Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

VIRUS, MALWARE ATTACK

Started by guru90082 , Jul 29 2011 08:34 AM

  • Please log in to reply

#1
guru90082
Posted 29 July 2011 - 08:34 AM

guru90082

    New Member

  • Member
  • Pip
  • 1 posts
Hi there,
My laptop is in the grip of virus/malware. Details below

OS-Windows XP Pro, Service pack 3, Version 2002.
Original Antivirus McAfee 8.5i updated to 12 july 2011.
Now using Avast free Antivirus.

July/16th,
Could not update or scan computer with McAfee. All System restore points vanished.
Downloaded NOD32 antivirus and performed full scan. Virus found in rootkit, System32
Registry and other files. Could not be cleaned.

Some messages that I noted:
1. setup library llS.dll could not be loaded, or function OcEntry could not be found. Error code Ox7e
2. A varient of of Win32/sirefef.cl System32, drivers\intelppm.sys
3. Winsock32.dll was loaded but the DLL register server entry point was not found.

PRESENT SITUATION:
1. Laptop takes a very long time to shutdown.
2. Can not access system restore.
3. Can open all mail but the page is blank, themes and templates are ok.
4. Can access Internet with IE8, but have to refresh quite a few times to open any item.
5. Can not access McAfee to scan or update.

PROBABLE CAUSE:
When I uninstalled Adobe Acrobat X Pro, accidently clicked 'YES TO ALL' instead of 'YES'

If anyone can help me to get rid of the virus in my laptop, please note I did not get the XP CD when I bought the laptop.
I can follow only simple detailed procedures without the use of abbreviations.



OTL logfile created on: 28/07/2011 19:53:03 - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

895.27 Mb Total Physical Memory | 306.23 Mb Available Physical Memory | 34.21% Memory free
2.12 Gb Paging File | 1.63 Gb Available in Paging File | 77.15% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.65 Gb Total Space | 2.97 Gb Free Space | 20.28% Space Free | Partition Type: NTFS
Drive D: | 44.96 Gb Total Space | 37.10 Gb Free Space | 82.52% Space Free | Partition Type: FAT32
Drive E: | 39.06 Gb Total Space | 33.13 Gb Free Space | 84.83% Space Free | Partition Type: FAT32
Drive F: | 50.35 Gb Total Space | 36.00 Gb Free Space | 71.51% Space Free | Partition Type: FAT32

Computer Name: X6X8-20091211QY | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/27 14:43:41 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/07/04 16:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 16:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/03/22 02:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/07/01 00:07:46 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/03/09 07:52:49 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/04/20 08:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2009/04/01 08:31:32 | 000,262,144 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2008/07/18 16:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/04/14 17:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/03 20:40:24 | 000,815,104 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe
PRC - [2006/11/30 08:50:00 | 000,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2006/10/14 17:37:40 | 000,110,592 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe
PRC - [2006/08/10 22:08:04 | 002,379,776 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
PRC - [2005/12/20 13:40:40 | 000,921,600 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
PRC - [2000/03/09 14:56:00 | 000,192,512 | ---- | M] (The Webshots Corporation) -- D:\Webshots\WebshotsTray.exe


========== Modules (SafeList) ==========

MOD - [2011/07/27 14:43:41 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2011/07/04 16:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/03/09 07:55:54 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2008/04/14 17:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ScanQuery Service)
SRV - File not found [Auto | Stopped] -- -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - File not found [Auto | Stopped] -- -- (Pml Driver HPZ12)
SRV - File not found [Auto | Stopped] -- -- (nlsX86cc)
SRV - File not found [Unknown | Stopped] -- -- (McTaskManager)
SRV - File not found [Auto | Stopped] -- -- (McProxy)
SRV - File not found [Auto | Stopped] -- -- (McNASvc)
SRV - File not found [Auto | Stopped] -- -- (McNaiAnn)
SRV - File not found [Auto | Stopped] -- -- (mcmscsvc)
SRV - File not found [Auto | Stopped] -- -- (McMPFSvc)
SRV - File not found [Unknown | Stopped] -- -- (McAfeeFramework)
SRV - File not found [Auto | Stopped] -- -- (McAfee SiteAdvisor Service)
SRV - File not found [Auto | Stopped] -- -- (ekrn)
SRV - File not found [Auto | Stopped] -- -- (CCALib8)
SRV - [2011/07/04 16:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/08/30 14:42:00 | 000,198,904 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\McAfee\MSC\McAWFwk.exe -- (McAWFwk)
SRV - [2010/08/24 14:57:38 | 000,180,224 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 16:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 16:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 16:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 16:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 16:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 16:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 16:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/08/25 00:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/08/25 00:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/08/24 14:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/08/24 14:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/08/24 14:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/08/24 14:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/08/24 14:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/06/03 19:05:26 | 001,570,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/05/06 23:50:54 | 000,102,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/04/01 08:55:20 | 000,019,200 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2009/04/01 08:33:56 | 000,324,608 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2009/03/30 17:13:30 | 005,063,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/01/22 13:25:26 | 000,120,064 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/11 07:14:12 | 001,752,704 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/06/27 13:39:42 | 000,332,928 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8187.sys -- (RTLWUSB)
DRV - [2008/04/14 17:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2008/04/14 05:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/05/25 06:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2007/05/25 06:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2006/12/17 20:11:58 | 000,007,680 | R--- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/30 08:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/30 08:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/10/18 21:39:58 | 000,017,920 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2006/02/26 20:03:02 | 000,045,056 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\agpkx.sys -- (uliagpkx)
DRV - [2006/02/26 20:02:58 | 000,027,648 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp8p.sys -- (amdagp8p)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/04/20 03:14:00 | 000,014,671 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2005/03/28 21:12:42 | 000,033,408 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ULiAGP.sys -- (ULiAGP)
DRV - [2004/10/18 14:12:00 | 000,027,648 | ---- | M] (Transmeta Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tmagp.sys -- (tmagp)
DRV - [2004/06/29 17:25:26 | 000,007,680 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\DontGo.sys -- (dontgo)
DRV - [2004/04/02 12:40:00 | 000,021,760 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/11/05 11:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2003/07/09 05:12:54 | 000,004,096 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide)
DRV - [2002/12/10 08:54:34 | 000,009,809 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\hptpro.sys -- (hptpro)
DRV - [2001/08/17 17:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - Reg Error: Value error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/07/24 19:45:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: D:\Program Files\DAP\DAPFireFox [2011/04/15 07:52:12 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008/04/14 17:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ShoppingReport2) - {258C9770-1713-4021-8D7E-1F184A2BD754} - Reg Error: Value error. File not found
O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110724193906.dll (McAfee, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - Reg Error: Value error. File not found
O2 - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - D:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [HP Software Update] File not found
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] File not found
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [fsm] File not found
O4 - HKCU..\Run: [RegistryBooster] File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Webshots.lnk = D:\Webshots\WebshotsTray.exe (The Webshots Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8187 Wireless LAN Utility.lnk = C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - File not found
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - File not found
O9 - Extra Button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - File not found
O9 - Extra Button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\webshots.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\webshots.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/14 10:57:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0b235c56-f9d8-11de-9a59-0025d3623631}\Shell\AutoRun\command - "" = I:\p.exe
O33 - MountPoints2\{0b235c56-f9d8-11de-9a59-0025d3623631}\Shell\open\Command - "" = I:\p.exe
O33 - MountPoints2\{72866b6e-d328-11df-b026-0025d3623631}\Shell\AutoRun\command - "" = CONTROL\AutoRun.exe
O33 - MountPoints2\{72866b6e-d328-11df-b026-0025d3623631}\Shell\Explore\Command - "" = CONTROL\AutoRun.exe
O33 - MountPoints2\{72866b6e-d328-11df-b026-0025d3623631}\Shell\Open\Command - "" = CONTROL\AutoRun.exe
O33 - MountPoints2\{7bd36488-d49b-11df-b02d-0025d3623631}\Shell\AutoRun\command - "" = CONTROL\AutoRun.exe
O33 - MountPoints2\{7bd36488-d49b-11df-b02d-0025d3623631}\Shell\Explore\Command - "" = CONTROL\AutoRun.exe
O33 - MountPoints2\{7bd36488-d49b-11df-b02d-0025d3623631}\Shell\Open\Command - "" = CONTROL\AutoRun.exe
O33 - MountPoints2\{834d20b8-fbde-11de-9a64-0025d3623631}\Shell - "" = AutoRun
O33 - MountPoints2\{834d20b8-fbde-11de-9a64-0025d3623631}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{834d20b8-fbde-11de-9a64-0025d3623631}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d9646e01-fb83-11de-9a5f-0025d3623631}\Shell - "" = AutoRun
O33 - MountPoints2\{d9646e01-fb83-11de-9a5f-0025d3623631}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d9646e01-fb83-11de-9a5f-0025d3623631}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{df82b05c-c57b-11df-afdb-0025d3623631}\Shell - "" = AutoRun
O33 - MountPoints2\{df82b05c-c57b-11df-afdb-0025d3623631}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{df82b05c-c57b-11df-afdb-0025d3623631}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{f92b64c8-df0d-11df-b05d-0025d3623631}\Shell\AutoRun\command - "" = CONTROL\AutoRun.exe
O33 - MountPoints2\{f92b64c8-df0d-11df-b05d-0025d3623631}\Shell\Explore\Command - "" = CONTROL\AutoRun.exe
O33 - MountPoints2\{f92b64c8-df0d-11df-b05d-0025d3623631}\Shell\Open\Command - "" = CONTROL\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/27 14:43:38 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/07/27 08:11:54 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/27 08:11:54 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/27 08:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/07/27 08:11:51 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/27 08:11:51 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/27 08:11:50 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/27 08:11:50 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/27 08:11:50 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/27 08:11:49 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/27 08:11:21 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/27 08:11:21 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/26 04:50:27 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/07/26 04:50:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/07/22 16:22:07 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2011/07/22 16:21:54 | 000,312,904 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2011/07/22 16:21:54 | 000,088,544 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2011/07/22 16:21:54 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2011/07/22 16:21:54 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2011/07/22 16:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2011/07/20 08:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/07/20 08:06:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ESET
[2011/07/20 07:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2011/07/20 07:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/19 21:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/07/18 10:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2011/07/18 10:07:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/07/18 10:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PackageAware
[2011/07/18 01:30:40 | 000,386,712 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2011/07/18 01:30:40 | 000,152,992 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2011/07/18 01:30:40 | 000,095,600 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2011/07/18 01:30:40 | 000,052,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdik.sys
[2011/07/18 01:30:40 | 000,052,104 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2011/07/18 01:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/07/18 01:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2011/07/17 22:26:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CrystalOCR
[2011/07/17 22:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/07/17 12:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/07/14 19:25:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe(2)
[2011/07/14 19:25:42 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/07/14 10:45:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nitro PDF
[2011/07/12 20:09:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CAD-KAS
[2011/07/12 14:52:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/07/12 02:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\dataprolinking01
[2011/07/08 20:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder
[2011/07/06 07:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Search Settings
[2011/07/06 07:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/07/06 07:52:29 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader Toolbar
[2011/07/06 07:52:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2010/04/30 17:36:59 | 000,049,152 | ---- | C] (Stirling) -- C:\Program Files\_ISREG32.DLL
[7 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/28 19:29:40 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/07/28 19:29:32 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2011/07/28 19:29:18 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
[2011/07/28 09:27:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-113007714-682003330-500UA.job
[2011/07/28 07:11:56 | 000,001,519 | ---- | M] () -- C:\WINDOWS\webshots.ini
[2011/07/28 07:11:53 | 002,512,950 | ---- | M] () -- C:\WINDOWS\webshots.bmp
[2011/07/27 14:43:41 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/07/27 08:11:54 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/27 08:11:50 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/27 07:59:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/24 19:31:12 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/07/24 07:27:07 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-113007714-682003330-500Core.job
[2011/07/22 19:04:54 | 000,115,200 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/21 10:30:57 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2007.lnk
[2011/07/19 23:55:51 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/07/18 10:15:53 | 000,001,477 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2011/07/18 08:54:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/17 22:30:01 | 000,277,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 20:33:57 | 014,361,339 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ProofReadingSample.pdf
[2011/07/12 14:35:52 | 000,002,549 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Excel 2007.lnk
[2011/07/04 16:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 16:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 16:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 16:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 16:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 16:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 16:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 16:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 16:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 16:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[7 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/27 08:11:54 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/19 23:55:51 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/07/19 23:55:50 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/07/18 10:07:13 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2011/07/18 10:07:07 | 000,001,477 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2011/07/18 01:31:04 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2011/07/12 19:36:07 | 014,361,339 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ProofReadingSample.pdf
[2011/06/08 23:23:20 | 000,419,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/16 00:26:13 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2011/04/15 07:52:08 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2011/03/22 19:54:44 | 000,000,075 | ---- | C] () -- C:\WINDOWS\hma.ini
[2010/12/07 15:02:18 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/20 21:35:05 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2010/11/20 21:35:04 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2010/09/10 21:32:58 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/04/30 17:36:59 | 000,000,147 | ---- | C] () -- C:\Program Files\_DEISREG.ISR
[2010/04/30 17:35:06 | 000,005,901 | ---- | C] () -- C:\Program Files\DeIsL2.isu
[2010/01/08 07:35:30 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/08 07:35:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/07 19:13:36 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/05 14:04:04 | 000,115,200 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/21 06:15:01 | 000,005,876 | ---- | C] () -- C:\Program Files\DeIsL4.isu
[2009/12/16 06:21:22 | 000,001,519 | ---- | C] () -- C:\WINDOWS\webshots.ini
[2009/12/14 08:41:23 | 000,007,082 | ---- | C] () -- C:\Program Files\DeIsL1.isu
[2009/12/12 03:10:43 | 000,049,152 | R--- | C] () -- C:\WINDOWS\InstFunc.exe
[2009/12/12 03:08:08 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\sis760.bin
[2009/12/12 03:08:08 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\sis741.bin
[2009/12/12 03:08:08 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\sis660.bin
[2009/12/11 12:36:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/11 11:23:37 | 001,752,704 | R--- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/12/11 11:23:37 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009/12/11 11:21:00 | 000,000,520 | R--- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009/12/11 11:18:41 | 000,163,923 | ---- | C] () -- C:\WINDOWS\System32\SiSUninstall.exe
[2009/12/11 11:18:30 | 000,196,608 | R--- | C] () -- C:\WINDOWS\Progress.exe
[2009/12/11 11:18:12 | 000,129,761 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2008/12/01 23:32:32 | 000,362,029 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2008/08/30 09:31:43 | 000,048,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\3waregsm.sys
[2008/08/30 09:31:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\3waresrv.exe
[2008/08/30 09:31:43 | 000,034,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\mv614x.sys
[2008/08/30 09:31:42 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\3warerun.exe
[2008/08/30 09:31:27 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\OEMInfo.ini
[2008/08/14 10:54:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/14 03:44:42 | 000,277,352 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 17:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 17:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 17:00:00 | 000,431,472 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 17:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 17:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 17:00:00 | 000,068,004 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 17:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 17:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 17:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 17:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 17:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 17:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/04/05 14:17:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2003/09/23 17:14:42 | 001,099,264 | ---- | C] () -- C:\WINDOWS\System32\cygxml2-2.dll
[2003/08/10 19:59:20 | 000,980,992 | ---- | C] () -- C:\WINDOWS\System32\cygiconv-2.dll
[2003/08/09 05:28:16 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll

========== LOP Check ==========

[2011/01/02 23:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Anuko World Clock
[2011/07/12 20:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CAD-KAS
[2011/03/13 22:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DDMSettings
[2010/03/21 23:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DMCache
[2011/04/18 08:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FLV Blaster
[2011/01/02 23:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2011/07/24 19:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\go
[2010/03/21 23:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GrabPro
[2010/03/21 14:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IDM
[2011/07/14 10:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nitro PDF
[2010/09/10 17:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenCandy
[2010/09/11 09:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Orbit
[2011/05/01 12:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2011/07/13 20:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PrimoPDF
[2010/08/07 00:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ProgSense
[2011/07/06 07:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Search Settings
[2011/07/19 08:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ShoppingReport2
[2011/04/18 19:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Softland
[2010/09/10 21:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Software Informer
[2010/12/04 19:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Toolbar4
[2011/07/18 10:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2010/11/23 07:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\YouTube Downloader
[2011/03/22 07:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anuko
[2011/07/27 08:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/07/24 19:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2011/07/12 14:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/05/01 12:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2011/05/01 12:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/03/17 06:40:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/07/17 12:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/12/04 19:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2011/07/27 14:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2011/07/18 10:07:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2010/08/31 15:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/08 08:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/05/15 14:54:01 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job
[2011/07/28 19:29:32 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\RegistryBooster.job
[2011/07/28 19:29:40 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\WINDOWS:nlsPreferences
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:553CA6CA
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:2B11E0DF

< End of report >



Thanks and best regards
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP