mafwTray.exe
[2003/10/09 05:18:10 | 000,013,824 | ---- | C] () -- E:\WINDOWS\System32\mafwpnl.dll
[2001/08/23 22:00:00 | 013,107,200 | ---- | C] () -- E:\WINDOWS\System32\oembios.bin
[2001/08/23 22:00:00 | 000,673,088 | ---- | C] () -- E:\WINDOWS\System32\mlang.dat
[2001/08/23 22:00:00 | 000,432,356 | ---- | C] () -- E:\WINDOWS\System32\perfh009.dat
[2001/08/23 22:00:00 | 000,272,128 | ---- | C] () -- E:\WINDOWS\System32\perfi009.dat
[2001/08/23 22:00:00 | 000,218,003 | ---- | C] () -- E:\WINDOWS\System32\dssec.dat
[2001/08/23 22:00:00 | 000,067,312 | ---- | C] () -- E:\WINDOWS\System32\perfc009.dat
[2001/08/23 22:00:00 | 000,046,258 | ---- | C] () -- E:\WINDOWS\System32\mib.bin
[2001/08/23 22:00:00 | 000,028,626 | ---- | C] () -- E:\WINDOWS\System32\perfd009.dat
[2001/08/23 22:00:00 | 000,004,463 | ---- | C] () -- E:\WINDOWS\System32\oembios.dat
[2001/08/23 22:00:00 | 000,000,741 | ---- | C] () -- E:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 200 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD
@Alternate Data Stream - 134 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:FB198ECA
@Alternate Data Stream - 129 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 125 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >








OTL Extras logfile created on: 28/06/2011 5:57:18 PM - Run 4
OTL by OldTimer - Version 3.2.24.1 Folder = E:\Documents and Settings\Troy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1023.48 Mb Total Physical Memory | 602.41 Mb Available Physical Memory | 58.86% Memory free
2.90 Gb Paging File | 2.64 Gb Available in Paging File | 90.89% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 111.79 Gb Total Space | 100.49 Gb Free Space | 89.90% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 104.01 Gb Total Space | 13.23 Gb Free Space | 12.72% Space Free | Partition Type: NTFS
Drive F: | 361.75 Gb Total Space | 34.20 Gb Free Space | 9.45% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 2.05 Gb Free Space | 0.22% Space Free | Partition Type: NTFS

Computer Name: TROY | User Name: Troy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "E:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "E:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "E:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Program Files\SoulseekNS\slsk.exe" = E:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{433A39B0-380C-4634-93FE-12A812954F5B}" = BigPond Broadband ADSL
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0D5BC5DD5940677F9B5623C12951388F5EF72436" = Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (02/07/2007 5.1283.0207.2007)
"84261EAEDFA5240ACFFEDFB145134E295B649795" = Windows Driver Package - Thomson (USB_RNDIS) Net (02/16/2004 1.0.0.3)
"8ABEA6D4578549FADD34471076DFC5C22976C6D9" = Windows Driver Package - Atheros (arusb(Atheros)) Net (09/23/2008 3.0.0.131)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Aether" = 2C-Audio Aether
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"ASIO4ALL" = ASIO4ALL
"Atmosphere_is1" = Atmosphere
"BBE D82 Sonic Maximizer VST RTAS_is1" = BBE D82 Sonic Maximizer VST RTAS v2.0
"CCleaner" = CCleaner (remove only)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"dsbF1V1" = the flux collection
"EDE780BB5DCF2C3476C105BAE4CC1175516E9173" = Windows Driver Package - NETGEAR (W8335XP) Net (02/22/2005 3.1.1.7)
"eLicenser Control" = eLicenser Control
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"FabFilter Pro-C VST RTAS_is1" = FabFilter Pro-C VST RTAS v1.1.1
"FabFilter Pro-Q VST RTAS_is1" = FabFilter Pro-Q VST RTAS v1.0.1.6
"FabFilter Twin VSTi RTAS_is1" = FabFilter Twin VSTi RTAS v2.00
"FL Studio 8" = FL Studio 8
"FWDJ" = Firewire Audiophile 1.0.1.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"iZotope Nectar_is1" = iZotope Nectar
"iZotope Ozone 3_is1" = iZotope Ozone 3
"jZip" = jZip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0
"Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Ohmboyz VST2" = OhmForce Ohmboyz VST2
"Ohmicide VST" = Ohm Force - Ohmicide VST
"PageshotsPro_is1" = PageshotsPro 1.0.0
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"Registry Mechanic_is1" = Registry Mechanic 7.0
"RGC.Audio.z3ta+_Access.Virus.VSTi.v1.2.Retail-Elite." = RGC.Audio.z3ta+_Access.Virus.VSTi.v1.2.Retail-Elite.
"Smart Defrag 2_is1" = Smart Defrag 2
"Sonik Synth 2" = Sonik Synth 2
"Sonnox Oxford Limiter Native VST_is1" = Sonnox Oxford Limiter Native VST v1.1.1
"Soulseek2" = SoulSeek 157 NS 13c
"SPL Analog Code Transient Designer VST RTAS_is1" = SPL Analog Code Transient Designer VST RTAS v1.1
"SubBoomBass_is1" = Rob Papen SubBoomBass 1.0.3c
"Sylenth1_is1" = Sylenth1 v1.01.3
"The Matrix Trilogy" = The Matrix Trilogy Screensaver 0.45
"Ulead FantasyWarp.Plugin 1.0" = Ulead FantasyWarp.Plugin 1.0
"Ultra Fractal 4.03" = Ultra Fractal 4.03
"VLC media player" = VLC media player 1.0.0
"Wave Arts Power Suite" = Wave Arts Power Suite
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft DVD Creator 6" = Xilisoft DVD Creator 6

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/06/2011 7:38:25 PM | Computer Name = TROY | Source = Application Error | ID = 1000
Description = Faulting application fl.exe, version 0.0.0.0, faulting module subboombass.dll,
version 0.1.0.3, fault address 0x00105ad0.

Error - 28/06/2011 12:11:23 AM | Computer Name = TROY | Source = Application Error | ID = 1000
Description = Faulting application photoshop.exe, version 12.0.1.0, faulting module
adobeswfl.dll, version 2.0.0.7489, fault address 0x00013db9.

[ System Events ]
Error - 25/06/2011 10:20:14 AM | Computer Name = TROY | Source = NVENETFD | ID = 5008
Description = NVIDIA nForce 10/100/1000 Mbps Ethernet #2 : Has encountered an invalid
network address.

Error - 25/06/2011 10:53:02 AM | Computer Name = TROY | Source = NVENETFD | ID = 5008
Description = NVIDIA nForce 10/100/1000 Mbps Ethernet #2 : Has encountered an invalid
network address.

Error - 25/06/2011 7:06:17 PM | Computer Name = TROY | Source = NVENETFD | ID = 5008
Description = NVIDIA nForce 10/100/1000 Mbps Ethernet #2 : Has encountered an invalid
network address.

Error - 25/06/2011 11:28:15 PM | Computer Name = TROY | Source = Service Control Manager | ID = 7034
Description = The Application Updater service terminated unexpectedly. It has done
this 1 time(s).

Error - 26/06/2011 7:17:00 PM | Computer Name = TROY | Source = NVENETFD | ID = 5008
Description = NVIDIA nForce 10/100/1000 Mbps Ethernet #2 : Has encountered an invalid
network address.

Error - 26/06/2011 9:40:02 PM | Computer Name = TROY | Source = NVENETFD | ID = 5008
Description = NVIDIA nForce 10/100/1000 Mbps Ethernet #2 : Has encountered an invalid
network address.

Error - 26/06/2011 10:56:01 PM | Computer Name = TROY | Source = NVENETFD | ID = 5008
Description = NVIDIA nForce 10/100/1000 Mbps Ethernet #2 : Has encountered an invalid
network address.

Error - 27/06/2011 6:15:28 PM | Computer Name = TROY | Source = NVENETFD | ID = 5008
Description = NVIDIA nForce 10/100/1000 Mbps Ethernet #2 : Has encountered an invalid
network address.

Error - 28/06/2011 3:27:44 AM | Computer Name = TROY | Source = NVENETFD | ID = 5008
Description = NVIDIA nForce 10/100/1000 Mbps Ethernet #2 : Has encountered an invalid
network address.

Error - 28/06/2011 3:44:17 AM | Computer Name = TROY | Source = NVENETFD | ID = 5008
Description = NVIDIA nForce 10/100/1000 Mbps Ethernet #2 : Has encountered an invalid
network address.


< End of report >
  • 0

#5
sonicpulse
Posted 28 June 2011 - 03:14 AM

sonicpulse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
i re-installed and updated the latest malwarebytes like you said,here is the report generated after the scan....



Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6965

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28/06/2011 6:12:34 PM
mbam-log-2011-06-28 (18-12-34).txt

Scan type: Quick scan
Objects scanned: 134405
Time elapsed: 1 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#6
sonicpulse
Posted 28 June 2011 - 03:19 AM

sonicpulse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
here is the log generated after the scan with ComboFix....



ComboFix 11-06-27.03 - Troy 28/06/2011 18:35:09.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1023.591 [GMT 10:00]
Running from: e:\documents and settings\Troy\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\documents and settings\Troy\WINDOWS
e:\windows\system32\msvcsv60.dll
e:\windows\system32\solegeh.dll
e:\windows\system32\sslibkh.dll
e:\windows\system32\ssolefw.dll
e:\windows\system32\ssoleht.dll
e:\windows\system32\ssolekuy.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-28 )))))))))))))))))))))))))))))))
.
.
2011-06-28 07:42 . 2011-06-28 07:42 -------- d-----w- E:\_OTL
2011-06-27 01:33 . 2011-06-28 07:37 -------- d-----w- e:\documents and settings\Troy\Application Data\IObit
2011-06-27 01:27 . 2011-06-27 01:27 -------- d-----w- e:\documents and settings\Troy\Local Settings\Application Data\MyAshampoo
2011-06-25 23:59 . 2011-06-25 23:59 -------- d-----w- e:\windows\system32\winrm
2011-06-25 23:59 . 2011-06-25 23:59 -------- d-----w- e:\windows\system32\GroupPolicy
2011-06-25 23:59 . 2011-06-25 23:59 -------- dc-h--w- e:\windows\$968930Uinstall_KB968930$
2011-06-25 23:46 . 2011-06-26 00:02 -------- d-----w- e:\documents and settings\All Users\Application Data\IObit
2011-06-25 23:45 . 2011-06-25 23:45 -------- d-----w- e:\windows\system32\config\systemprofile\Application Data\Application Updater
2011-06-25 23:45 . 2011-02-23 06:54 29520 ----a-w- e:\windows\system32\SmartDefragBootTime.exe
2011-06-25 23:45 . 2011-02-23 07:04 13496 ----a-w- e:\windows\system32\drivers\SmartDefragDriver.sys
2011-06-25 23:45 . 2011-06-25 23:46 -------- d-----w- e:\program files\IObit
2011-06-24 10:06 . 2011-06-24 10:06 2106216 ----a-w- e:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-24 10:06 . 2011-06-24 10:06 1998168 ----a-w- e:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-24 01:46 . 2011-06-24 01:46 -------- d-----w- e:\documents and settings\Troy\Application Data\NCH Swift Sound
2011-06-23 06:16 . 2011-06-23 06:16 -------- d-----w- E:\_OTM
2011-06-23 05:54 . 2011-06-23 05:54 -------- d-----w- e:\program files\Sonnox
2011-06-23 05:10 . 2011-06-28 08:17 -------- d-----w- e:\program files\Spybot - Search & Destroy
2011-06-23 03:20 . 2011-06-23 03:21 -------- d-----w- e:\documents and settings\Troy\Local Settings\Application Data\MediaGet2
2011-06-18 00:11 . 2011-06-18 00:11 -------- d-----w- e:\documents and settings\NetworkService\Local Settings\Application Data\MyAshampoo
2011-06-16 21:08 . 2011-04-21 13:37 105472 -c----w- e:\windows\system32\dllcache\mup.sys
2011-06-14 08:06 . 2011-06-14 08:06 -------- d-----w- e:\program files\Ashampoo
2011-06-14 08:00 . 2011-06-14 08:00 -------- d-----w- e:\documents and settings\All Users\Application Data\WinZip
2011-06-13 23:08 . 2011-06-13 23:08 -------- d-----w- e:\documents and settings\Troy\Local Settings\Application Data\Xilisoft
2011-06-13 23:08 . 2011-06-13 23:08 -------- d-----w- e:\documents and settings\Troy\Application Data\Xilisoft
2011-06-10 01:13 . 2011-06-10 01:13 -------- d-----w- e:\documents and settings\Troy\Application Data\iZotope
2011-06-10 01:06 . 2011-06-10 01:06 -------- d-----w- e:\program files\iZotope
2011-06-03 01:43 . 2011-06-03 01:51 -------- d-----w- e:\program files\coolpro2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-20 09:44 . 2011-05-20 10:23 284160 ----a-w- e:\windows\uninst.exe
2011-05-02 15:31 . 2009-06-08 03:00 692736 ----a-w- e:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2005-10-27 10:46 456320 ----a-w- e:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2005-10-27 10:44 916480 ----a-w- e:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-03 14:56 1469440 ----a-w- e:\windows\system32\inetcpl.cpl
2011-04-25 16:11 . 2004-08-03 14:56 43520 ----a-w- e:\windows\system32\licmgr10.dll
2011-04-25 12:01 . 2004-08-03 12:59 385024 ----a-w- e:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-03 13:15 105472 ----a-w- e:\windows\system32\drivers\mup.sys
2001-11-04 23:30 . 2009-06-17 15:18 165376 ----a-w- e:\program files\UNWISE.EXE
2011-06-24 10:06 . 2011-02-12 09:54 142296 ----a-w- e:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-04-30 1657376]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="e:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=e:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-05 17:44 500208 ------w- e:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 19:42 15360 ----a-w- e:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-23 04:47 136176 ----atw- e:\documents and settings\Troy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAFWTaskbarApp]
2009-06-17 12:24 143360 ----a-w- e:\windows\system32\mafwTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-05-20 02:38 1830128 ----a-w- e:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RAMSaverPro"=e:\program files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe
"msnmsgr"="e:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"MSMSGS"="e:\program files\Messenger\msmsgs.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"="e:\program files\Winamp\winampa.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"e:\\Program Files\\SoulseekNS\\slsk.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SmartDefragDriver;SmartDefragDriver;e:\windows\system32\drivers\SmartDefragDriver.sys [26/06/2011 9:45 AM 13496]
R0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [18/05/2010 2:57 PM 691696]
S3 WinRM;Windows Remote Management (WS-Management);e:\windows\system32\svchost.exe -k WINRM [4/08/2004 12:56 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-26 e:\windows\Tasks\AdobeAAMUpdater-1.0-TROY-Troy.job
- e:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-06-21 17:44]
.
2011-06-25 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 01:34]
.
2011-06-28 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-436374069-725345543-1003Core.job
- e:\documents and settings\Troy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-23 04:47]
.
2011-06-28 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-436374069-725345543-1003UA.job
- e:\documents and settings\Troy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-23 04:47]
.
2011-06-28 e:\windows\Tasks\SmartDefrag_Startup.job
- e:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-06-25 10:19]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.yoower.com/
Trusted Zone: msn.com\www
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - e:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://search.jzip.com/
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-Advanced SystemCare 4 - e:\program files\IObit\Advanced SystemCare 4\ASCTray.exe
MSConfigStartUp-Malwarebytes' Anti-Malware - e:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
AddRemove-dsbF1V1 - e:\program files\adobe\adobe photoshop cs5.1\plug-ins\DeIsL1.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-28 18:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-06-28 18:39:22
ComboFix-quarantined-files.txt 2011-06-28 08:39
.
Pre-Run: 14,283,825,152 bytes free
Post-Run: 14,239,395,840 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 373BCC1A67FBC361040E1FF9CB6D587B
  • 0

#7
sonicpulse
Posted 28 June 2011 - 03:23 AM

sonicpulse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
here is the log generated after running the aswMBR scan...

the line 18:44:09:484 ntkrnlpa.exe................ect, was highlighted in red and the FIX button was not enabled..



aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-28 18:43:48
-----------------------------
18:43:48.359 OS Version: Windows 5.1.2600 Service Pack 3
18:43:48.359 Number of processors: 2 586 0x2B01
18:43:48.359 ComputerName: TROY UserName: Troy
18:43:49.843 Initialize success
18:44:06.312 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
18:44:06.312 Disk 0 Vendor: ST3500418AS CC34 Size: 476940MB BusType: 3
18:44:06.312 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-1b
18:44:06.312 Disk 1 Vendor: ST3120827AS 3.42 Size: 114472MB BusType: 3
18:44:06.312 Disk 1 MBR read error 0
18:44:06.312 Disk 1 MBR scan
18:44:06.312 Disk 1 unknown MBR code
18:44:06.312 MBR BIOS signature not found 0
18:44:06.312 Disk 1 scanning sectors +234436545
18:44:06.328 Disk 1 scanning E:\WINDOWS\system32\drivers
18:44:08.718 Service scanning
18:44:09.468 Disk 1 trace - called modules:
18:44:09.484 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spus.sys >>UNKNOWN [0x86d8a938]<<
18:44:09.484 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x86d0eab8]
18:44:09.484 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\0000006d[0x86cb5ca0]
18:44:09.500 5 ACPI.sys[f7253620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-1b[0x86d0dd98]
18:44:09.500 Scan finished successfully
18:44:46.703 Disk 1 MBR has been saved successfully to "E:\Documents and Settings\Troy\Desktop\MBR.dat"
18:44:46.703 The log file has been saved successfully to "E:\Documents and Settings\Troy\Desktop\aswMBR.txt"
  • 0

#8
RKinner
Posted 28 June 2011 - 08:01 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Download save and run the AVG removal tool.
http://download.avg....6_2011_1322.exe


Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

SecCenter::
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

DirLook::
C:\Program Files\Common
%user%\library



******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Let's install the free Avast:

http://www.avast.com...ivirus-download

Once you have it installed and it has updated, Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Run aswMBR again and post the log.

Ron
  • 0

#9
sonicpulse
Posted 29 June 2011 - 12:49 AM

sonicpulse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
hi Ron here is the ComboFix log....it still detected AVG free and asked me to disable it..even though i had run the AVG remover..



ComboFix 11-06-28.05 - Troy 29/06/2011 9:03.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1023.511 [GMT 10:00]
Running from: e:\documents and settings\Troy\Desktop\ComboFix.exe
Command switches used :: e:\documents and settings\Troy\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-28 )))))))))))))))))))))))))))))))
.
.
2011-06-28 07:42 . 2011-06-28 07:42 -------- d-----w- E:\_OTL
2011-06-27 01:33 . 2011-06-28 07:37 -------- d-----w- e:\documents and settings\Troy\Application Data\IObit
2011-06-27 01:27 . 2011-06-27 01:27 -------- d-----w- e:\documents and settings\Troy\Local Settings\Application Data\MyAshampoo
2011-06-25 23:59 . 2011-06-25 23:59 -------- d-----w- e:\windows\system32\winrm
2011-06-25 23:59 . 2011-06-25 23:59 -------- d-----w- e:\windows\system32\GroupPolicy
2011-06-25 23:59 . 2011-06-25 23:59 -------- dc-h--w- e:\windows\$968930Uinstall_KB968930$
2011-06-25 23:46 . 2011-06-26 00:02 -------- d-----w- e:\documents and settings\All Users\Application Data\IObit
2011-06-25 23:45 . 2011-06-25 23:45 -------- d-----w- e:\windows\system32\config\systemprofile\Application Data\Application Updater
2011-06-25 23:45 . 2011-02-23 06:54 29520 ----a-w- e:\windows\system32\SmartDefragBootTime.exe
2011-06-25 23:45 . 2011-02-23 07:04 13496 ----a-w- e:\windows\system32\drivers\SmartDefragDriver.sys
2011-06-25 23:45 . 2011-06-25 23:46 -------- d-----w- e:\program files\IObit
2011-06-24 10:06 . 2011-06-24 10:06 2106216 ----a-w- e:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-24 10:06 . 2011-06-24 10:06 1998168 ----a-w- e:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-24 01:46 . 2011-06-24 01:46 -------- d-----w- e:\documents and settings\Troy\Application Data\NCH Swift Sound
2011-06-23 06:16 . 2011-06-23 06:16 -------- d-----w- E:\_OTM
2011-06-23 05:54 . 2011-06-23 05:54 -------- d-----w- e:\program files\Sonnox
2011-06-23 05:10 . 2011-06-28 08:17 -------- d-----w- e:\program files\Spybot - Search & Destroy
2011-06-23 03:20 . 2011-06-23 03:21 -------- d-----w- e:\documents and settings\Troy\Local Settings\Application Data\MediaGet2
2011-06-18 00:11 . 2011-06-18 00:11 -------- d-----w- e:\documents and settings\NetworkService\Local Settings\Application Data\MyAshampoo
2011-06-16 21:08 . 2011-04-21 13:37 105472 -c----w- e:\windows\system32\dllcache\mup.sys
2011-06-14 08:06 . 2011-06-14 08:06 -------- d-----w- e:\program files\Ashampoo
2011-06-14 08:00 . 2011-06-14 08:00 -------- d-----w- e:\documents and settings\All Users\Application Data\WinZip
2011-06-13 23:08 . 2011-06-13 23:08 -------- d-----w- e:\documents and settings\Troy\Local Settings\Application Data\Xilisoft
2011-06-13 23:08 . 2011-06-13 23:08 -------- d-----w- e:\documents and settings\Troy\Application Data\Xilisoft
2011-06-10 01:13 . 2011-06-10 01:13 -------- d-----w- e:\documents and settings\Troy\Application Data\iZotope
2011-06-10 01:06 . 2011-06-10 01:06 -------- d-----w- e:\program files\iZotope
2011-06-03 01:43 . 2011-06-03 01:51 -------- d-----w- e:\program files\coolpro2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-20 09:44 . 2011-05-20 10:23 284160 ----a-w- e:\windows\uninst.exe
2011-05-02 15:31 . 2009-06-08 03:00 692736 ----a-w- e:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2005-10-27 10:46 456320 ----a-w- e:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2005-10-27 10:44 916480 ----a-w- e:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-03 14:56 1469440 ----a-w- e:\windows\system32\inetcpl.cpl
2011-04-25 16:11 . 2004-08-03 14:56 43520 ----a-w- e:\windows\system32\licmgr10.dll
2011-04-25 12:01 . 2004-08-03 12:59 385024 ----a-w- e:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-03 13:15 105472 ----a-w- e:\windows\system32\drivers\mup.sys
2001-11-04 23:30 . 2009-06-17 15:18 165376 ----a-w- e:\program files\UNWISE.EXE
2011-06-24 10:06 . 2011-02-12 09:54 142296 ----a-w- e:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-28_08.37.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-28 23:19 . 2011-06-28 23:19 16384 e:\windows\temp\Perflib_Perfdata_6ec.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-04-30 1657376]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="e:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=e:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-05 17:44 500208 ------w- e:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 19:42 15360 ----a-w- e:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-23 04:47 136176 ----atw- e:\documents and settings\Troy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAFWTaskbarApp]
2009-06-17 12:24 143360 ----a-w- e:\windows\system32\mafwTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-05-20 02:38 1830128 ----a-w- e:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RAMSaverPro"=e:\program files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe
"msnmsgr"="e:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"MSMSGS"="e:\program files\Messenger\msmsgs.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"="e:\program files\Winamp\winampa.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"e:\\Program Files\\SoulseekNS\\slsk.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SmartDefragDriver;SmartDefragDriver;e:\windows\system32\drivers\SmartDefragDriver.sys [26/06/2011 9:45 AM 13496]
R0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [18/05/2010 2:57 PM 691696]
S3 WinRM;Windows Remote Management (WS-Management);e:\windows\system32\svchost.exe -k WINRM [4/08/2004 12:56 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-28 e:\windows\Tasks\AdobeAAMUpdater-1.0-TROY-Troy.job
- e:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-06-21 17:44]
.
2011-06-25 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 01:34]
.
2011-06-28 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-436374069-725345543-1003Core.job
- e:\documents and settings\Troy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-23 04:47]
.
2011-06-28 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-436374069-725345543-1003UA.job
- e:\documents and settings\Troy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-23 04:47]
.
2011-06-28 e:\windows\Tasks\SmartDefrag_Startup.job
- e:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-06-25 10:19]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.yoower.com/
Trusted Zone: msn.com\www
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - e:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://search.jzip.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-29 09:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3416)
e:\windows\system32\WININET.dll
e:\windows\system32\ieframe.dll
e:\windows\system32\webcheck.dll
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
e:\windows\system32\nvsvc32.exe
e:\windows\system32\wscntfy.exe
e:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2011-06-29 09:21:28 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-28 23:21
.
Pre-Run: 14,419,574,784 bytes free
Post-Run: 14,399,279,104 bytes free
.
- - End Of File - - 35AEA9D8A7B732D2B4481FDCFDE63C4C
  • 0

#10
sonicpulse
Posted 29 June 2011 - 12:55 AM

sonicpulse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
i downloaded AVAST like you said and did the scan...(took quite a few hours)
it picked up this...PUP:Win32:Adware-HV....and moved it to the chest

here is the tdsskiller log and the aswMBR log........
after running the aswMBR scan,the same line was highlighted in red and the FIX button was not enabled..



2011/06/29 16:16:50.0109 2620 TDSS rootkit removing tool 2.5.7.0 Jun 28 2011 13:21:55
2011/06/29 16:16:51.0109 2620 ================================================================================
2011/06/29 16:16:51.0109 2620 SystemInfo:
2011/06/29 16:16:51.0109 2620
2011/06/29 16:16:51.0109 2620 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/29 16:16:51.0109 2620 Product type: Workstation
2011/06/29 16:16:51.0109 2620 ComputerName: TROY
2011/06/29 16:16:51.0109 2620 UserName: Troy
2011/06/29 16:16:51.0109 2620 Windows directory: E:\WINDOWS
2011/06/29 16:16:51.0109 2620 System windows directory: E:\WINDOWS
2011/06/29 16:16:51.0109 2620 Processor architecture: Intel x86
2011/06/29 16:16:51.0109 2620 Number of processors: 2
2011/06/29 16:16:51.0109 2620 Page size: 0x1000
2011/06/29 16:16:51.0109 2620 Boot type: Normal boot
2011/06/29 16:16:51.0109 2620 ================================================================================
2011/06/29 16:16:57.0765 2620 Initialize success
2011/06/29 16:17:19.0250 2716 ================================================================================
2011/06/29 16:17:19.0250 2716 Scan started
2011/06/29 16:17:19.0250 2716 Mode: Manual;
2011/06/29 16:17:19.0250 2716 ================================================================================
2011/06/29 16:17:19.0640 2716 Aavmker4 (3f6884eff406238d39aaa892218f1df7) E:\WINDOWS\system32\drivers\Aavmker4.sys
2011/06/29 16:17:19.0718 2716 ACPI (8fd99680a539792a30e97944fdaecf17) E:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/29 16:17:19.0750 2716 ACPIEC (9859c0f6936e723e4892d7141b1327d5) E:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/29 16:17:19.0812 2716 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys
2011/06/29 16:17:19.0843 2716 AFD (355556d9e580915118cd7ef736653a89) E:\WINDOWS\System32\drivers\afd.sys
2011/06/29 16:17:20.0015 2716 ALCXWDM (8a8909fdd548d84a3e02e04f699ee705) E:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/06/29 16:17:20.0156 2716 AmdPPM (033448d435e65c4bd72e70521fd05c76) E:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2011/06/29 16:17:20.0218 2716 Arp1394 (b5b8a80875c1dededa8b02765642c32f) E:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/29 16:17:20.0296 2716 Aspi32 (54ab078660e536da72b21a27f56b035b) E:\WINDOWS\system32\drivers\aspi32.sys
2011/06/29 16:17:20.0343 2716 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) E:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/06/29 16:17:20.0359 2716 aswMon2 (c2181ef6b54752273a0759a968c59279) E:\WINDOWS\system32\drivers\aswMon2.sys
2011/06/29 16:17:20.0375 2716 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) E:\WINDOWS\system32\drivers\aswRdr.sys
2011/06/29 16:17:20.0421 2716 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) E:\WINDOWS\system32\drivers\aswSnx.sys
2011/06/29 16:17:20.0453 2716 aswSP (d6788e3211afa9951ed7a4d617f68a4f) E:\WINDOWS\system32\drivers\aswSP.sys
2011/06/29 16:17:20.0484 2716 aswTdi (4d100c45517809439c7b6dd98997fa00) E:\WINDOWS\system32\drivers\aswTdi.sys
2011/06/29 16:17:20.0500 2716 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/29 16:17:20.0531 2716 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/29 16:17:20.0578 2716 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/29 16:17:20.0609 2716 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/29 16:17:20.0656 2716 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys
2011/06/29 16:17:20.0718 2716 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/29 16:17:20.0765 2716 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/29 16:17:20.0781 2716 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/29 16:17:20.0812 2716 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/29 16:17:20.0968 2716 DELTAFW (9746aef54ef3ac5d9877482976373034) E:\WINDOWS\system32\drivers\deltafw.sys
2011/06/29 16:17:20.0984 2716 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/29 16:17:21.0046 2716 dmboot (d992fe1274bde0f84ad826acae022a41) E:\WINDOWS\system32\drivers\dmboot.sys
2011/06/29 16:17:21.0078 2716 dmio (7c824cf7bbde77d95c08005717a95f6f) E:\WINDOWS\system32\drivers\dmio.sys
2011/06/29 16:17:21.0093 2716 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys
2011/06/29 16:17:21.0125 2716 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys
2011/06/29 16:17:21.0171 2716 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/29 16:17:21.0218 2716 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/29 16:17:21.0250 2716 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/29 16:17:21.0265 2716 Fips (d45926117eb9fa946a6af572fbe1caa3) E:\WINDOWS\system32\drivers\Fips.sys
2011/06/29 16:17:21.0296 2716 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/29 16:17:21.0328 2716 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/29 16:17:21.0343 2716 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/29 16:17:21.0359 2716 Ftdisk (6ac26732762483366c3969c9e4d2259d) E:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/29 16:17:21.0390 2716 gameenum (065639773d8b03f33577f6cdaea21063) E:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/06/29 16:17:21.0406 2716 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/29 16:17:21.0453 2716 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/29 16:17:21.0515 2716 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/29 16:17:21.0578 2716 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) E:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/29 16:17:21.0609 2716 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/29 16:17:21.0687 2716 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/29 16:17:21.0703 2716 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/29 16:17:21.0734 2716 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/29 16:17:21.0750 2716 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/29 16:17:21.0765 2716 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/29 16:17:21.0796 2716 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/29 16:17:21.0828 2716 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) E:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/29 16:17:21.0843 2716 Kbdclass (463c1ec80cd17420a542b7f36a36f128) E:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/29 16:17:21.0875 2716 kbdhid (9ef487a186dea361aa06913a75b3fa99) E:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/29 16:17:21.0906 2716 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys
2011/06/29 16:17:21.0937 2716 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/29 16:17:22.0015 2716 MAFWBOOT (fe07d348ef5ebed7e43da516c3a55563) E:\WINDOWS\system32\drivers\mafwboot.sys
2011/06/29 16:17:22.0062 2716 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/29 16:17:22.0093 2716 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) E:\WINDOWS\system32\drivers\Modem.sys
2011/06/29 16:17:22.0109 2716 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) E:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/29 16:17:22.0171 2716 mouhid (b1c303e17fb9d46e87a98e4ba6769685) E:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/29 16:17:22.0187 2716 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/29 16:17:22.0234 2716 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/29 16:17:22.0265 2716 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/29 16:17:22.0296 2716 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys
2011/06/29 16:17:22.0343 2716 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/29 16:17:22.0359 2716 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/29 16:17:22.0390 2716 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/29 16:17:22.0406 2716 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/29 16:17:22.0437 2716 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) E:\WINDOWS\system32\drivers\msmpu401.sys
2011/06/29 16:17:22.0484 2716 Mup (de6a75f5c270e756c5508d94b6cf68f5) E:\WINDOWS\system32\drivers\Mup.sys
2011/06/29 16:17:22.0515 2716 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys
2011/06/29 16:17:22.0531 2716 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) E:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/29 16:17:22.0562 2716 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/29 16:17:22.0578 2716 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/29 16:17:22.0609 2716 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) E:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/29 16:17:22.0625 2716 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/29 16:17:22.0640 2716 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/29 16:17:22.0703 2716 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) E:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/29 16:17:22.0718 2716 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys
2011/06/29 16:17:22.0750 2716 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/29 16:17:22.0781 2716 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys
2011/06/29 16:17:22.0968 2716 nv (406ddab2b05d94d4818e97ff050d1bc6) E:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/29 16:17:23.0125 2716 NVENETFD (7d275ecda4628318912f6c945d5cf963) E:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/06/29 16:17:23.0156 2716 nvnetbus (b64aacefad2be5bff5353fe681253c67) E:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/06/29 16:17:23.0187 2716 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/29 16:17:23.0218 2716 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/29 16:17:23.0250 2716 ohci1394 (ca33832df41afb202ee7aeb05145922f) E:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/29 16:17:23.0265 2716 Parport (5575faf8f97ce5e713d108c2a58d7c7c) E:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/29 16:17:23.0281 2716 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/29 16:17:23.0312 2716 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) E:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/29 16:17:23.0328 2716 PCI (a219903ccf74233761d92bef471a07b1) E:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/29 16:17:23.0375 2716 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) E:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/29 16:17:23.0406 2716 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) E:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/29 16:17:23.0593 2716 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/29 16:17:23.0625 2716 Processor (a32bebaf723557681bfc6bd93e98bd26) E:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/29 16:17:23.0640 2716 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/29 16:17:23.0656 2716 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/29 16:17:23.0687 2716 PxHelp20 (153d02480a0a2f45785522e814c634b6) E:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/29 16:17:23.0812 2716 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/29 16:17:23.0828 2716 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/29 16:17:23.0859 2716 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/29 16:17:23.0875 2716 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/29 16:17:23.0906 2716 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/29 16:17:23.0921 2716 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/29 16:17:23.0953 2716 rdpdr (15cabd0f7c00c47c70124907916af3f1) E:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/29 16:17:23.0968 2716 RDPWD (6728e45b66f93c08f11de2e316fc70dd) E:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/29 16:17:24.0015 2716 redbook (f828dd7e1419b6653894a8f97a0094c5) E:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/29 16:17:24.0078 2716 rtl8139 (d507c1400284176573224903819ffda3) E:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/06/29 16:17:24.0109 2716 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/29 16:17:24.0156 2716 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/29 16:17:24.0171 2716 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) E:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/29 16:17:24.0234 2716 sfdrv01 (4c0d673281178cb496011a2e28571fc8) E:\WINDOWS\system32\drivers\sfdrv01.sys
2011/06/29 16:17:24.0250 2716 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) E:\WINDOWS\system32\drivers\sfhlp02.sys
2011/06/29 16:17:24.0296 2716 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/29 16:17:24.0312 2716 sfvfs02 (9ef50060cc7e6953bab83f2a42ccc421) E:\WINDOWS\system32\drivers\sfvfs02.sys
2011/06/29 16:17:24.0375 2716 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) E:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2011/06/29 16:17:24.0421 2716 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys
2011/06/29 16:17:24.0468 2716 sptd (cdddec541bc3c96f91ecb48759673505) E:\WINDOWS\system32\Drivers\sptd.sys
2011/06/29 16:17:24.0468 2716 Suspicious file (NoAccess): E:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/06/29 16:17:24.0484 2716 sptd - detected LockedFile.Multi.Generic (1)
2011/06/29 16:17:24.0500 2716 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) E:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/29 16:17:24.0531 2716 Srv (47ddfc2f003f7f9f0592c6874962a2e7) E:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/29 16:17:24.0578 2716 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/29 16:17:24.0593 2716 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys
2011/06/29 16:17:24.0703 2716 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/29 16:17:24.0750 2716 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/29 16:17:24.0796 2716 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/29 16:17:24.0812 2716 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/29 16:17:24.0828 2716 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/29 16:17:24.0906 2716 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys
2011/06/29 16:17:24.0953 2716 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys
2011/06/29 16:17:25.0000 2716 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/29 16:17:25.0031 2716 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/29 16:17:25.0078 2716 usbohci (0daecce65366ea32b162f85f07c6753b) E:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/06/29 16:17:25.0093 2716 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/29 16:17:25.0109 2716 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys
2011/06/29 16:17:25.0156 2716 VolSnap (4c8fcb5cc53aab716d810740fe59d025) E:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/29 16:17:25.0203 2716 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/29 16:17:25.0265 2716 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/29 16:17:25.0375 2716 WudfPf (f15feafffbb3644ccc80c5da584e6311) E:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/29 16:17:25.0406 2716 WudfRd (28b524262bce6de1f7ef9f510ba3985b) E:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/29 16:17:25.0468 2716 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/29 16:17:25.0546 2716 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/06/29 16:17:25.0578 2716 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR5
2011/06/29 16:17:25.0593 2716 Boot (0x1200) (b64ee101569f74ebe720239e677f6638) \Device\Harddisk0\DR0\Partition0
2011/06/29 16:17:25.0625 2716 Boot (0x1200) (aaf476d14f075c39c67fc6577e025347) \Device\Harddisk0\DR0\Partition1
2011/06/29 16:17:25.0625 2716 Boot (0x1200) (74bdcf9f5f3468f6a297976479341bd5) \Device\Harddisk1\DR1\Partition0
2011/06/29 16:17:25.0640 2716 Boot (0x1200) (edfc730679b2040f627f2311298dfb36) \Device\Harddisk2\DR5\Partition0
2011/06/29 16:17:25.0656 2716 ================================================================================
2011/06/29 16:17:25.0656 2716 Scan finished
2011/06/29 16:17:25.0656 2716 ================================================================================
2011/06/29 16:17:25.0671 2804 Detected object count: 1
2011/06/29 16:17:25.0671 2804 Actual detected object count: 1
2011/06/29 16:17:40.0640 2804 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/06/29 16:18:12.0171 3912 Deinitialize success















aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-29 16:43:43
-----------------------------
16:43:43.312 OS Version: Windows 5.1.2600 Service Pack 3
16:43:43.312 Number of processors: 2 586 0x2B01
16:43:43.312 ComputerName: TROY UserName: Troy
16:43:43.953 Initialize success
16:43:53.468 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
16:43:53.468 Disk 0 Vendor: ST3500418AS CC34 Size: 476940MB BusType: 3
16:43:53.468 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-1b
16:43:53.468 Disk 1 Vendor: ST3120827AS 3.42 Size: 114472MB BusType: 3
16:43:53.468 Disk 1 MBR read error 0
16:43:53.468 Disk 1 MBR scan
16:43:53.468 Disk 1 unknown MBR code
16:43:53.484 MBR BIOS signature not found 0
16:43:53.484 Disk 1 scanning sectors +234436545
16:43:53.484 Disk 1 scanning E:\WINDOWS\system32\drivers
16:43:57.140 Service scanning
16:43:58.031 Disk 1 trace - called modules:
16:43:58.031 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spec.sys >>UNKNOWN [0x86d8a938]<<
16:43:58.046 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x86d3aab8]
16:43:58.046 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\0000006e[0x86d37258]
16:43:58.046 5 ACPI.sys[f7253620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-1b[0x86d20378]
16:43:58.046 Scan finished successfully
16:44:04.562 Disk 1 MBR has been saved successfully to "E:\Documents and Settings\Troy\Desktop\MBR.dat"
16:44:04.593 The log file has been saved successfully to "E:\Documents and Settings\Troy\Desktop\aswMBR.txt"



thanks...Troy

Edited by sonicpulse, 29 June 2011 - 01:03 AM.

  • 0

Advertisements

#11
RKinner
Posted 29 June 2011 - 06:35 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

File::
e:\windows\system32\drivers\sptd.sys
e:\windows\system32\drivers\SmartDefragDriver.sys

Driver::
sptd
SmartDefragDriver

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Run TDSSKiller again and post the log.

Run aswMBR again and post the log

Ron
  • 0

#12
sonicpulse
Posted 29 June 2011 - 07:41 AM

sonicpulse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
hi Ron everything went smoothly,ComboFix didnt detect or ask me to disable AVG this time...
it updated,did its scan and then re-booted when it was finished..here is the log....




ComboFix 11-06-29.02 - Troy 29/06/2011 23:07:10.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1023.509 [GMT 10:00]
Running from: e:\documents and settings\Troy\Desktop\ComboFix.exe
Command switches used :: e:\documents and settings\Troy\Desktop\CFScript.txt
.
FILE ::
"e:\windows\system32\drivers\SmartDefragDriver.sys"
"e:\windows\system32\drivers\sptd.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\windows\system32\drivers\SmartDefragDriver.sys
e:\windows\system32\drivers\sptd.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SMARTDEFRAGDRIVER
-------\Legacy_SPTD
-------\Service_SmartDefragDriver
-------\Service_sptd
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-29 )))))))))))))))))))))))))))))))
.
.
2011-06-28 23:26 . 2011-06-29 12:52 -------- d-----w- e:\documents and settings\All Users\Application Data\AVAST Software
2011-06-28 23:26 . 2011-06-28 23:26 -------- d-----w- e:\program files\AVAST Software
2011-06-28 07:42 . 2011-06-28 07:42 -------- d-----w- E:\_OTL
2011-06-27 01:33 . 2011-06-28 07:37 -------- d-----w- e:\documents and settings\Troy\Application Data\IObit
2011-06-27 01:27 . 2011-06-27 01:27 -------- d-----w- e:\documents and settings\Troy\Local Settings\Application Data\MyAshampoo
2011-06-25 23:59 . 2011-06-25 23:59 -------- d-----w- e:\windows\system32\winrm
2011-06-25 23:59 . 2011-06-25 23:59 -------- d-----w- e:\windows\system32\GroupPolicy
2011-06-25 23:59 . 2011-06-25 23:59 -------- dc-h--w- e:\windows\$968930Uinstall_KB968930$
2011-06-25 23:46 . 2011-06-26 00:02 -------- d-----w- e:\documents and settings\All Users\Application Data\IObit
2011-06-25 23:45 . 2011-06-25 23:45 -------- d-----w- e:\windows\system32\config\systemprofile\Application Data\Application Updater
2011-06-25 23:45 . 2011-02-23 06:54 29520 ----a-w- e:\windows\system32\SmartDefragBootTime.exe
2011-06-25 23:45 . 2011-06-25 23:46 -------- d-----w- e:\program files\IObit
2011-06-24 10:06 . 2011-06-24 10:06 2106216 ----a-w- e:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-24 10:06 . 2011-06-24 10:06 1998168 ----a-w- e:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-24 01:46 . 2011-06-24 01:46 -------- d-----w- e:\documents and settings\Troy\Application Data\NCH Swift Sound
2011-06-23 06:16 . 2011-06-23 06:16 -------- d-----w- E:\_OTM
2011-06-23 05:54 . 2011-06-23 05:54 -------- d-----w- e:\program files\Sonnox
2011-06-23 05:10 . 2011-06-28 08:17 -------- d-----w- e:\program files\Spybot - Search & Destroy
2011-06-23 03:20 . 2011-06-23 03:21 -------- d-----w- e:\documents and settings\Troy\Local Settings\Application Data\MediaGet2
2011-06-18 00:11 . 2011-06-18 00:11 -------- d-----w- e:\documents and settings\NetworkService\Local Settings\Application Data\MyAshampoo
2011-06-16 21:08 . 2011-04-21 13:37 105472 -c----w- e:\windows\system32\dllcache\mup.sys
2011-06-14 08:06 . 2011-06-14 08:06 -------- d-----w- e:\program files\Ashampoo
2011-06-14 08:00 . 2011-06-14 08:00 -------- d-----w- e:\documents and settings\All Users\Application Data\WinZip
2011-06-13 23:08 . 2011-06-13 23:08 -------- d-----w- e:\documents and settings\Troy\Local Settings\Application Data\Xilisoft
2011-06-13 23:08 . 2011-06-13 23:08 -------- d-----w- e:\documents and settings\Troy\Application Data\Xilisoft
2011-06-10 01:13 . 2011-06-10 01:13 -------- d-----w- e:\documents and settings\Troy\Application Data\iZotope
2011-06-10 01:06 . 2011-06-10 01:06 -------- d-----w- e:\program files\iZotope
2011-06-03 01:43 . 2011-06-03 01:51 -------- d-----w- e:\program files\coolpro2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-20 09:44 . 2011-05-20 10:23 284160 ----a-w- e:\windows\uninst.exe
2011-05-02 15:31 . 2009-06-08 03:00 692736 ----a-w- e:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2005-10-27 10:46 456320 ----a-w- e:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2005-10-27 10:44 916480 ----a-w- e:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-03 14:56 1469440 ----a-w- e:\windows\system32\inetcpl.cpl
2011-04-25 16:11 . 2004-08-03 14:56 43520 ----a-w- e:\windows\system32\licmgr10.dll
2011-04-25 12:01 . 2004-08-03 12:59 385024 ----a-w- e:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-03 13:15 105472 ----a-w- e:\windows\system32\drivers\mup.sys
2001-11-04 23:30 . 2009-06-17 15:18 165376 ----a-w- e:\program files\UNWISE.EXE
2011-06-24 10:06 . 2011-02-12 09:54 142296 ----a-w- e:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-28_08.37.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-29 13:12 . 2011-06-29 13:12 16384 e:\windows\temp\Perflib_Perfdata_6f0.dat
+ 2011-06-29 06:38 . 2011-06-29 06:38 262144 e:\windows\system32\config\systemprofile\NtUser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-04-30 1657376]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="e:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=e:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-05 17:44 500208 ------w- e:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 19:42 15360 ----a-w- e:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-23 04:47 136176 ----atw- e:\documents and settings\Troy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAFWTaskbarApp]
2009-06-17 12:24 143360 ----a-w- e:\windows\system32\mafwTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-05-20 02:38 1830128 ----a-w- e:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RAMSaverPro"=e:\program files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe
"msnmsgr"="e:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"MSMSGS"="e:\program files\Messenger\msmsgs.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"="e:\program files\Winamp\winampa.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"e:\\Program Files\\SoulseekNS\\slsk.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SmartDefragDriver;SmartDefragDriver;e:\windows\system32\Drivers\SmartDefragDriver.sys --> e:\windows\system32\Drivers\SmartDefragDriver.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);e:\windows\system32\svchost.exe -k WINRM [4/08/2004 12:56 AM 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SMARTDEFRAGDRIVER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-28 e:\windows\Tasks\AdobeAAMUpdater-1.0-TROY-Troy.job
- e:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-06-21 17:44]
.
2011-06-25 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 01:34]
.
2011-06-29 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-436374069-725345543-1003Core.job
- e:\documents and settings\Troy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-23 04:47]
.
2011-06-29 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-436374069-725345543-1003UA.job
- e:\documents and settings\Troy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-23 04:47]
.
2011-06-29 e:\windows\Tasks\SmartDefrag_Startup.job
- e:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-06-25 10:19]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.yoower.com/
Trusted Zone: msn.com\www
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - e:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\xt0rtjsz.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://search.jzip.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-29 23:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1704)
e:\windows\system32\WININET.dll
e:\windows\system32\ieframe.dll
e:\windows\system32\webcheck.dll
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
e:\windows\system32\nvsvc32.exe
e:\windows\system32\wscntfy.exe
e:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2011-06-29 23:14:51 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-29 13:14
.
Pre-Run: 13,849,513,984 bytes free
Post-Run: 13,736,468,480 bytes free
.
- - End Of File - - ED5DD3D50AEEE482C65F1586650EDDCB
  • 0

#13
sonicpulse
Posted 29 June 2011 - 07:46 AM

sonicpulse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
tdsskiller asked me to update so i did...here is the log...




2011/06/29 23:17:52.0000 1296 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/06/29 23:17:53.0281 1296 ================================================================================
2011/06/29 23:17:53.0281 1296 SystemInfo:
2011/06/29 23:17:53.0281 1296
2011/06/29 23:17:53.0281 1296 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/29 23:17:53.0281 1296 Product type: Workstation
2011/06/29 23:17:53.0281 1296 ComputerName: TROY
2011/06/29 23:17:53.0281 1296 UserName: Troy
2011/06/29 23:17:53.0281 1296 Windows directory: E:\WINDOWS
2011/06/29 23:17:53.0281 1296 System windows directory: E:\WINDOWS
2011/06/29 23:17:53.0281 1296 Processor architecture: Intel x86
2011/06/29 23:17:53.0281 1296 Number of processors: 2
2011/06/29 23:17:53.0281 1296 Page size: 0x1000
2011/06/29 23:17:53.0281 1296 Boot type: Normal boot
2011/06/29 23:17:53.0281 1296 ================================================================================
2011/06/29 23:17:58.0968 1296 Initialize success
2011/06/29 23:18:10.0453 1172 ================================================================================
2011/06/29 23:18:10.0453 1172 Scan started
2011/06/29 23:18:10.0453 1172 Mode: Manual;
2011/06/29 23:18:10.0453 1172 ================================================================================
2011/06/29 23:18:10.0812 1172 ACPI (8fd99680a539792a30e97944fdaecf17) E:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/29 23:18:10.0828 1172 ACPIEC (9859c0f6936e723e4892d7141b1327d5) E:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/29 23:18:10.0890 1172 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys
2011/06/29 23:18:10.0921 1172 AFD (355556d9e580915118cd7ef736653a89) E:\WINDOWS\System32\drivers\afd.sys
2011/06/29 23:18:11.0078 1172 ALCXWDM (8a8909fdd548d84a3e02e04f699ee705) E:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/06/29 23:18:11.0218 1172 AmdPPM (033448d435e65c4bd72e70521fd05c76) E:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2011/06/29 23:18:11.0265 1172 Arp1394 (b5b8a80875c1dededa8b02765642c32f) E:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/29 23:18:11.0359 1172 Aspi32 (54ab078660e536da72b21a27f56b035b) E:\WINDOWS\system32\drivers\aspi32.sys
2011/06/29 23:18:11.0390 1172 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/29 23:18:11.0406 1172 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/29 23:18:11.0453 1172 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/29 23:18:11.0500 1172 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/29 23:18:11.0531 1172 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys
2011/06/29 23:18:11.0593 1172 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/29 23:18:11.0640 1172 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/29 23:18:11.0656 1172 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/29 23:18:11.0687 1172 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/29 23:18:11.0859 1172 DELTAFW (9746aef54ef3ac5d9877482976373034) E:\WINDOWS\system32\drivers\deltafw.sys
2011/06/29 23:18:11.0875 1172 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/29 23:18:11.0921 1172 dmboot (d992fe1274bde0f84ad826acae022a41) E:\WINDOWS\system32\drivers\dmboot.sys
2011/06/29 23:18:11.0937 1172 dmio (7c824cf7bbde77d95c08005717a95f6f) E:\WINDOWS\system32\drivers\dmio.sys
2011/06/29 23:18:11.0968 1172 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys
2011/06/29 23:18:12.0000 1172 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys
2011/06/29 23:18:12.0062 1172 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/29 23:18:12.0093 1172 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/29 23:18:12.0140 1172 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/29 23:18:12.0156 1172 Fips (d45926117eb9fa946a6af572fbe1caa3) E:\WINDOWS\system32\drivers\Fips.sys
2011/06/29 23:18:12.0171 1172 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/29 23:18:12.0203 1172 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/29 23:18:12.0234 1172 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/29 23:18:12.0250 1172 Ftdisk (6ac26732762483366c3969c9e4d2259d) E:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/29 23:18:12.0281 1172 gameenum (065639773d8b03f33577f6cdaea21063) E:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/06/29 23:18:12.0312 1172 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/29 23:18:12.0343 1172 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/29 23:18:12.0421 1172 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/29 23:18:12.0468 1172 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) E:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/29 23:18:12.0500 1172 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/29 23:18:12.0578 1172 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/29 23:18:12.0609 1172 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/29 23:18:12.0640 1172 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/29 23:18:12.0656 1172 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/29 23:18:12.0671 1172 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/29 23:18:12.0703 1172 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/29 23:18:12.0734 1172 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) E:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/29 23:18:12.0750 1172 Kbdclass (463c1ec80cd17420a542b7f36a36f128) E:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/29 23:18:12.0781 1172 kbdhid (9ef487a186dea361aa06913a75b3fa99) E:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/29 23:18:12.0812 1172 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys
2011/06/29 23:18:12.0843 1172 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/29 23:18:12.0921 1172 MAFWBOOT (fe07d348ef5ebed7e43da516c3a55563) E:\WINDOWS\system32\drivers\mafwboot.sys
2011/06/29 23:18:12.0953 1172 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/29 23:18:12.0968 1172 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) E:\WINDOWS\system32\drivers\Modem.sys
2011/06/29 23:18:13.0000 1172 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) E:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/29 23:18:13.0015 1172 mouhid (b1c303e17fb9d46e87a98e4ba6769685) E:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/29 23:18:13.0031 1172 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/29 23:18:13.0078 1172 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/29 23:18:13.0125 1172 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/29 23:18:13.0156 1172 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys
2011/06/29 23:18:13.0187 1172 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/29 23:18:13.0218 1172 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/29 23:18:13.0234 1172 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/29 23:18:13.0265 1172 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/29 23:18:13.0296 1172 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) E:\WINDOWS\system32\drivers\msmpu401.sys
2011/06/29 23:18:13.0328 1172 Mup (de6a75f5c270e756c5508d94b6cf68f5) E:\WINDOWS\system32\drivers\Mup.sys
2011/06/29 23:18:13.0343 1172 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys
2011/06/29 23:18:13.0375 1172 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) E:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/29 23:18:13.0390 1172 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/29 23:18:13.0421 1172 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/29 23:18:13.0453 1172 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) E:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/29 23:18:13.0484 1172 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/29 23:18:13.0515 1172 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/29 23:18:13.0562 1172 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) E:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/29 23:18:13.0578 1172 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys
2011/06/29 23:18:13.0609 1172 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/29 23:18:13.0640 1172 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys
2011/06/29 23:18:13.0796 1172 nv (406ddab2b05d94d4818e97ff050d1bc6) E:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/29 23:18:13.0937 1172 NVENETFD (7d275ecda4628318912f6c945d5cf963) E:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/06/29 23:18:13.0953 1172 nvnetbus (b64aacefad2be5bff5353fe681253c67) E:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/06/29 23:18:13.0984 1172 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/29 23:18:14.0015 1172 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/29 23:18:14.0046 1172 ohci1394 (ca33832df41afb202ee7aeb05145922f) E:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/29 23:18:14.0109 1172 Parport (5575faf8f97ce5e713d108c2a58d7c7c) E:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/29 23:18:14.0125 1172 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/29 23:18:14.0171 1172 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) E:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/29 23:18:14.0187 1172 PCI (a219903ccf74233761d92bef471a07b1) E:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/29 23:18:14.0218 1172 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) E:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/29 23:18:14.0250 1172 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) E:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/29 23:18:14.0421 1172 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/29 23:18:14.0453 1172 Processor (a32bebaf723557681bfc6bd93e98bd26) E:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/29 23:18:14.0484 1172 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/29 23:18:14.0500 1172 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/29 23:18:14.0562 1172 PxHelp20 (153d02480a0a2f45785522e814c634b6) E:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/29 23:18:14.0671 1172 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/29 23:18:14.0703 1172 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/29 23:18:14.0718 1172 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/29 23:18:14.0750 1172 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/29 23:18:14.0765 1172 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/29 23:18:14.0781 1172 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/29 23:18:14.0812 1172 rdpdr (15cabd0f7c00c47c70124907916af3f1) E:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/29 23:18:14.0843 1172 RDPWD (6728e45b66f93c08f11de2e316fc70dd) E:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/29 23:18:14.0890 1172 redbook (f828dd7e1419b6653894a8f97a0094c5) E:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/29 23:18:14.0953 1172 rtl8139 (d507c1400284176573224903819ffda3) E:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/06/29 23:18:15.0000 1172 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/29 23:18:15.0015 1172 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/29 23:18:15.0031 1172 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) E:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/29 23:18:15.0109 1172 sfdrv01 (4c0d673281178cb496011a2e28571fc8) E:\WINDOWS\system32\drivers\sfdrv01.sys
2011/06/29 23:18:15.0140 1172 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) E:\WINDOWS\system32\drivers\sfhlp02.sys
2011/06/29 23:18:15.0156 1172 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/29 23:18:15.0171 1172 sfvfs02 (9ef50060cc7e6953bab83f2a42ccc421) E:\WINDOWS\system32\drivers\sfvfs02.sys
2011/06/29 23:18:15.0265 1172 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys
2011/06/29 23:18:15.0281 1172 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) E:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/29 23:18:15.0343 1172 Srv (47ddfc2f003f7f9f0592c6874962a2e7) E:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/29 23:18:15.0375 1172 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/29 23:18:15.0406 1172 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys
2011/06/29 23:18:15.0500 1172 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/29 23:18:15.0562 1172 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/29 23:18:15.0578 1172 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/29 23:18:15.0609 1172 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/29 23:18:15.0625 1172 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/29 23:18:15.0687 1172 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys
2011/06/29 23:18:15.0750 1172 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys
2011/06/29 23:18:15.0781 1172 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/29 23:18:15.0796 1172 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/29 23:18:15.0812 1172 usbohci (0daecce65366ea32b162f85f07c6753b) E:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/06/29 23:18:15.0843 1172 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/29 23:18:15.0859 1172 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys
2011/06/29 23:18:15.0890 1172 VolSnap (4c8fcb5cc53aab716d810740fe59d025) E:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/29 23:18:15.0937 1172 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/29 23:18:15.0984 1172 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/29 23:18:16.0078 1172 WudfPf (f15feafffbb3644ccc80c5da584e6311) E:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/29 23:18:16.0109 1172 WudfRd (28b524262bce6de1f7ef9f510ba3985b) E:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/29 23:18:16.0171 1172 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/29 23:18:16.0234 1172 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/06/29 23:18:16.0265 1172 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR5
2011/06/29 23:18:16.0265 1172 Boot (0x1200) (b64ee101569f74ebe720239e677f6638) \Device\Harddisk0\DR0\Partition0
2011/06/29 23:18:16.0343 1172 Boot (0x1200) (aaf476d14f075c39c67fc6577e025347) \Device\Harddisk0\DR0\Partition1
2011/06/29 23:18:16.0343 1172 Boot (0x1200) (74bdcf9f5f3468f6a297976479341bd5) \Device\Harddisk1\DR1\Partition0
2011/06/29 23:18:16.0359 1172 Boot (0x1200) (edfc730679b2040f627f2311298dfb36) \Device\Harddisk2\DR5\Partition0
2011/06/29 23:18:16.0375 1172 ================================================================================
2011/06/29 23:18:16.0375 1172 Scan finished
2011/06/29 23:18:16.0375 1172 ================================================================================
2011/06/29 23:18:16.0390 1980 Detected object count: 0
2011/06/29 23:18:16.0390 1980 Actual detected object count: 0
2011/06/29 23:19:38.0125 1936 Deinitialize success
  • 0

#14
sonicpulse
Posted 29 June 2011 - 07:54 AM

sonicpulse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
aswMBR asked to download the latest AVAST definitions so i did...

it took a lot longer to do its scan this time..there was nothing highlighted in red this time and the FIX button was not enabled...

here is the log..




aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-29 23:20:17
-----------------------------
23:20:17.453 OS Version: Windows 5.1.2600 Service Pack 3
23:20:17.453 Number of processors: 2 586 0x2B01
23:20:17.453 ComputerName: TROY UserName: Troy
23:20:17.765 Initialize success
23:24:45.609 AVAST engine defs: 11062900
23:25:06.015 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
23:25:06.015 Disk 0 Vendor: ST3500418AS CC34 Size: 476940MB BusType: 3
23:25:06.015 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-1b
23:25:06.031 Disk 1 Vendor: ST3120827AS 3.42 Size: 114472MB BusType: 3
23:25:06.031 Disk 1 MBR read successfully
23:25:06.031 Disk 1 MBR scan
23:25:06.031 Disk 1 Windows XP default MBR code
23:25:06.046 Disk 1 scanning sectors +234436545
23:25:06.078 Disk 1 scanning E:\WINDOWS\system32\drivers
23:25:13.046 Service scanning
23:25:13.796 Disk 1 trace - called modules:
23:25:13.796 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
23:25:13.796 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x86d3cab8]
23:25:13.796 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\0000006d[0x86d0eeb0]
23:25:13.796 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-1b[0x86d35d98]
23:25:14.781 AVAST engine scan E:\WINDOWS
23:41:17.718 AVAST engine scan E:\Documents and Settings\Troy
23:47:56.640 AVAST engine scan E:\Documents and Settings\All Users
23:49:26.515 Scan finished successfully
23:49:47.250 Disk 1 MBR has been saved successfully to "E:\Documents and Settings\Troy\Desktop\MBR.dat"
23:49:47.250 The log file has been saved successfully to "E:\Documents and Settings\Troy\Desktop\aswMBR.txt"






thanx....Troy
  • 0

#15
RKinner
Posted 29 June 2011 - 07:50 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
So is the redirect gone now?

Your logs don't show any problems.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP