Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Attempted to remove virus, symptoms remain. OTL log included.

Started by bdjsb7 , Sep 07 2011 08:44 PM

  • Please log in to reply

#16
bdjsb7
Posted 11 September 2011 - 02:46 AM

bdjsb7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I had tried from MiniXP's command prompt.
I booted up Hiren's DOS, but could not see how to navigate to my actual drives.
Drives A: B: and C: were all partitions from the CD, I think. It did not appear to mount my actual hard drives.

MBRWiz gave me the same invalid switch message. I'm wondering if I am executing the file correctly...
In MiniXP, I browse to the programs folder and run MBRWizard.exe. It opens up a command prompt-looking window B:\Temp\HBCD with the MBRWiz.exe inside. From there, the /List and /Disk= commands work fine... but trying to save the backup fails. How risky is repairing without backing up?

Each of the system restore points was made after my computer became infected.
A couple were from before the black screen issue happened... should I try restoring one of those, or should I not bother since it was during the infection? I wasn't sure if you meant the infection problem or the black screen problem when you said "when the problem started".

On a personal note, I need to thank you for the time you're spending on this. I was close to having a breakdown of sorts doing this on my own, and running into a brick wall. While there have been issues, at least we've been doing *something*, and this has been quite a learning experience. :)
  • 0

Advertisements

#17
RKinner
Posted 11 September 2011 - 08:39 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
It's possible that MBRWiz can't write to the C:\ drive and that's why it won't work. I'm reluctant to use the standard XP mbr without a backup because you have one of the PCs that has a partition to revert back to factory specs. We lose that ability with a standard MBR. It is not certain that the bug even writes to the mbr so it may not fix the problem anyway. You might try one of the other MBR programs. Just google the name and you shoold find instructions for using them. Hiren just collects programs from the internet so there has to be a site for each program somewhere.

If all of your restore points have the malware then just choose the one just before it wouldn't boot. Combofix should have made one just before it ran. I'm not sure about TDSSKiller but check the times against the logs. IF there is one between Combofix and TDSSKiller then we want that one. Since TDSSKiller killed our boot we need to get back to being able to boot. Lot easier to run programs that way.

Don't feel bad about not being able to fix this one on your own. It's brand new and still not completely understood. You can read about it here:
http://resources.inf...meware-rootkit/

This is only the 5th one of these that I have worked on. It is the first time that TDSSKiller detected anything so this is a new strain of the bug. Normally Combofix would fix the problem so there would be nothing left for TDSSKiller to find.

Which program did you run just before it wouldn't boot?

"Ran kaspersky and it installed but then never ran (seemed to disappear too). I tried a second time and it failed, suggesting I restart. I did. " Was that the AVP program?

Ron
  • 0

#18
bdjsb7
Posted 11 September 2011 - 02:16 PM

bdjsb7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I used HDHacker to backup my MBR, then used MBRWiz to repair. It didn't have any effect on the black screen/cursor issue, so I restored the MBR back.

I couldn't pinpoint when the problem began, so I played it safe and reverted to a restore point from a few days before the problem began.

If it boots, should I run comboix again?
I'll pop back here once I try booting to C again to let you know how it made out.
  • 0

#19
bdjsb7
Posted 11 September 2011 - 02:24 PM

bdjsb7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
No change. I noticed by accident that if I tap the shift key 5 times, the machine makes an odd sound (part of Windows's stuck keys thingy, perhaps?"
Nothing pops up on the screen... things stay black... but I thought that was odd.
I'm guessing there's some file somewhere that might need to be replaced to get it to work again.
I await further instruction :)
  • 0

#20
RKinner
Posted 11 September 2011 - 05:07 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
So no boot with new MBR, no boot with manual System Restore.

Got a hint from another helper. Not sure how well it will work from miniXP Command Prompt but give it a try:
cacls  C:\WINDOWS\$NtUninstallKB59753$  /e  /g  Everyone:f
rmdir  C:\WINDOWS\$NtUninstallKB59753$

When you try to boot, exactly where does it go into black screen mode?
Does it say loading windows before this happens? Do you see the login page? Do you get to the Safe Mode menu? (Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears)

Lets see if we can get an OTL log this way: (I borrowed this from one verbatim of the other helpers)


  • Download OTLPEStd.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\\OTL.txt file in your reply.

Ron
  • 0

#21
bdjsb7
Posted 11 September 2011 - 06:11 PM

bdjsb7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
The MBR trick didn't work. The first command did, but it says the folder is empty. Attempting to browse to it fails from both DOS and the miniXP

The black screen happens after the Loading XP screen. Right where I'd expect to see the Welcome screen. I have it auto logon, so I don't know if it would have shown me a login box or profile chooser or not. Safe mode has the same thing happen except that the Safe Mode message on the desktop appears. Still, it's just black with a cursor and those words. It does not give me the "you are in safe mode do you wish to continue" message it usually would.

OTL worked. Here's the log:


OTL logfile created on: 9/11/2011 8:54:18 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 776.00 Mb Available Physical Memory | 76.00% Memory free
906.00 Mb Paging File | 847.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 22.84 Gb Free Space | 20.43% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 53.00 Gb Free Space | 22.76% Space Free | Partition Type: NTFS
Drive E: | 3.76 Gb Total Space | 3.75 Gb Free Space | 99.66% Space Free | Partition Type: FAT32
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (TomTomHOMEService)
SRV - File not found [Auto] -- -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - File not found [Auto] -- -- (mfevtp)
SRV - File not found [Auto] -- -- (MDM)
SRV - File not found [Auto] -- -- (McTaskManager)
SRV - File not found [Auto] -- -- (McShield)
SRV - File not found [Auto] -- -- (McAfeeFramework)
SRV - File not found [Auto] -- -- (McAfeeEngineService)
SRV - File not found [Auto] -- -- (JavaQuickStarterService)
SRV - File not found [On_Demand] -- -- (iPod Service)
SRV - File not found [Auto] -- -- (InCDsrv)
SRV - File not found [Auto] -- -- (FlipShare Service)
SRV - File not found [Auto] -- -- (dsNcService)
SRV - File not found [Auto] -- -- (Bonjour Service)
SRV - File not found [Auto] -- -- (Apple Mobile Device)
SRV - [2009/02/06 13:14:03 | 000,110,592 | ---- | M] () [Auto] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2009/02/06 13:14:03 | 000,110,592 | ---- | M] () [Auto] -- C:\WINDOWS\system32\services.exe -- (Eventlog)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (pnicml)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (mfetdik)
DRV - File not found [Kernel | On_Demand] -- -- (mferkdet)
DRV - File not found [Kernel | Boot] -- -- (mfehidk)
DRV - File not found [Kernel | On_Demand] -- -- (mfebopk)
DRV - File not found [Kernel | On_Demand] -- -- (mfeavfk)
DRV - File not found [Kernel | On_Demand] -- -- (mfeapfk)
DRV - File not found [Kernel | Auto] -- -- (MCSTRM)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - File not found [Kernel | On_Demand] -- -- (diskchk)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | On_Demand] -- -- (.redbook)
DRV - File not found [Kernel | On_Demand] -- -- (.i8042prt)
DRV - [2011/09/08 21:36:13 | 000,000,000 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\128095406 -- (ae94a207)
DRV - [2011/09/08 07:14:25 | 000,454,016 | ---- | M] () [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/12 16:10:02 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2008/07/09 06:05:48 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/07/09 06:05:48 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/04/04 14:49:04 | 000,136,832 | ---- | M] (Saitek) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SaiH8000.sys -- (SaiH8000)
DRV - [2007/12/11 14:42:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/01/31 09:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007/01/18 08:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln)
DRV - [2005/10/15 21:15:41 | 000,027,171 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2005/10/08 18:22:38 | 000,071,512 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\toywdm.sys -- (JL2005)
DRV - [2005/09/26 01:08:10 | 000,125,568 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avcgbdr.sys -- (avcgbdr)
DRV - [2005/07/28 04:28:10 | 000,019,712 | ---- | M] (Adaptec, Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avcgbfl.sys -- (avcgbfl)
DRV - [2005/04/24 22:43:58 | 000,013,225 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Razerlow.sys -- (Razerlow)
DRV - [2004/10/08 07:59:12 | 000,326,656 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2004/10/08 07:57:50 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/08/06 02:26:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3)
DRV - [2004/07/17 05:24:20 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/04/07 15:11:00 | 000,038,860 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2004/04/07 15:11:00 | 000,019,908 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2003/06/30 10:56:20 | 000,005,264 | ---- | M] (Ahead Software AG) [Recognizer | System] -- C:\WINDOWS\System32\drivers\incdrec.sys -- (InCDrec)
DRV - [2003/06/30 10:51:24 | 000,028,208 | ---- | M] (Ahead Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass)
DRV - [2003/06/30 10:51:00 | 000,086,496 | ---- | M] () [File_System | Disabled] -- C:\WINDOWS\System32\drivers\incdfs.sys -- (InCDfs)
DRV - [2003/01/27 16:37:38 | 000,286,512 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/01/21 05:38:12 | 000,139,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HAP16V2K.SYS -- (hap16v2k)
DRV - [2003/01/07 05:03:42 | 000,822,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/01/06 03:24:12 | 000,012,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2003/01/06 03:05:14 | 000,184,656 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/12/19 02:06:02 | 000,116,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/12/19 02:05:52 | 000,135,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2002/12/19 02:05:32 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS -- (ctprxy2k)
DRV - [2002/12/19 02:05:12 | 000,497,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/12/19 02:03:42 | 000,135,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTAC32K.SYS -- (ctac32k)
DRV - [2002/11/12 06:38:38 | 000,016,432 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)
DRV - [2001/08/23 15:00:00 | 000,022,400 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2000/12/12 15:45:52 | 000,008,679 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SCI0PL.SYS -- (PLSCSI)
DRV - [2000/12/12 15:41:54 | 000,021,510 | ---- | M] ( ) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\SCI1PL.SYS -- (USBAtapi2000)
DRV - [2000/04/18 00:53:50 | 000,112,624 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dvc325.sys -- (DCamUSBLTN)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Justin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Justin_ON_C\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
IE - HKU\Justin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Justin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Justin\Application Data\Move Networks\plugins\npqmp071500000347.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/04 19:37:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/08 18:05:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/17 21:24:45 | 000,000,000 | ---D | M]

[2011/08/31 02:31:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/30 20:58:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2005/09/15 18:26:00 | 000,044,153 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\inspector.dll
[2011/03/30 20:57:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/05/28 17:15:00 | 000,110,592 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2006/02/02 15:56:00 | 000,225,280 | ---- | M] (Virtools SA) -- C:\Program Files\mozilla firefox\plugins\npvirtools.dll

O1 HOSTS File: ([2011/09/08 21:01:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (PaltalkWebLogin) - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll (AVM Software Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - File not found
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O3 - HKU\Justin_ON_C\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\Justin_ON_C\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ShStatEXE] File not found
O4 - HKU\Administrator_ON_C..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\RunOnce: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE (Creative Technology Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Justin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Justin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Justin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akama...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1159395208484 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://download.game...aploader_v5.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/03 16:07:01 | 000,002,247 | ---- | M] () - C:\AutoAssault.log -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/11 12:06:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmp
[2011/09/10 05:31:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/08 21:34:46 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\57151004.sys
[2011/09/08 21:32:54 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\96000353.sys
[2011/09/08 21:32:16 | 000,475,736 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\0087190drv.sys
[2011/09/08 21:15:41 | 001,402,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Justin\Desktop\tdsskiller.exe
[2011/09/08 21:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\logs for post
[2011/09/08 18:18:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/08 18:18:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/08 18:18:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/08 18:18:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/08 18:13:55 | 004,200,409 | R--- | C] (Swearware) -- C:\Documents and Settings\Justin\Desktop\George.exe
[2011/09/08 18:11:06 | 001,832,544 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Justin\Desktop\MCPR.exe
[2011/09/08 18:05:26 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/09/06 19:20:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Start Menu\Programs\HiJackThis
[2011/09/06 07:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG Anti-Rootkit Free
[2011/09/06 07:06:30 | 000,003,968 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgArCln.sys
[2011/09/06 07:06:26 | 000,000,000 | ---D | C] -- C:\Program Files\GRISOFT
[2011/09/01 18:36:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Justin\Recent
[2011/09/01 07:50:32 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/01 07:50:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/01 07:50:25 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/01 07:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/01 07:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\Current pass
[2011/08/31 21:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\TMRBLog
[2011/08/31 21:12:00 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/08/31 21:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\log
[2011/08/31 21:11:59 | 000,065,808 | ---- | C] (trend_company_name) -- C:\WINDOWS\System32\drivers\tmrkb.sys
[2011/08/31 20:56:11 | 002,002,320 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Justin\Desktop\HousecallLauncher.exe
[2011/08/31 20:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Start Menu\Programs\Google Chrome
[2011/08/31 20:37:26 | 000,604,496 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Justin\Desktop\ChromeSetup.exe
[2011/08/31 02:09:01 | 122,890,824 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Justin\Desktop\sdat.exe
[2011/08/27 19:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\Jaggery and Fox
[2011/08/26 10:48:07 | 000,000,000 | ---D | C] -- C:\iPod Photo Cache
[2003/09/03 18:26:18 | 000,021,510 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\SCI1PL.SYS
[2003/09/03 18:26:18 | 000,008,679 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\SCI0PL.SYS
[2003/08/26 18:43:04 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[56 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[20 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1913 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/11 16:18:16 | 1072,484,352 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/11 16:18:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/11 11:46:01 | 000,000,512 | ---- | M] () -- C:\MBR_backup.dat
[2011/09/10 08:29:52 | 000,000,281 | -H-- | M] () -- C:\boot.ini
[2011/09/09 03:05:40 | 000,475,736 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\0087190drv.sys
[2011/09/09 03:05:40 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\96000353.sys
[2011/09/09 03:05:40 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\57151004.sys
[2011/09/08 21:36:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\128095406
[2011/09/08 21:35:20 | 000,030,180 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000002-00001102-00000004-10071102}.rfx
[2011/09/08 21:35:20 | 000,030,180 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000002-00001102-00000004-10071102}.rfx
[2011/09/08 21:35:20 | 000,030,168 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000002-00001102-00000004-10071102}.rfx
[2011/09/08 21:35:20 | 000,030,168 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000002-00001102-00000004-10071102}.rfx
[2011/09/08 21:35:20 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/09/08 21:35:20 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/09/08 21:35:20 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-10071102}.dat
[2011/09/08 21:35:20 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-10071102}.dat
[2011/09/08 21:31:23 | 106,040,432 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\setup_11.0.0.1245.x01_2011_09_09_03_05.exe
[2011/09/08 21:22:03 | 001,916,416 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\aswMBR.exe
[2011/09/08 21:19:41 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/08 21:19:33 | 000,050,112 | -HS- | M] () -- C:\WINDOWS\System32\c_65712.nl_
[2011/09/08 21:19:28 | 000,087,446 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/09/08 21:15:37 | 001,402,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Justin\Desktop\tdsskiller.exe
[2011/09/08 21:01:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/08 11:32:50 | 001,832,544 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Justin\Desktop\MCPR.exe
[2011/09/08 08:57:50 | 004,200,409 | R--- | M] (Swearware) -- C:\Documents and Settings\Justin\Desktop\George.exe
[2011/09/08 07:14:25 | 000,454,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/09/08 07:14:25 | 000,454,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\mrxsmb.sys
[2011/09/08 07:01:31 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/09/08 06:57:23 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/08 00:43:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003UA.job
[2011/09/08 00:42:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/08 00:24:39 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/09/08 00:24:32 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/07 22:44:50 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\Google Chrome.lnk
[2011/09/07 22:44:50 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/07 22:13:16 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\Shortcut to OTL.exe.lnk
[2011/09/06 19:20:56 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\HiJackThis.lnk
[2011/09/06 10:37:52 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\HijackThis.msi
[2011/09/06 07:06:31 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Rootkit Free.lnk
[2011/09/06 07:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG Anti-Rootkit Free
[2011/09/01 18:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Gimp
[2011/09/01 18:36:25 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/09/01 18:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Audio Tools
[2011/09/01 07:50:32 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/01 07:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/31 21:11:59 | 000,065,808 | ---- | M] (trend_company_name) -- C:\WINDOWS\System32\drivers\tmrkb.sys
[2011/08/31 21:11:58 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/08/31 20:57:50 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\housecall.guid.cache
[2011/08/31 20:56:15 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Justin\Desktop\HousecallLauncher.exe
[2011/08/31 20:43:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003Core.job
[2011/08/31 20:37:26 | 000,604,496 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Justin\Desktop\ChromeSetup.exe
[2011/08/31 02:12:51 | 122,890,824 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Justin\Desktop\sdat.exe
[2011/08/31 02:11:46 | 090,266,112 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\vscan87.exe
[2011/08/31 02:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Juniper Networks
[20 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1913 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/11 11:46:01 | 000,000,512 | ---- | C] () -- C:\MBR_backup.dat
[2011/09/09 07:09:37 | 1072,484,352 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/08 21:27:40 | 106,040,432 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\setup_11.0.0.1245.x01_2011_09_09_03_05.exe
[2011/09/08 21:21:39 | 001,916,416 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\aswMBR.exe
[2011/09/08 21:19:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\128095406
[2011/09/08 18:18:46 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/08 18:18:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/08 18:18:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/08 18:18:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/08 18:18:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/08 07:01:31 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/09/07 22:13:16 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\Shortcut to OTL.exe.lnk
[2011/09/06 19:20:56 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\HiJackThis.lnk
[2011/09/06 07:06:31 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Rootkit Free.lnk
[2011/09/01 07:50:32 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/31 21:11:52 | 008,570,384 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\RootkitBuster.exe
[2011/08/31 20:57:50 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\housecall.guid.cache
[2011/08/31 20:48:38 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\HijackThis.msi
[2011/08/31 20:39:20 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\Google Chrome.lnk
[2011/08/31 20:39:20 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/31 20:38:15 | 000,000,982 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003UA.job
[2011/08/31 20:38:15 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003Core.job
[2011/08/31 02:08:34 | 090,266,112 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\vscan87.exe
[2011/08/30 20:30:05 | 000,050,112 | -HS- | C] () -- C:\WINDOWS\System32\c_65712.nl_
[2011/07/25 19:24:12 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Justin\.recently-used.xbel
[2011/02/18 06:54:29 | 000,000,185 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/09/05 01:17:23 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\services.exe
[2010/09/05 01:17:21 | 000,454,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\mrxsmb.sys
[2010/04/24 13:12:22 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/31 14:02:57 | 000,063,900 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/18 14:34:50 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\mcs.rma
[2009/08/18 14:34:50 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\D031BF
[2009/08/09 10:58:42 | 000,000,943 | ---- | C] () -- C:\WINDOWS\TATCALL.INI
[2009/08/09 10:58:42 | 000,000,020 | ---- | C] () -- C:\WINDOWS\TATVER.INI
[2009/08/09 10:58:41 | 000,000,260 | ---- | C] () -- C:\WINDOWS\TATUNINS.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/01 20:12:10 | 000,001,697 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\Juniper Network Connect 6.3.0.ini
[2009/05/05 12:08:06 | 000,000,119 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
[2009/05/04 18:49:55 | 000,000,043 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2008/11/16 21:05:00 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/13 20:27:35 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/11/13 20:27:35 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/11/13 20:27:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/11/13 20:27:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/11/13 20:27:35 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/11/13 20:27:35 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/10/19 09:53:40 | 000,000,060 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/07/25 00:39:42 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/07/15 19:29:28 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/04/04 14:49:04 | 001,282,048 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000.Dll
[2008/04/04 14:49:04 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_0C.dll
[2008/04/04 14:49:04 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_10.dll
[2008/04/04 14:49:04 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_0A.dll
[2008/04/04 14:49:04 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_07.dll
[2008/04/04 14:49:04 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_09.dll
[2008/04/04 14:49:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_0402.dll
[2008/04/04 14:49:04 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_11.dll
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/10/15 21:05:47 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
[2007/08/14 22:28:09 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Justin\presets.ini
[2007/03/03 07:12:44 | 000,000,473 | ---- | C] () -- C:\WINDOWS\vsp.ini
[2007/02/14 21:46:25 | 000,000,123 | ---- | C] () -- C:\WINDOWS\win96.INI
[2007/02/14 19:17:46 | 000,000,065 | ---- | C] () -- C:\WINDOWS\namedts.INI
[2007/01/30 20:31:46 | 000,002,795 | ---- | C] () -- C:\WINDOWS\EaseAudioConverter.ini
[2007/01/24 19:21:32 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/01/22 21:01:28 | 000,003,885 | ---- | C] () -- C:\WINDOWS\SCWRITER.INI
[2006/11/15 07:28:09 | 000,567,777 | ---- | C] () -- C:\Documents and Settings\Justin\ChatMessageRegExs.dat
[2006/09/17 01:37:30 | 000,080,384 | ---- | C] () -- C:\WINDOWS\gamedelete.exe
[2006/07/09 23:36:01 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\UnCasino5.exe
[2006/04/14 11:37:26 | 000,000,032 | ---- | C] () -- C:\WINDOWS\aceg.ini
[2006/03/25 09:05:25 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/03/13 16:19:23 | 000,006,812 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/03/13 16:05:18 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2006/03/09 09:01:20 | 000,001,603 | ---- | C] () -- C:\WINDOWS\kd330lan.ini
[2006/03/09 09:01:20 | 000,001,403 | ---- | C] () -- C:\WINDOWS\Dvc325.ini
[2006/01/14 11:57:56 | 000,002,564 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/27 13:24:31 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/12/18 14:02:27 | 000,090,624 | ---- | C] () -- C:\WINDOWS\VSUNINST.EXE
[2005/10/16 20:23:27 | 000,096,768 | ---- | C] () -- C:\WINDOWS\System32\UnPoker.exe
[2005/07/08 14:26:09 | 000,000,032 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/06/25 23:29:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Justin\.gtk-bookmarks
[2005/06/21 23:57:21 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/06/03 09:21:42 | 001,456,640 | ---- | C] () -- C:\Program Files\Common Files\Auto Assault.msi
[2005/05/12 00:34:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/05/12 00:34:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2005/05/12 00:34:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/05/12 00:34:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2005/05/12 00:34:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/05/12 00:34:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/05/12 00:34:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/05/12 00:34:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2005/05/12 00:34:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2005/05/12 00:34:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/04/13 19:11:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/04/13 19:11:23 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/04/13 19:11:11 | 000,006,400 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/03/28 22:13:30 | 000,000,003 | ---- | C] () -- C:\WINDOWS\sw_app.sys
[2005/03/28 22:13:30 | 000,000,003 | ---- | C] () -- C:\WINDOWS\approval.dat
[2005/03/28 22:13:03 | 000,000,003 | ---- | C] () -- C:\WINDOWS\sw_ver.dat
[2005/01/17 08:32:50 | 000,002,840 | ---- | C] () -- C:\WINDOWS\System32\vp.dat
[2005/01/17 08:32:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\vg.dat
[2005/01/17 08:32:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\v.dat
[2005/01/15 17:02:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lqybd.dat
[2005/01/04 22:51:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\apiyi.exe
[2005/01/02 11:19:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sysxq.exe
[2004/12/26 23:26:25 | 000,000,125 | ---- | C] () -- C:\WINDOWS\WinFrotz.INI
[2004/12/20 08:08:04 | 000,001,234 | ---- | C] () -- C:\WINDOWS\ARCHPR.INI
[2004/12/19 09:05:53 | 000,000,021 | ---- | C] () -- C:\WINDOWS\progman.ini
[2004/12/19 09:05:41 | 000,000,082 | ---- | C] () -- C:\WINDOWS\swcmpc.ini
[2004/12/18 10:33:28 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2004/11/19 00:37:34 | 000,000,292 | ---- | C] () -- C:\WINDOWS\vtmb.ini
[2004/11/18 23:12:27 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/09/26 09:19:27 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/24 08:34:26 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\fusioncache.dat
[2004/07/31 16:07:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/07/19 18:14:44 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2004/07/19 18:14:42 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/05/23 19:52:44 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/04/21 23:37:39 | 000,000,167 | ---- | C] () -- C:\WINDOWS\Recorder.dat
[2004/03/13 10:00:02 | 000,087,040 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2004/03/12 18:17:59 | 000,000,103 | ---- | C] () -- C:\WINDOWS\BJ.INI
[2004/02/28 01:20:15 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2004/02/22 21:55:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MOTO.INI
[2004/02/21 10:13:04 | 000,000,017 | ---- | C] () -- C:\WINDOWS\BICYCLE.INI
[2004/02/21 10:11:50 | 000,000,332 | ---- | C] () -- C:\WINDOWS\BP.INI
[2004/02/21 10:05:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BA.INI
[2003/09/25 06:46:39 | 000,000,070 | ---- | C] () -- C:\WINDOWS\nero.INI
[2003/09/13 07:38:51 | 000,220,160 | ---- | C] () -- C:\WINDOWS\PRINTERS.EXE
[2003/09/13 07:38:51 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\PRTmate.dll
[2003/09/07 14:47:41 | 000,115,085 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/09/07 07:29:09 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/09/06 11:47:13 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wa.INI
[2003/09/06 10:38:51 | 000,000,761 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2003/09/06 08:52:49 | 000,001,645 | ---- | C] () -- C:\WINDOWS\yahtzee.ini
[2003/09/04 22:04:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2003/09/04 18:57:53 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2003/09/03 20:33:05 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/09/03 18:31:51 | 000,001,110 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2003/08/28 15:10:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/27 09:17:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/08/27 09:13:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/08/27 09:05:42 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2003/08/27 09:05:42 | 000,002,398 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/08/27 09:05:29 | 000,444,286 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/08/27 09:05:29 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/08/27 09:05:29 | 000,072,440 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/08/27 09:05:29 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/08/27 09:05:28 | 000,004,742 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/08/27 09:05:27 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/08/27 09:05:27 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/08/27 09:05:25 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/08/27 09:05:25 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/08/27 09:05:20 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/08/27 09:05:18 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/08/27 02:09:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/08/27 02:08:39 | 000,278,944 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/08/26 18:49:01 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-10071102}.dat
[2003/08/26 18:49:01 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-10071102}.dat
[2003/08/26 18:43:59 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2003/08/26 18:43:58 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2003/08/26 18:43:17 | 000,066,980 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2003/08/26 18:43:17 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/08/26 18:43:13 | 000,248,091 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2003/08/26 18:43:13 | 000,232,723 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2003/08/26 18:43:13 | 000,224,644 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2003/08/26 18:43:13 | 000,190,720 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2003/08/26 18:43:13 | 000,138,816 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2003/08/26 18:43:13 | 000,110,820 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2003/08/26 18:43:13 | 000,053,674 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2003/08/26 18:43:08 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2003/08/26 18:43:08 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2003/08/26 18:43:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2003/08/26 18:43:08 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2003/08/26 18:43:08 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2003/08/26 18:42:56 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2003/08/26 18:42:45 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2003/08/26 18:41:48 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/08/26 18:24:09 | 000,007,264 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2003/08/26 18:23:50 | 000,086,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\incdfs.sys
[2003/08/19 16:22:19 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.DLL
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/07 00:19:16 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2001/08/23 15:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2000/03/29 22:00:00 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
[1999/10/23 18:29:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\UNRAR.DLL
[1999/08/11 15:28:02 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\LIBBZ2.DLL
[1999/05/21 21:10:00 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1998/01/28 00:06:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
[1997/11/17 18:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2003/08/26 18:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2005/06/25 23:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\.bittorrent
[2006/10/26 21:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Activision
[2004/10/27 00:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Aim
[2005/10/03 06:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Arctic
[2007/10/16 21:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Armagetron
[2011/08/31 00:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Azureus
[2009/09/22 21:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2007/12/17 21:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\CopyTrans
[2006/02/26 09:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\CrystalApp
[2006/02/26 09:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\CrystalSpace
[2010/06/24 22:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Facebook
[2011/08/31 00:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\FileZilla
[2007/06/24 16:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Flickr
[2006/03/13 16:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\FotoWire
[2008/10/19 09:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\gtk-2.0
[2003/08/26 18:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\InterTrust
[2008/11/13 20:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Intervideo
[2010/04/25 10:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Juniper Networks
[2004/12/12 02:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Leadertech
[2005/12/22 20:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Lionhead Studios
[2006/02/26 16:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\My Games
[2007/05/06 10:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\NCH Swift Sound
[2007/01/04 23:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Paltalk
[2009/05/05 12:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\PopCapv1002
[2004/08/21 15:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\RhinoSoft.com
[2008/02/26 20:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\SecondLife
[2007/05/06 11:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Softplicity
[2011/01/18 12:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\TomTom
[2007/10/16 22:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\uqm
[2008/12/20 16:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2007/10/16 21:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Armagetron
[2009/04/02 22:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
[2010/05/04 22:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/06/20 14:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2008/07/15 19:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grey Alien Games
[2008/11/15 01:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2010/04/25 10:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2005/12/22 20:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lionhead Studios
[2003/12/15 01:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 6.1.0203
[2011/09/01 07:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/02/28 20:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2004/08/10 16:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/05/04 18:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/09/05 00:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/03/21 21:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/05/07 16:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/18 12:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2005/03/05 15:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/22 16:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/02 19:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/03 18:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 2736 bytes -> C:\WINDOWS\128095406:1365990904.exe
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93F3E4C9
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:364682BC
@Alternate Data Stream - 11591 bytes -> C:\WINDOWS\uninst.exe:amfjyl
< End of report >
  • 0

#22
RKinner
Posted 11 September 2011 - 06:36 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
ZA is still hanging in there:

DRV - [2011/09/08 21:36:13 | 000,000,000 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\128095406 -- (ae94a207)

@Alternate Data Stream - 2736 bytes -> C:\WINDOWS\128095406:1365990904.exe

[2011/09/08 07:01:31 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}

See if you can boot into miniXP and delete

C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
C:\WINDOWS\128095406

Then run OTL again and in the custom scans/Fixes box put:

:processes
killallprocesses

:Services
ae94a207

:OTL
DRV - [2011/09/08 21:36:13 | 000,000,000 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\128095406 -- (ae94a207)
@Alternate Data Stream - 2736 bytes -> C:\WINDOWS\128095406:1365990904.exe
[2011/09/08 07:01:31 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}

Then Run Fix.

Ron
  • 0

#23
bdjsb7
Posted 11 September 2011 - 08:39 PM

bdjsb7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Deleted the files. Ran Fix:


Error: Unable to interpret <:processes> in the current context!
Error: Unable to interpret <killallprocesses> in the current context!
========== SERVICES/DRIVERS ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ae94a207 deleted successfully.
========== OTL ==========
Service\Driver key ae94a207 not found.
File C:\WINDOWS\128095406 not found.
Unable to delete ADS C:\WINDOWS\128095406:1365990904.exe .
File C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735} not found.

OTLPE by OldTimer - Version 3.1.48.0 log created on 09122011_003501
  • 0

#24
RKinner
Posted 11 September 2011 - 11:08 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Delete the file:

C:\WINDOWS\uninst.exe

Run OTL again and post the log.
  • 0

#25
bdjsb7
Posted 12 September 2011 - 01:24 AM

bdjsb7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Deleted. OTL Ran.


OTL logfile created on: 9/12/2011 5:56:39 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 772.00 Mb Available Physical Memory | 75.00% Memory free
906.00 Mb Paging File | 846.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 22.84 Gb Free Space | 20.43% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 53.00 Gb Free Space | 22.76% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (TomTomHOMEService)
SRV - File not found [Auto] -- -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - File not found [Auto] -- -- (mfevtp)
SRV - File not found [Auto] -- -- (MDM)
SRV - File not found [Auto] -- -- (McTaskManager)
SRV - File not found [Auto] -- -- (McShield)
SRV - File not found [Auto] -- -- (McAfeeFramework)
SRV - File not found [Auto] -- -- (McAfeeEngineService)
SRV - File not found [Auto] -- -- (JavaQuickStarterService)
SRV - File not found [On_Demand] -- -- (iPod Service)
SRV - File not found [Auto] -- -- (InCDsrv)
SRV - File not found [Auto] -- -- (FlipShare Service)
SRV - File not found [Auto] -- -- (dsNcService)
SRV - File not found [Auto] -- -- (Bonjour Service)
SRV - File not found [Auto] -- -- (Apple Mobile Device)
SRV - [2009/02/06 13:14:03 | 000,110,592 | ---- | M] () [Auto] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2009/02/06 13:14:03 | 000,110,592 | ---- | M] () [Auto] -- C:\WINDOWS\system32\services.exe -- (Eventlog)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (pnicml)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (mfetdik)
DRV - File not found [Kernel | On_Demand] -- -- (mferkdet)
DRV - File not found [Kernel | Boot] -- -- (mfehidk)
DRV - File not found [Kernel | On_Demand] -- -- (mfebopk)
DRV - File not found [Kernel | On_Demand] -- -- (mfeavfk)
DRV - File not found [Kernel | On_Demand] -- -- (mfeapfk)
DRV - File not found [Kernel | Auto] -- -- (MCSTRM)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - File not found [Kernel | On_Demand] -- -- (diskchk)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | On_Demand] -- -- (.redbook)
DRV - File not found [Kernel | On_Demand] -- -- (.i8042prt)
DRV - [2011/09/08 07:14:25 | 000,454,016 | ---- | M] () [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/12 16:10:02 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2008/07/09 06:05:48 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/07/09 06:05:48 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/04/04 14:49:04 | 000,136,832 | ---- | M] (Saitek) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SaiH8000.sys -- (SaiH8000)
DRV - [2007/12/11 14:42:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/01/31 09:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007/01/18 08:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln)
DRV - [2005/10/15 21:15:41 | 000,027,171 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2005/10/08 18:22:38 | 000,071,512 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\toywdm.sys -- (JL2005)
DRV - [2005/09/26 01:08:10 | 000,125,568 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avcgbdr.sys -- (avcgbdr)
DRV - [2005/07/28 04:28:10 | 000,019,712 | ---- | M] (Adaptec, Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avcgbfl.sys -- (avcgbfl)
DRV - [2005/04/24 22:43:58 | 000,013,225 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Razerlow.sys -- (Razerlow)
DRV - [2004/10/08 07:59:12 | 000,326,656 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2004/10/08 07:57:50 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/08/06 02:26:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3)
DRV - [2004/07/17 05:24:20 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/04/07 15:11:00 | 000,038,860 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2004/04/07 15:11:00 | 000,019,908 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2003/06/30 10:56:20 | 000,005,264 | ---- | M] (Ahead Software AG) [Recognizer | System] -- C:\WINDOWS\System32\drivers\incdrec.sys -- (InCDrec)
DRV - [2003/06/30 10:51:24 | 000,028,208 | ---- | M] (Ahead Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass)
DRV - [2003/06/30 10:51:00 | 000,086,496 | ---- | M] () [File_System | Disabled] -- C:\WINDOWS\System32\drivers\incdfs.sys -- (InCDfs)
DRV - [2003/01/27 16:37:38 | 000,286,512 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/01/21 05:38:12 | 000,139,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HAP16V2K.SYS -- (hap16v2k)
DRV - [2003/01/07 05:03:42 | 000,822,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/01/06 03:24:12 | 000,012,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2003/01/06 03:05:14 | 000,184,656 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/12/19 02:06:02 | 000,116,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/12/19 02:05:52 | 000,135,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2002/12/19 02:05:32 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS -- (ctprxy2k)
DRV - [2002/12/19 02:05:12 | 000,497,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/12/19 02:03:42 | 000,135,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTAC32K.SYS -- (ctac32k)
DRV - [2002/11/12 06:38:38 | 000,016,432 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)
DRV - [2001/08/23 15:00:00 | 000,022,400 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2000/12/12 15:45:52 | 000,008,679 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SCI0PL.SYS -- (PLSCSI)
DRV - [2000/12/12 15:41:54 | 000,021,510 | ---- | M] ( ) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\SCI1PL.SYS -- (USBAtapi2000)
DRV - [2000/04/18 00:53:50 | 000,112,624 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dvc325.sys -- (DCamUSBLTN)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Justin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Justin_ON_C\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
IE - HKU\Justin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Justin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Justin\Application Data\Move Networks\plugins\npqmp071500000347.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/04 19:37:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/08 18:05:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/17 21:24:45 | 000,000,000 | ---D | M]

[2011/08/31 02:31:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/30 20:58:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2005/09/15 18:26:00 | 000,044,153 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\inspector.dll
[2011/03/30 20:57:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/05/28 17:15:00 | 000,110,592 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2006/02/02 15:56:00 | 000,225,280 | ---- | M] (Virtools SA) -- C:\Program Files\mozilla firefox\plugins\npvirtools.dll

O1 HOSTS File: ([2011/09/08 21:01:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (PaltalkWebLogin) - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll (AVM Software Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - File not found
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O3 - HKU\Justin_ON_C\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\Justin_ON_C\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ShStatEXE] File not found
O4 - HKU\Administrator_ON_C..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\RunOnce: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE (Creative Technology Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Justin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Justin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Justin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akama...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1159395208484 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://download.game...aploader_v5.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/03 16:07:01 | 000,002,247 | ---- | M] () - C:\AutoAssault.log -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/12 00:35:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/11 12:06:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmp
[2011/09/10 05:31:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/08 21:34:46 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\57151004.sys
[2011/09/08 21:32:54 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\96000353.sys
[2011/09/08 21:32:16 | 000,475,736 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\0087190drv.sys
[2011/09/08 21:15:41 | 001,402,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Justin\Desktop\tdsskiller.exe
[2011/09/08 21:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\logs for post
[2011/09/08 18:18:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/08 18:18:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/08 18:18:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/08 18:18:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/08 18:13:55 | 004,200,409 | R--- | C] (Swearware) -- C:\Documents and Settings\Justin\Desktop\George.exe
[2011/09/08 18:11:06 | 001,832,544 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Justin\Desktop\MCPR.exe
[2011/09/08 18:05:26 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/09/06 19:20:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Start Menu\Programs\HiJackThis
[2011/09/06 07:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG Anti-Rootkit Free
[2011/09/06 07:06:30 | 000,003,968 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgArCln.sys
[2011/09/06 07:06:26 | 000,000,000 | ---D | C] -- C:\Program Files\GRISOFT
[2011/09/01 18:36:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Justin\Recent
[2011/09/01 07:50:32 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/01 07:50:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/01 07:50:25 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/01 07:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/01 07:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\Current pass
[2011/08/31 21:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\TMRBLog
[2011/08/31 21:12:00 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/08/31 21:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\log
[2011/08/31 21:11:59 | 000,065,808 | ---- | C] (trend_company_name) -- C:\WINDOWS\System32\drivers\tmrkb.sys
[2011/08/31 20:56:11 | 002,002,320 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Justin\Desktop\HousecallLauncher.exe
[2011/08/31 20:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Start Menu\Programs\Google Chrome
[2011/08/31 20:37:26 | 000,604,496 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Justin\Desktop\ChromeSetup.exe
[2011/08/31 02:09:01 | 122,890,824 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Justin\Desktop\sdat.exe
[2011/08/27 19:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\Jaggery and Fox
[2011/08/26 10:48:07 | 000,000,000 | ---D | C] -- C:\iPod Photo Cache
[2003/09/03 18:26:18 | 000,021,510 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\SCI1PL.SYS
[2003/09/03 18:26:18 | 000,008,679 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\SCI0PL.SYS
[2003/08/26 18:43:04 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[56 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[20 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1913 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/11 16:18:16 | 1072,484,352 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/11 16:18:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/11 11:46:01 | 000,000,512 | ---- | M] () -- C:\MBR_backup.dat
[2011/09/10 08:29:52 | 000,000,281 | -H-- | M] () -- C:\boot.ini
[2011/09/09 03:05:40 | 000,475,736 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\0087190drv.sys
[2011/09/09 03:05:40 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\96000353.sys
[2011/09/09 03:05:40 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\57151004.sys
[2011/09/08 21:35:20 | 000,030,180 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000002-00001102-00000004-10071102}.rfx
[2011/09/08 21:35:20 | 000,030,180 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000002-00001102-00000004-10071102}.rfx
[2011/09/08 21:35:20 | 000,030,168 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000002-00001102-00000004-10071102}.rfx
[2011/09/08 21:35:20 | 000,030,168 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000002-00001102-00000004-10071102}.rfx
[2011/09/08 21:35:20 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/09/08 21:35:20 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/09/08 21:35:20 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-10071102}.dat
[2011/09/08 21:35:20 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-10071102}.dat
[2011/09/08 21:31:23 | 106,040,432 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\setup_11.0.0.1245.x01_2011_09_09_03_05.exe
[2011/09/08 21:22:03 | 001,916,416 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\aswMBR.exe
[2011/09/08 21:19:41 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/08 21:19:33 | 000,050,112 | -HS- | M] () -- C:\WINDOWS\System32\c_65712.nl_
[2011/09/08 21:19:28 | 000,087,446 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/09/08 21:15:37 | 001,402,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Justin\Desktop\tdsskiller.exe
[2011/09/08 21:01:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/08 11:32:50 | 001,832,544 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Justin\Desktop\MCPR.exe
[2011/09/08 08:57:50 | 004,200,409 | R--- | M] (Swearware) -- C:\Documents and Settings\Justin\Desktop\George.exe
[2011/09/08 07:14:25 | 000,454,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/09/08 07:14:25 | 000,454,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\mrxsmb.sys
[2011/09/08 06:57:23 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/08 00:43:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003UA.job
[2011/09/08 00:42:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/08 00:24:39 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/09/08 00:24:32 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/07 22:44:50 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\Google Chrome.lnk
[2011/09/07 22:44:50 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/07 22:13:16 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\Shortcut to OTL.exe.lnk
[2011/09/06 19:20:56 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\HiJackThis.lnk
[2011/09/06 10:37:52 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\HijackThis.msi
[2011/09/06 07:06:31 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Rootkit Free.lnk
[2011/09/06 07:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG Anti-Rootkit Free
[2011/09/01 18:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Gimp
[2011/09/01 18:36:25 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/09/01 18:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Audio Tools
[2011/09/01 07:50:32 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/01 07:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/31 21:11:59 | 000,065,808 | ---- | M] (trend_company_name) -- C:\WINDOWS\System32\drivers\tmrkb.sys
[2011/08/31 21:11:58 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/08/31 20:57:50 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\housecall.guid.cache
[2011/08/31 20:56:15 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Justin\Desktop\HousecallLauncher.exe
[2011/08/31 20:43:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003Core.job
[2011/08/31 20:37:26 | 000,604,496 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Justin\Desktop\ChromeSetup.exe
[2011/08/31 02:12:51 | 122,890,824 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Justin\Desktop\sdat.exe
[2011/08/31 02:11:46 | 090,266,112 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\vscan87.exe
[2011/08/31 02:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Juniper Networks
[20 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1913 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/11 11:46:01 | 000,000,512 | ---- | C] () -- C:\MBR_backup.dat
[2011/09/09 07:09:37 | 1072,484,352 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/08 21:27:40 | 106,040,432 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\setup_11.0.0.1245.x01_2011_09_09_03_05.exe
[2011/09/08 21:21:39 | 001,916,416 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\aswMBR.exe
[2011/09/08 18:18:46 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/08 18:18:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/08 18:18:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/08 18:18:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/08 18:18:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/07 22:13:16 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\Shortcut to OTL.exe.lnk
[2011/09/06 19:20:56 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\HiJackThis.lnk
[2011/09/06 07:06:31 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Rootkit Free.lnk
[2011/09/01 07:50:32 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/31 21:11:52 | 008,570,384 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\RootkitBuster.exe
[2011/08/31 20:57:50 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\housecall.guid.cache
[2011/08/31 20:48:38 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\HijackThis.msi
[2011/08/31 20:39:20 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\Google Chrome.lnk
[2011/08/31 20:39:20 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/31 20:38:15 | 000,000,982 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003UA.job
[2011/08/31 20:38:15 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003Core.job
[2011/08/31 02:08:34 | 090,266,112 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\vscan87.exe
[2011/08/30 20:30:05 | 000,050,112 | -HS- | C] () -- C:\WINDOWS\System32\c_65712.nl_
[2011/07/25 19:24:12 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Justin\.recently-used.xbel
[2011/02/18 06:54:29 | 000,000,185 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/09/05 01:17:23 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\services.exe
[2010/09/05 01:17:21 | 000,454,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\mrxsmb.sys
[2010/04/24 13:12:22 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/31 14:02:57 | 000,063,900 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/18 14:34:50 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\mcs.rma
[2009/08/18 14:34:50 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\D031BF
[2009/08/09 10:58:42 | 000,000,943 | ---- | C] () -- C:\WINDOWS\TATCALL.INI
[2009/08/09 10:58:42 | 000,000,020 | ---- | C] () -- C:\WINDOWS\TATVER.INI
[2009/08/09 10:58:41 | 000,000,260 | ---- | C] () -- C:\WINDOWS\TATUNINS.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/01 20:12:10 | 000,001,697 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\Juniper Network Connect 6.3.0.ini
[2009/05/05 12:08:06 | 000,000,119 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
[2009/05/04 18:49:55 | 000,000,043 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2008/11/16 21:05:00 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/13 20:27:35 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/11/13 20:27:35 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/11/13 20:27:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/11/13 20:27:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/11/13 20:27:35 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/11/13 20:27:35 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/10/19 09:53:40 | 000,000,060 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/07/25 00:39:42 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/07/15 19:29:28 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/04/04 14:49:04 | 001,282,048 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000.Dll
[2008/04/04 14:49:04 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_0C.dll
[2008/04/04 14:49:04 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_10.dll
[2008/04/04 14:49:04 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_0A.dll
[2008/04/04 14:49:04 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_07.dll
[2008/04/04 14:49:04 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_09.dll
[2008/04/04 14:49:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_0402.dll
[2008/04/04 14:49:04 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_11.dll
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/10/15 21:05:47 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
[2007/08/14 22:28:09 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Justin\presets.ini
[2007/03/03 07:12:44 | 000,000,473 | ---- | C] () -- C:\WINDOWS\vsp.ini
[2007/02/14 21:46:25 | 000,000,123 | ---- | C] () -- C:\WINDOWS\win96.INI
[2007/02/14 19:17:46 | 000,000,065 | ---- | C] () -- C:\WINDOWS\namedts.INI
[2007/01/30 20:31:46 | 000,002,795 | ---- | C] () -- C:\WINDOWS\EaseAudioConverter.ini
[2007/01/24 19:21:32 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/01/22 21:01:28 | 000,003,885 | ---- | C] () -- C:\WINDOWS\SCWRITER.INI
[2006/11/15 07:28:09 | 000,567,777 | ---- | C] () -- C:\Documents and Settings\Justin\ChatMessageRegExs.dat
[2006/09/17 01:37:30 | 000,080,384 | ---- | C] () -- C:\WINDOWS\gamedelete.exe
[2006/07/09 23:36:01 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\UnCasino5.exe
[2006/04/14 11:37:26 | 000,000,032 | ---- | C] () -- C:\WINDOWS\aceg.ini
[2006/03/25 09:05:25 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/03/13 16:19:23 | 000,006,812 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/03/13 16:05:18 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2006/03/09 09:01:20 | 000,001,603 | ---- | C] () -- C:\WINDOWS\kd330lan.ini
[2006/03/09 09:01:20 | 000,001,403 | ---- | C] () -- C:\WINDOWS\Dvc325.ini
[2006/01/14 11:57:56 | 000,002,564 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/27 13:24:31 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/12/18 14:02:27 | 000,090,624 | ---- | C] () -- C:\WINDOWS\VSUNINST.EXE
[2005/10/16 20:23:27 | 000,096,768 | ---- | C] () -- C:\WINDOWS\System32\UnPoker.exe
[2005/07/08 14:26:09 | 000,000,032 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/06/25 23:29:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Justin\.gtk-bookmarks
[2005/06/21 23:57:21 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/06/03 09:21:42 | 001,456,640 | ---- | C] () -- C:\Program Files\Common Files\Auto Assault.msi
[2005/05/12 00:34:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/05/12 00:34:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2005/05/12 00:34:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/05/12 00:34:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2005/05/12 00:34:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/05/12 00:34:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/05/12 00:34:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/05/12 00:34:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2005/05/12 00:34:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2005/05/12 00:34:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/04/13 19:11:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/04/13 19:11:23 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/04/13 19:11:11 | 000,006,400 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/03/28 22:13:30 | 000,000,003 | ---- | C] () -- C:\WINDOWS\sw_app.sys
[2005/03/28 22:13:30 | 000,000,003 | ---- | C] () -- C:\WINDOWS\approval.dat
[2005/03/28 22:13:03 | 000,000,003 | ---- | C] () -- C:\WINDOWS\sw_ver.dat
[2005/01/17 08:32:50 | 000,002,840 | ---- | C] () -- C:\WINDOWS\System32\vp.dat
[2005/01/17 08:32:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\vg.dat
[2005/01/17 08:32:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\v.dat
[2005/01/15 17:02:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lqybd.dat
[2005/01/04 22:51:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\apiyi.exe
[2005/01/02 11:19:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sysxq.exe
[2004/12/26 23:26:25 | 000,000,125 | ---- | C] () -- C:\WINDOWS\WinFrotz.INI
[2004/12/20 08:08:04 | 000,001,234 | ---- | C] () -- C:\WINDOWS\ARCHPR.INI
[2004/12/19 09:05:53 | 000,000,021 | ---- | C] () -- C:\WINDOWS\progman.ini
[2004/12/19 09:05:41 | 000,000,082 | ---- | C] () -- C:\WINDOWS\swcmpc.ini
[2004/12/18 10:33:28 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2004/11/19 00:37:34 | 000,000,292 | ---- | C] () -- C:\WINDOWS\vtmb.ini
[2004/11/18 23:12:27 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/09/26 09:19:27 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/24 08:34:26 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\fusioncache.dat
[2004/07/31 16:07:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/07/19 18:14:44 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2004/07/19 18:14:42 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/05/23 19:52:44 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/04/21 23:37:39 | 000,000,167 | ---- | C] () -- C:\WINDOWS\Recorder.dat
[2004/03/13 10:00:02 | 000,087,040 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2004/03/12 18:17:59 | 000,000,103 | ---- | C] () -- C:\WINDOWS\BJ.INI
[2004/02/28 01:20:15 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2004/02/22 21:55:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MOTO.INI
[2004/02/21 10:13:04 | 000,000,017 | ---- | C] () -- C:\WINDOWS\BICYCLE.INI
[2004/02/21 10:11:50 | 000,000,332 | ---- | C] () -- C:\WINDOWS\BP.INI
[2004/02/21 10:05:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BA.INI
[2003/09/25 06:46:39 | 000,000,070 | ---- | C] () -- C:\WINDOWS\nero.INI
[2003/09/13 07:38:51 | 000,220,160 | ---- | C] () -- C:\WINDOWS\PRINTERS.EXE
[2003/09/13 07:38:51 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\PRTmate.dll
[2003/09/07 14:47:41 | 000,115,085 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/09/07 07:29:09 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/09/06 11:47:13 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wa.INI
[2003/09/06 10:38:51 | 000,000,761 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2003/09/06 08:52:49 | 000,001,645 | ---- | C] () -- C:\WINDOWS\yahtzee.ini
[2003/09/04 22:04:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2003/09/04 18:57:53 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2003/09/03 20:33:05 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/09/03 18:31:51 | 000,001,110 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2003/08/28 15:10:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/27 09:17:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/08/27 09:13:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/08/27 09:05:42 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2003/08/27 09:05:42 | 000,002,398 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/08/27 09:05:29 | 000,444,286 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/08/27 09:05:29 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/08/27 09:05:29 | 000,072,440 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/08/27 09:05:29 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/08/27 09:05:28 | 000,004,742 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/08/27 09:05:27 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/08/27 09:05:27 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/08/27 09:05:25 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/08/27 09:05:25 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/08/27 09:05:20 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/08/27 09:05:18 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/08/27 02:09:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/08/27 02:08:39 | 000,278,944 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/08/26 18:49:01 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-10071102}.dat
[2003/08/26 18:49:01 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-10071102}.dat
[2003/08/26 18:43:59 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2003/08/26 18:43:58 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2003/08/26 18:43:17 | 000,066,980 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2003/08/26 18:43:17 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/08/26 18:43:13 | 000,248,091 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2003/08/26 18:43:13 | 000,232,723 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2003/08/26 18:43:13 | 000,224,644 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2003/08/26 18:43:13 | 000,190,720 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2003/08/26 18:43:13 | 000,138,816 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2003/08/26 18:43:13 | 000,110,820 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2003/08/26 18:43:13 | 000,053,674 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2003/08/26 18:43:08 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2003/08/26 18:43:08 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2003/08/26 18:43:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2003/08/26 18:43:08 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2003/08/26 18:43:08 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2003/08/26 18:42:56 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2003/08/26 18:42:45 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2003/08/26 18:41:48 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/08/26 18:24:09 | 000,007,264 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2003/08/26 18:23:50 | 000,086,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\incdfs.sys
[2003/08/19 16:22:19 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.DLL
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/07 00:19:16 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2001/08/23 15:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2000/03/29 22:00:00 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
[1999/10/23 18:29:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\UNRAR.DLL
[1999/08/11 15:28:02 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\LIBBZ2.DLL
[1999/05/21 21:10:00 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1998/01/28 00:06:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
[1997/11/17 18:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2003/08/26 18:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2005/06/25 23:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\.bittorrent
[2006/10/26 21:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Activision
[2004/10/27 00:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Aim
[2005/10/03 06:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Arctic
[2007/10/16 21:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Armagetron
[2011/08/31 00:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Azureus
[2009/09/22 21:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2007/12/17 21:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\CopyTrans
[2006/02/26 09:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\CrystalApp
[2006/02/26 09:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\CrystalSpace
[2010/06/24 22:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Facebook
[2011/08/31 00:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\FileZilla
[2007/06/24 16:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Flickr
[2006/03/13 16:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\FotoWire
[2008/10/19 09:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\gtk-2.0
[2003/08/26 18:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\InterTrust
[2008/11/13 20:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Intervideo
[2010/04/25 10:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Juniper Networks
[2004/12/12 02:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Leadertech
[2005/12/22 20:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Lionhead Studios
[2006/02/26 16:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\My Games
[2007/05/06 10:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\NCH Swift Sound
[2007/01/04 23:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Paltalk
[2009/05/05 12:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\PopCapv1002
[2004/08/21 15:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\RhinoSoft.com
[2008/02/26 20:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\SecondLife
[2007/05/06 11:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Softplicity
[2011/01/18 12:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\TomTom
[2007/10/16 22:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\uqm
[2008/12/20 16:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2007/10/16 21:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Armagetron
[2009/04/02 22:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
[2010/05/04 22:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/06/20 14:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2008/07/15 19:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grey Alien Games
[2008/11/15 01:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2010/04/25 10:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2005/12/22 20:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lionhead Studios
[2003/12/15 01:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 6.1.0203
[2011/09/01 07:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/02/28 20:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2004/08/10 16:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/05/04 18:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/09/05 00:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/03/21 21:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/05/07 16:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/18 12:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2005/03/05 15:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/22 16:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/02 19:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/03 18:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93F3E4C9
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:364682BC
< End of report >
  • 0

Advertisements

#26
RKinner
Posted 12 September 2011 - 08:31 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
I'm pretty sure the bug replaced this file:

DRV - [2011/09/08 07:14:25 | 000,454,016 | ---- | M] () [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)

It's normally a Microsoft file and it should say that in the parentheses before [File_System. Also the date is suspicious.

I'm also wondering about c:\windows\system32\svchost.exe file. The checksum on it is correct but Combofix flagged it as suspicious.

Also the following were also recently replaced:

2011-09-06 22:45 . 2010-09-05 05:17 64896 ----a-w- c:\windows\system32\drivers\serial.sys
2011-09-06 22:45 . 2010-09-05 05:17 57472 ----a-w- c:\windows\system32\drivers\redbook.sys
2010/09/05 01:17:23 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\services.exe <= This one should be from Microsoft but the parentheses are empty!

Let's see if OTL can check them for us:

Copy the text in the code box by highlighting and Ctrl + c 


/md5start
mrxsmb.sys
svchost.exe
serial.sys
redbook.sys
services.exe
/md5stop
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. (You can also just type in the text if you want.) Verify that you got it all and Then click the Run SCAN button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Ron
  • 0

#27
bdjsb7
Posted 12 September 2011 - 05:12 PM

bdjsb7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
OTL logfile created on: 9/12/2011 10:52:21 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 773.00 Mb Available Physical Memory | 76.00% Memory free
906.00 Mb Paging File | 846.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 22.84 Gb Free Space | 20.43% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 53.00 Gb Free Space | 22.76% Space Free | Partition Type: NTFS
Drive E: | 3.76 Gb Total Space | 3.75 Gb Free Space | 99.65% Space Free | Partition Type: FAT32
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (TomTomHOMEService)
SRV - File not found [Auto] -- -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - File not found [Auto] -- -- (mfevtp)
SRV - File not found [Auto] -- -- (MDM)
SRV - File not found [Auto] -- -- (McTaskManager)
SRV - File not found [Auto] -- -- (McShield)
SRV - File not found [Auto] -- -- (McAfeeFramework)
SRV - File not found [Auto] -- -- (McAfeeEngineService)
SRV - File not found [Auto] -- -- (JavaQuickStarterService)
SRV - File not found [On_Demand] -- -- (iPod Service)
SRV - File not found [Auto] -- -- (InCDsrv)
SRV - File not found [Auto] -- -- (FlipShare Service)
SRV - File not found [Auto] -- -- (dsNcService)
SRV - File not found [Auto] -- -- (Bonjour Service)
SRV - File not found [Auto] -- -- (Apple Mobile Device)
SRV - [2009/02/06 13:14:03 | 000,110,592 | ---- | M] () [Auto] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2009/02/06 13:14:03 | 000,110,592 | ---- | M] () [Auto] -- C:\WINDOWS\system32\services.exe -- (Eventlog)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (pnicml)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (mfetdik)
DRV - File not found [Kernel | On_Demand] -- -- (mferkdet)
DRV - File not found [Kernel | Boot] -- -- (mfehidk)
DRV - File not found [Kernel | On_Demand] -- -- (mfebopk)
DRV - File not found [Kernel | On_Demand] -- -- (mfeavfk)
DRV - File not found [Kernel | On_Demand] -- -- (mfeapfk)
DRV - File not found [Kernel | Auto] -- -- (MCSTRM)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - File not found [Kernel | On_Demand] -- -- (diskchk)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | On_Demand] -- -- (.redbook)
DRV - File not found [Kernel | On_Demand] -- -- (.i8042prt)
DRV - [2011/09/08 07:14:25 | 000,454,016 | ---- | M] () [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/12 16:10:02 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2008/07/09 06:05:48 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/07/09 06:05:48 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/04/04 14:49:04 | 000,136,832 | ---- | M] (Saitek) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SaiH8000.sys -- (SaiH8000)
DRV - [2007/12/11 14:42:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/01/31 09:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007/01/18 08:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln)
DRV - [2005/10/15 21:15:41 | 000,027,171 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2005/10/08 18:22:38 | 000,071,512 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\toywdm.sys -- (JL2005)
DRV - [2005/09/26 01:08:10 | 000,125,568 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avcgbdr.sys -- (avcgbdr)
DRV - [2005/07/28 04:28:10 | 000,019,712 | ---- | M] (Adaptec, Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avcgbfl.sys -- (avcgbfl)
DRV - [2005/04/24 22:43:58 | 000,013,225 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Razerlow.sys -- (Razerlow)
DRV - [2004/10/08 07:59:12 | 000,326,656 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2004/10/08 07:57:50 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/08/06 02:26:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3)
DRV - [2004/07/17 05:24:20 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/04/07 15:11:00 | 000,038,860 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2004/04/07 15:11:00 | 000,019,908 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2003/06/30 10:56:20 | 000,005,264 | ---- | M] (Ahead Software AG) [Recognizer | System] -- C:\WINDOWS\System32\drivers\incdrec.sys -- (InCDrec)
DRV - [2003/06/30 10:51:24 | 000,028,208 | ---- | M] (Ahead Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass)
DRV - [2003/06/30 10:51:00 | 000,086,496 | ---- | M] () [File_System | Disabled] -- C:\WINDOWS\System32\drivers\incdfs.sys -- (InCDfs)
DRV - [2003/01/27 16:37:38 | 000,286,512 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/01/21 05:38:12 | 000,139,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HAP16V2K.SYS -- (hap16v2k)
DRV - [2003/01/07 05:03:42 | 000,822,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/01/06 03:24:12 | 000,012,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2003/01/06 03:05:14 | 000,184,656 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/12/19 02:06:02 | 000,116,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/12/19 02:05:52 | 000,135,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2002/12/19 02:05:32 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS -- (ctprxy2k)
DRV - [2002/12/19 02:05:12 | 000,497,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/12/19 02:03:42 | 000,135,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTAC32K.SYS -- (ctac32k)
DRV - [2002/11/12 06:38:38 | 000,016,432 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)
DRV - [2001/08/23 15:00:00 | 000,022,400 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2000/12/12 15:45:52 | 000,008,679 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SCI0PL.SYS -- (PLSCSI)
DRV - [2000/12/12 15:41:54 | 000,021,510 | ---- | M] ( ) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\SCI1PL.SYS -- (USBAtapi2000)
DRV - [2000/04/18 00:53:50 | 000,112,624 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dvc325.sys -- (DCamUSBLTN)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Justin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Justin_ON_C\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
IE - HKU\Justin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Justin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Justin\Application Data\Move Networks\plugins\npqmp071500000347.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/04 19:37:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/08 18:05:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/17 21:24:45 | 000,000,000 | ---D | M]

[2011/08/31 02:31:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/30 20:58:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2005/09/15 18:26:00 | 000,044,153 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\inspector.dll
[2011/03/30 20:57:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/05/28 17:15:00 | 000,110,592 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2006/02/02 15:56:00 | 000,225,280 | ---- | M] (Virtools SA) -- C:\Program Files\mozilla firefox\plugins\npvirtools.dll

O1 HOSTS File: ([2011/09/08 21:01:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (PaltalkWebLogin) - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll (AVM Software Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - File not found
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O3 - HKU\Justin_ON_C\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\Justin_ON_C\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ShStatEXE] File not found
O4 - HKU\Administrator_ON_C..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\RunOnce: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE (Creative Technology Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Justin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Justin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Justin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akama...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1159395208484 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://download.game...aploader_v5.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/03 16:07:01 | 000,002,247 | ---- | M] () - C:\AutoAssault.log -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/12 00:35:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/11 12:06:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmp
[2011/09/10 05:31:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/08 21:34:46 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\57151004.sys
[2011/09/08 21:32:54 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\96000353.sys
[2011/09/08 21:32:16 | 000,475,736 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\0087190drv.sys
[2011/09/08 21:15:41 | 001,402,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Justin\Desktop\tdsskiller.exe
[2011/09/08 21:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\logs for post
[2011/09/08 18:18:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/08 18:18:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/08 18:18:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/08 18:18:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/08 18:13:55 | 004,200,409 | R--- | C] (Swearware) -- C:\Documents and Settings\Justin\Desktop\George.exe
[2011/09/08 18:11:06 | 001,832,544 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Justin\Desktop\MCPR.exe
[2011/09/08 18:05:26 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/09/06 19:20:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Start Menu\Programs\HiJackThis
[2011/09/06 07:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG Anti-Rootkit Free
[2011/09/06 07:06:30 | 000,003,968 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgArCln.sys
[2011/09/06 07:06:26 | 000,000,000 | ---D | C] -- C:\Program Files\GRISOFT
[2011/09/01 18:36:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Justin\Recent
[2011/09/01 07:50:32 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/01 07:50:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/01 07:50:25 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/01 07:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/01 07:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\Current pass
[2011/08/31 21:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\TMRBLog
[2011/08/31 21:12:00 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/08/31 21:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\log
[2011/08/31 21:11:59 | 000,065,808 | ---- | C] (trend_company_name) -- C:\WINDOWS\System32\drivers\tmrkb.sys
[2011/08/31 20:56:11 | 002,002,320 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Justin\Desktop\HousecallLauncher.exe
[2011/08/31 20:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Start Menu\Programs\Google Chrome
[2011/08/31 20:37:26 | 000,604,496 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Justin\Desktop\ChromeSetup.exe
[2011/08/31 02:09:01 | 122,890,824 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Justin\Desktop\sdat.exe
[2011/08/27 19:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\Jaggery and Fox
[2011/08/26 10:48:07 | 000,000,000 | ---D | C] -- C:\iPod Photo Cache
[2003/09/03 18:26:18 | 000,021,510 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\SCI1PL.SYS
[2003/09/03 18:26:18 | 000,008,679 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\SCI0PL.SYS
[2003/08/26 18:43:04 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[56 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[20 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1913 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/11 16:18:16 | 1072,484,352 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/11 16:18:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/11 11:46:01 | 000,000,512 | ---- | M] () -- C:\MBR_backup.dat
[2011/09/10 08:29:52 | 000,000,281 | -H-- | M] () -- C:\boot.ini
[2011/09/09 03:05:40 | 000,475,736 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\0087190drv.sys
[2011/09/09 03:05:40 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\96000353.sys
[2011/09/09 03:05:40 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\57151004.sys
[2011/09/08 21:35:20 | 000,030,180 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000002-00001102-00000004-10071102}.rfx
[2011/09/08 21:35:20 | 000,030,180 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000002-00001102-00000004-10071102}.rfx
[2011/09/08 21:35:20 | 000,030,168 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000002-00001102-00000004-10071102}.rfx
[2011/09/08 21:35:20 | 000,030,168 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000002-00001102-00000004-10071102}.rfx
[2011/09/08 21:35:20 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/09/08 21:35:20 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/09/08 21:35:20 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-10071102}.dat
[2011/09/08 21:35:20 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-10071102}.dat
[2011/09/08 21:31:23 | 106,040,432 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\setup_11.0.0.1245.x01_2011_09_09_03_05.exe
[2011/09/08 21:22:03 | 001,916,416 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\aswMBR.exe
[2011/09/08 21:19:41 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/08 21:19:33 | 000,050,112 | -HS- | M] () -- C:\WINDOWS\System32\c_65712.nl_
[2011/09/08 21:19:28 | 000,087,446 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/09/08 21:15:37 | 001,402,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Justin\Desktop\tdsskiller.exe
[2011/09/08 21:01:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/08 11:32:50 | 001,832,544 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Justin\Desktop\MCPR.exe
[2011/09/08 08:57:50 | 004,200,409 | R--- | M] (Swearware) -- C:\Documents and Settings\Justin\Desktop\George.exe
[2011/09/08 07:14:25 | 000,454,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/09/08 07:14:25 | 000,454,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\mrxsmb.sys
[2011/09/08 06:57:23 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/08 00:43:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003UA.job
[2011/09/08 00:42:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/08 00:24:39 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/09/08 00:24:32 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/07 22:44:50 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\Google Chrome.lnk
[2011/09/07 22:44:50 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/07 22:13:16 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\Shortcut to OTL.exe.lnk
[2011/09/06 19:20:56 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\HiJackThis.lnk
[2011/09/06 10:37:52 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\HijackThis.msi
[2011/09/06 07:06:31 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Rootkit Free.lnk
[2011/09/06 07:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG Anti-Rootkit Free
[2011/09/01 18:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Gimp
[2011/09/01 18:36:25 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/09/01 18:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Audio Tools
[2011/09/01 07:50:32 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/01 07:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/31 21:11:59 | 000,065,808 | ---- | M] (trend_company_name) -- C:\WINDOWS\System32\drivers\tmrkb.sys
[2011/08/31 21:11:58 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/08/31 20:57:50 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\housecall.guid.cache
[2011/08/31 20:56:15 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Justin\Desktop\HousecallLauncher.exe
[2011/08/31 20:43:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003Core.job
[2011/08/31 20:37:26 | 000,604,496 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Justin\Desktop\ChromeSetup.exe
[2011/08/31 02:12:51 | 122,890,824 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Justin\Desktop\sdat.exe
[2011/08/31 02:11:46 | 090,266,112 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\vscan87.exe
[2011/08/31 02:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Juniper Networks
[20 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1913 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/11 11:46:01 | 000,000,512 | ---- | C] () -- C:\MBR_backup.dat
[2011/09/09 07:09:37 | 1072,484,352 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/08 21:27:40 | 106,040,432 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\setup_11.0.0.1245.x01_2011_09_09_03_05.exe
[2011/09/08 21:21:39 | 001,916,416 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\aswMBR.exe
[2011/09/08 18:18:46 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/08 18:18:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/08 18:18:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/08 18:18:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/08 18:18:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/07 22:13:16 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\Shortcut to OTL.exe.lnk
[2011/09/06 19:20:56 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\HiJackThis.lnk
[2011/09/06 07:06:31 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Rootkit Free.lnk
[2011/09/01 07:50:32 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/31 21:11:52 | 008,570,384 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\RootkitBuster.exe
[2011/08/31 20:57:50 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\housecall.guid.cache
[2011/08/31 20:48:38 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\HijackThis.msi
[2011/08/31 20:39:20 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\Google Chrome.lnk
[2011/08/31 20:39:20 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/31 20:38:15 | 000,000,982 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003UA.job
[2011/08/31 20:38:15 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003Core.job
[2011/08/31 02:08:34 | 090,266,112 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\vscan87.exe
[2011/08/30 20:30:05 | 000,050,112 | -HS- | C] () -- C:\WINDOWS\System32\c_65712.nl_
[2011/07/25 19:24:12 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Justin\.recently-used.xbel
[2011/02/18 06:54:29 | 000,000,185 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/09/05 01:17:23 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\services.exe
[2010/09/05 01:17:21 | 000,454,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\mrxsmb.sys
[2010/04/24 13:12:22 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/31 14:02:57 | 000,063,900 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/18 14:34:50 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\mcs.rma
[2009/08/18 14:34:50 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\D031BF
[2009/08/09 10:58:42 | 000,000,943 | ---- | C] () -- C:\WINDOWS\TATCALL.INI
[2009/08/09 10:58:42 | 000,000,020 | ---- | C] () -- C:\WINDOWS\TATVER.INI
[2009/08/09 10:58:41 | 000,000,260 | ---- | C] () -- C:\WINDOWS\TATUNINS.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/01 20:12:10 | 000,001,697 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\Juniper Network Connect 6.3.0.ini
[2009/05/05 12:08:06 | 000,000,119 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
[2009/05/04 18:49:55 | 000,000,043 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2008/11/16 21:05:00 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/13 20:27:35 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/11/13 20:27:35 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/11/13 20:27:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/11/13 20:27:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/11/13 20:27:35 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/11/13 20:27:35 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/10/19 09:53:40 | 000,000,060 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/07/25 00:39:42 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/07/15 19:29:28 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/04/04 14:49:04 | 001,282,048 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000.Dll
[2008/04/04 14:49:04 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_0C.dll
[2008/04/04 14:49:04 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_10.dll
[2008/04/04 14:49:04 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_0A.dll
[2008/04/04 14:49:04 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_07.dll
[2008/04/04 14:49:04 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_09.dll
[2008/04/04 14:49:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_0402.dll
[2008/04/04 14:49:04 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_11.dll
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/10/15 21:05:47 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
[2007/08/14 22:28:09 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Justin\presets.ini
[2007/03/03 07:12:44 | 000,000,473 | ---- | C] () -- C:\WINDOWS\vsp.ini
[2007/02/14 21:46:25 | 000,000,123 | ---- | C] () -- C:\WINDOWS\win96.INI
[2007/02/14 19:17:46 | 000,000,065 | ---- | C] () -- C:\WINDOWS\namedts.INI
[2007/01/30 20:31:46 | 000,002,795 | ---- | C] () -- C:\WINDOWS\EaseAudioConverter.ini
[2007/01/24 19:21:32 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/01/22 21:01:28 | 000,003,885 | ---- | C] () -- C:\WINDOWS\SCWRITER.INI
[2006/11/15 07:28:09 | 000,567,777 | ---- | C] () -- C:\Documents and Settings\Justin\ChatMessageRegExs.dat
[2006/09/17 01:37:30 | 000,080,384 | ---- | C] () -- C:\WINDOWS\gamedelete.exe
[2006/07/09 23:36:01 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\UnCasino5.exe
[2006/04/14 11:37:26 | 000,000,032 | ---- | C] () -- C:\WINDOWS\aceg.ini
[2006/03/25 09:05:25 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/03/13 16:19:23 | 000,006,812 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/03/13 16:05:18 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2006/03/09 09:01:20 | 000,001,603 | ---- | C] () -- C:\WINDOWS\kd330lan.ini
[2006/03/09 09:01:20 | 000,001,403 | ---- | C] () -- C:\WINDOWS\Dvc325.ini
[2006/01/14 11:57:56 | 000,002,564 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/27 13:24:31 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/12/18 14:02:27 | 000,090,624 | ---- | C] () -- C:\WINDOWS\VSUNINST.EXE
[2005/10/16 20:23:27 | 000,096,768 | ---- | C] () -- C:\WINDOWS\System32\UnPoker.exe
[2005/07/08 14:26:09 | 000,000,032 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/06/25 23:29:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Justin\.gtk-bookmarks
[2005/06/21 23:57:21 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/06/03 09:21:42 | 001,456,640 | ---- | C] () -- C:\Program Files\Common Files\Auto Assault.msi
[2005/05/12 00:34:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/05/12 00:34:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2005/05/12 00:34:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/05/12 00:34:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2005/05/12 00:34:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/05/12 00:34:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/05/12 00:34:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/05/12 00:34:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2005/05/12 00:34:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2005/05/12 00:34:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/04/13 19:11:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/04/13 19:11:23 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/04/13 19:11:11 | 000,006,400 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/03/28 22:13:30 | 000,000,003 | ---- | C] () -- C:\WINDOWS\sw_app.sys
[2005/03/28 22:13:30 | 000,000,003 | ---- | C] () -- C:\WINDOWS\approval.dat
[2005/03/28 22:13:03 | 000,000,003 | ---- | C] () -- C:\WINDOWS\sw_ver.dat
[2005/01/17 08:32:50 | 000,002,840 | ---- | C] () -- C:\WINDOWS\System32\vp.dat
[2005/01/17 08:32:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\vg.dat
[2005/01/17 08:32:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\v.dat
[2005/01/15 17:02:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lqybd.dat
[2005/01/04 22:51:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\apiyi.exe
[2005/01/02 11:19:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sysxq.exe
[2004/12/26 23:26:25 | 000,000,125 | ---- | C] () -- C:\WINDOWS\WinFrotz.INI
[2004/12/20 08:08:04 | 000,001,234 | ---- | C] () -- C:\WINDOWS\ARCHPR.INI
[2004/12/19 09:05:53 | 000,000,021 | ---- | C] () -- C:\WINDOWS\progman.ini
[2004/12/19 09:05:41 | 000,000,082 | ---- | C] () -- C:\WINDOWS\swcmpc.ini
[2004/12/18 10:33:28 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2004/11/19 00:37:34 | 000,000,292 | ---- | C] () -- C:\WINDOWS\vtmb.ini
[2004/11/18 23:12:27 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/09/26 09:19:27 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/24 08:34:26 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\fusioncache.dat
[2004/07/31 16:07:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/07/19 18:14:44 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2004/07/19 18:14:42 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/05/23 19:52:44 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/04/21 23:37:39 | 000,000,167 | ---- | C] () -- C:\WINDOWS\Recorder.dat
[2004/03/13 10:00:02 | 000,087,040 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2004/03/12 18:17:59 | 000,000,103 | ---- | C] () -- C:\WINDOWS\BJ.INI
[2004/02/28 01:20:15 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2004/02/22 21:55:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MOTO.INI
[2004/02/21 10:13:04 | 000,000,017 | ---- | C] () -- C:\WINDOWS\BICYCLE.INI
[2004/02/21 10:11:50 | 000,000,332 | ---- | C] () -- C:\WINDOWS\BP.INI
[2004/02/21 10:05:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BA.INI
[2003/09/25 06:46:39 | 000,000,070 | ---- | C] () -- C:\WINDOWS\nero.INI
[2003/09/13 07:38:51 | 000,220,160 | ---- | C] () -- C:\WINDOWS\PRINTERS.EXE
[2003/09/13 07:38:51 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\PRTmate.dll
[2003/09/07 14:47:41 | 000,115,085 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/09/07 07:29:09 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/09/06 11:47:13 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wa.INI
[2003/09/06 10:38:51 | 000,000,761 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2003/09/06 08:52:49 | 000,001,645 | ---- | C] () -- C:\WINDOWS\yahtzee.ini
[2003/09/04 22:04:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2003/09/04 18:57:53 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2003/09/03 20:33:05 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/09/03 18:31:51 | 000,001,110 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2003/08/28 15:10:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/27 09:17:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/08/27 09:13:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/08/27 09:05:42 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2003/08/27 09:05:42 | 000,002,398 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/08/27 09:05:29 | 000,444,286 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/08/27 09:05:29 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/08/27 09:05:29 | 000,072,440 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/08/27 09:05:29 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/08/27 09:05:28 | 000,004,742 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/08/27 09:05:27 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/08/27 09:05:27 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/08/27 09:05:25 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/08/27 09:05:25 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/08/27 09:05:20 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/08/27 09:05:18 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/08/27 02:09:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/08/27 02:08:39 | 000,278,944 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/08/26 18:49:01 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-10071102}.dat
[2003/08/26 18:49:01 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-10071102}.dat
[2003/08/26 18:43:59 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2003/08/26 18:43:58 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2003/08/26 18:43:17 | 000,066,980 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2003/08/26 18:43:17 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/08/26 18:43:13 | 000,248,091 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2003/08/26 18:43:13 | 000,232,723 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2003/08/26 18:43:13 | 000,224,644 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2003/08/26 18:43:13 | 000,190,720 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2003/08/26 18:43:13 | 000,138,816 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2003/08/26 18:43:13 | 000,110,820 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2003/08/26 18:43:13 | 000,053,674 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2003/08/26 18:43:08 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2003/08/26 18:43:08 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2003/08/26 18:43:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2003/08/26 18:43:08 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2003/08/26 18:43:08 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2003/08/26 18:42:56 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2003/08/26 18:42:45 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2003/08/26 18:41:48 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/08/26 18:24:09 | 000,007,264 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2003/08/26 18:23:50 | 000,086,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\incdfs.sys
[2003/08/19 16:22:19 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.DLL
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/07 00:19:16 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2001/08/23 15:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2000/03/29 22:00:00 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
[1999/10/23 18:29:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\UNRAR.DLL
[1999/08/11 15:28:02 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\LIBBZ2.DLL
[1999/05/21 21:10:00 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1998/01/28 00:06:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
[1997/11/17 18:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2003/08/26 18:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2005/06/25 23:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\.bittorrent
[2006/10/26 21:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Activision
[2004/10/27 00:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Aim
[2005/10/03 06:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Arctic
[2007/10/16 21:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Armagetron
[2011/08/31 00:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Azureus
[2009/09/22 21:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2007/12/17 21:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\CopyTrans
[2006/02/26 09:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\CrystalApp
[2006/02/26 09:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\CrystalSpace
[2010/06/24 22:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Facebook
[2011/08/31 00:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\FileZilla
[2007/06/24 16:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Flickr
[2006/03/13 16:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\FotoWire
[2008/10/19 09:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\gtk-2.0
[2003/08/26 18:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\InterTrust
[2008/11/13 20:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Intervideo
[2010/04/25 10:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Juniper Networks
[2004/12/12 02:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Leadertech
[2005/12/22 20:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Lionhead Studios
[2006/02/26 16:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\My Games
[2007/05/06 10:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\NCH Swift Sound
[2007/01/04 23:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Paltalk
[2009/05/05 12:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\PopCapv1002
[2004/08/21 15:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\RhinoSoft.com
[2008/02/26 20:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\SecondLife
[2007/05/06 11:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Softplicity
[2011/01/18 12:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\TomTom
[2007/10/16 22:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\uqm
[2008/12/20 16:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2007/10/16 21:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Armagetron
[2009/04/02 22:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
[2010/05/04 22:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/06/20 14:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2008/07/15 19:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grey Alien Games
[2008/11/15 01:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2010/04/25 10:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2005/12/22 20:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lionhead Studios
[2003/12/15 01:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 6.1.0203
[2011/09/01 07:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/02/28 20:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2004/08/10 16:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/05/04 18:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/09/05 00:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/03/21 21:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/05/07 16:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/18 12:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2005/03/05 15:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/22 16:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/02 19:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/03 18:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: MRXSMB.SYS >
[2002/08/29 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:mrxsmb.sys
[2005/06/17 10:46:59 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:mrxsmb.sys
[2002/08/29 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:mrxsmb.sys
[2005/06/17 10:46:59 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:mrxsmb.sys
[2008/08/23 20:45:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:mrxsmb.sys
[2006/05/05 05:41:45 | 000,453,120 | ---- | M] (Microsoft Corporation) MD5=025AF03CE51645C62F3B6907A7E2BE5E -- C:\WINDOWS\$NtUninstallKB957097$\mrxsmb.sys
[2006/05/05 05:41:45 | 000,453,120 | ---- | M] (Microsoft Corporation) MD5=025AF03CE51645C62F3B6907A7E2BE5E -- C:\WINDOWS\SoftwareDistribution\Download\07fc28da31fb67510471389f08fbbe93\sp2gdr\mrxsmb.sys
[2011/09/08 07:14:25 | 000,454,016 | ---- | M] () MD5=07D3DA6F9779009F3813AA5D837AF7B5 -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2004/08/04 02:15:16 | 000,451,456 | ---- | M] (Microsoft Corporation) MD5=1FD607FC67F7F7C633C3DA65BFC53D18 -- C:\WINDOWS\$NtUninstallKB885250$\mrxsmb.sys
[2004/08/04 02:15:16 | 000,451,456 | ---- | M] (Microsoft Corporation) MD5=1FD607FC67F7F7C633C3DA65BFC53D18 -- C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys
[2009/12/04 09:37:07 | 000,456,832 | ---- | M] (Microsoft Corporation) MD5=31422F271B5F3E257339541E76569A00 -- C:\WINDOWS\$hf_mig$\KB978251\SP2QFE\mrxsmb.sys
[2010/02/24 08:48:23 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=3500E756812E716351F2D341AE1D5623 -- C:\WINDOWS\$hf_mig$\KB980232\SP2QFE\mrxsmb.sys
[2010/02/24 08:48:23 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=3500E756812E716351F2D341AE1D5623 -- C:\WINDOWS\SoftwareDistribution\Download\284a430ed4a998417200bec9f0c45f85\SP2QFE\mrxsmb.sys
[2009/12/04 14:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) MD5=421F7B922CEC5A5F340E7574A98F7B7C -- C:\WINDOWS\$hf_mig$\KB978251\SP3GDR\mrxsmb.sys
[2005/01/19 00:26:52 | 000,451,584 | ---- | M] (Microsoft Corporation) MD5=5DDC9A1B2EB5A4BF010CE8C019A18C1F -- C:\WINDOWS\$hf_mig$\KB885250\SP2GDR\mrxsmb.sys
[2005/01/19 00:26:52 | 000,451,584 | ---- | M] (Microsoft Corporation) MD5=5DDC9A1B2EB5A4BF010CE8C019A18C1F -- C:\WINDOWS\$NtUninstallKB914389$\mrxsmb.sys
[2009/12/04 13:25:56 | 000,456,832 | ---- | M] (Microsoft Corporation) MD5=602549D1E8A622E5746991F6C56B21CA -- C:\WINDOWS\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys
[2008/10/24 07:21:09 | 000,455,296 | ---- | M] (Microsoft Corporation) MD5=60AE98742484E7AB80C3C1450E708148 -- C:\WINDOWS\$hf_mig$\KB957097\SP3GDR\mrxsmb.sys
[2008/04/13 15:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mrxsmb.sys
[2008/10/24 07:10:42 | 000,453,632 | ---- | M] (Microsoft Corporation) MD5=6F2D483B97B395544E59749C47963C6A -- C:\WINDOWS\$NtUninstallKB978251$\mrxsmb.sys
[2008/10/24 07:41:11 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=7170AB42B51954DEF2781A4D1CCE65F4 -- C:\WINDOWS\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
[2006/05/05 06:16:39 | 000,454,400 | ---- | M] (Microsoft Corporation) MD5=7412CE77C6FD823F8889B4DF420C680B -- C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\mrxsmb.sys
[2002/08/29 08:00:00 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=7A3A2BE44E12E2ABDE1AF891E83AC130 -- C:\WINDOWS\$NtUninstallQ810577$\mrxsmb.sys
[2005/01/18 23:51:57 | 000,451,584 | ---- | M] (Microsoft Corporation) MD5=7B195060FF456FA65954C72C5C1640FF -- C:\WINDOWS\$hf_mig$\KB885250\SP2QFE\mrxsmb.sys
[2004/10/27 21:15:16 | 000,448,128 | ---- | M] (Microsoft Corporation) MD5=A1BE3CB080DCC0A8270D21E3CA3B7005 -- C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys
[2004/10/27 21:14:18 | 000,448,128 | ---- | M] (Microsoft Corporation) MD5=C9D17DAA82B917CF2FD6E4F595974934 -- C:\WINDOWS\$hf_mig$\KB885835\SP2GDR\mrxsmb.sys
[2004/10/27 21:14:18 | 000,448,128 | ---- | M] (Microsoft Corporation) MD5=C9D17DAA82B917CF2FD6E4F595974934 -- C:\WINDOWS\SoftwareDistribution\Download\dfeddbe03266add4998ad4eea2bf3073\sp2gdr\mrxsmb.sys
[2008/10/24 07:25:29 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=D07DA410091143336DAE419A921AAE2B -- C:\WINDOWS\$hf_mig$\KB957097\SP2QFE\mrxsmb.sys
[2010/02/24 07:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
[2010/02/24 07:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINDOWS\SoftwareDistribution\Download\284a430ed4a998417200bec9f0c45f85\SP3QFE\mrxsmb.sys
[2002/11/18 11:27:40 | 000,392,576 | ---- | M] (Microsoft Corporation) MD5=D4BD5EF775AD4FB0B8E3786F674DABDD -- C:\WINDOWS\$NtUninstallKB885835_0$\mrxsmb.sys
[2004/10/12 12:22:52 | 000,436,608 | ---- | M] (Microsoft Corporation) MD5=E5D956E9839C75CCABDDEDC07E17670C -- C:\WINDOWS\$NtUninstallKB885250_0$\mrxsmb.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\$hf_mig$\KB980232\SP3GDR\mrxsmb.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\SoftwareDistribution\Download\284a430ed4a998417200bec9f0c45f85\SP3GDR\mrxsmb.sys
[2009/12/04 10:41:55 | 000,453,760 | ---- | M] (Microsoft Corporation) MD5=F9692BE777822AB3F1A91C34728786DA -- C:\WINDOWS\$NtUninstallKB980232$\mrxsmb.sys
[2010/02/24 08:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) MD5=FB6C89BB3CE282B08BDB1E3C179E1C39 -- C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
[2010/02/24 08:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) MD5=FB6C89BB3CE282B08BDB1E3C179E1C39 -- C:\WINDOWS\SoftwareDistribution\Download\284a430ed4a998417200bec9f0c45f85\SP2GDR\mrxsmb.sys
[2011/09/08 07:14:25 | 000,454,016 | ---- | M] (Microsoft Corporation) MD5=FB6C89BB3CE282B08BDB1E3C179E1C39 -- C:\WINDOWS\system32\dllcache\mrxsmb.sys

< MD5 for: REDBOOK.SYS >
[2002/08/29 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:redbook.sys
[2005/06/17 10:46:59 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:redbook.sys
[2002/08/29 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:redbook.sys
[2005/06/17 10:46:59 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:redbook.sys
[2008/08/23 20:45:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:redbook.sys
[2004/08/04 01:59:37 | 000,057,472 | ---- | M] (Microsoft Corporation) MD5=B31B4588E4086D8D84ADBF9845C2402B -- C:\WINDOWS\ServicePackFiles\i386\redbook.sys
[2011/09/06 18:45:39 | 000,057,472 | ---- | M] (Microsoft Corporation) MD5=B31B4588E4086D8D84ADBF9845C2402B -- C:\WINDOWS\system32\drivers\redbook.sys
[2008/04/13 14:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) MD5=F828DD7E1419B6653894A8F97A0094C5 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\redbook.sys

< MD5 for: SERIAL.SYS >
[2002/08/29 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:serial.sys
[2005/06/17 10:46:59 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:serial.sys
[2002/08/29 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:serial.sys
[2005/06/17 10:46:59 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:serial.sys
[2008/08/23 20:45:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:serial.sys
[2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) MD5=CCA207A8896D4C6A0C9CE29A4AE411A7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\serial.sys
[2004/08/04 02:15:52 | 000,064,896 | ---- | M] (Microsoft Corporation) MD5=CD9404D115A00D249F70A371B46D5A26 -- C:\WINDOWS\ServicePackFiles\i386\serial.sys
[2011/09/06 18:45:39 | 000,064,896 | ---- | M] (Microsoft Corporation) MD5=CD9404D115A00D249F70A371B46D5A26 -- C:\WINDOWS\system32\drivers\serial.sys

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
[2009/02/06 13:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 13:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2004/08/04 03:56:55 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2004/08/04 03:56:55 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 13:14:03 | 000,110,592 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\services.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[2008/04/14 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 03:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93F3E4C9
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:364682BC
< End of report >
  • 0

#28
RKinner
Posted 12 September 2011 - 06:57 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Two of them were definitely bad

You can see the MD5 does not match with the one in the dllcache and it has no Microsoft Corporation:
[2011/09/08 07:14:25 | 000,454,016 | ---- | M] () MD5=07D3DA6F9779009F3813AA5D837AF7B5 -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2011/09/08 07:14:25 | 000,454,016 | ---- | M] (Microsoft Corporation) MD5=FB6C89BB3CE282B08BDB1E3C179E1C39 -- C:\WINDOWS\system32\dllcache\mrxsmb.sys

This one the dates are different so it has been touched:
[2004/08/04 01:59:37 | 000,057,472 | ---- | M] (Microsoft Corporation) MD5=B31B4588E4086D8D84ADBF9845C2402B -- C:\WINDOWS\ServicePackFiles\i386\redbook.sys
[2011/09/06 18:45:39 | 000,057,472 | ---- | M] (Microsoft Corporation) MD5=B31B4588E4086D8D84ADBF9845C2402B -- C:\WINDOWS\system32\drivers\redbook.sys

This one the dates are different so it has been touched:
[2004/08/04 02:15:52 | 000,064,896 | ---- | M] (Microsoft Corporation) MD5=CD9404D115A00D249F70A371B46D5A26 -- C:\WINDOWS\ServicePackFiles\i386\serial.sys
[2011/09/06 18:45:39 | 000,064,896 | ---- | M] (Microsoft Corporation) MD5=CD9404D115A00D249F70A371B46D5A26 -- C:\WINDOWS\system32\drivers\serial.sys

This one is definitely bad since it has no MD5:
[2009/02/06 13:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 13:14:03 | 000,110,592 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\services.exe


This one I don't know about. The dates match but combofix didn't like the MD5 for some reason. I think we will replace it with the one that Combofix did like.

[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[2008/04/14 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 03:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe


I'm also going to clear up some McAfee drivers that are showing up.

Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:services
pnicml
mfetdik
mferkdet
mfehidk
mfebopk
mfeavfk
mfeapfk
MCSTRM
EagleNT
diskchk

:files
C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys /e
C:\WINDOWS\system32\drivers\mrxsmb.sys|C:\WINDOWS\system32\dllcache\mrxsmb.sys /replace
C:\WINDOWS\system32\drivers\redbook.sys|C:\WINDOWS\ServicePackFiles\i386\redbook.sys /replace
C:\WINDOWS\system32\drivers\serial.sys|C:\WINDOWS\ServicePackFiles\i386\serial.sys /replace
C:\WINDOWS\system32\services.exe|C:\WINDOWS\system32\dllcache\services.exe /replace
C:\WINDOWS\system32\svchost.exe|C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe /replace

:Commands
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

See if we got lucky and let it try to boot into regular mode. If it doesn't work run a new OTL with the same script:

/md5start
mrxsmb.sys
svchost.exe
serial.sys
redbook.sys
services.exe
/md5stop

If it does work and actually boots into regular or safe mode try running Combofix and TDSSKiller

Ron
  • 0

#29
bdjsb7
Posted 12 September 2011 - 07:48 PM

bdjsb7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
XP booted normally!

ran combofix (george.exe) from desktop
Asked to update, I said yes.
It made a system restore point

Message: ZeroAccess has inserted itself into the tcp/ip
Rootkit is detected (may take some moments)

It requires a reboot w/ message (do not reboot yourself)
For 5 minutes, it has been sitting there with just a gray screen (my wallpaper is, in fact, that same shade of gray) and a cursor.
Hard Drive light blips one time every 8 or 9 seconds with a couple dim half-blips in between.
Should I manually shut down and boot up, or should I wait a set amount of time?
My PC has had troubles rebooting for a while, as evidenced much earlier in out trials.
  • 0

#30
RKinner
Posted 12 September 2011 - 08:06 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Good news about the reboot!

I'd say give it a full hour. If it doesn't reboot by then I think it probably never will.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP