Hi Ron, thanks for your assistants, I did not get 2 logs for the last OTL scan
...
========== PROCESSES ==========
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js:
[email protected]:1.0 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js:
[email protected]:1.2 removed from extensions.enabledItems
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\romzdjt7.default\extensions\{b93ad58f-cbad-42f6-bf92-df0b31e7a64e}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\romzdjt7.default\extensions\{b93ad58f-cbad-42f6-bf92-df0b31e7a64e}\defaults folder moved successfully.
C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\romzdjt7.default\extensions\{b93ad58f-cbad-42f6-bf92-df0b31e7a64e}\chrome folder moved successfully.
C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\romzdjt7.default\extensions\{b93ad58f-cbad-42f6-bf92-df0b31e7a64e} folder moved successfully.
C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\romzdjt7.default\extensions\
[email protected]\defaults\preferences folder moved successfully.
C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\romzdjt7.default\extensions\
[email protected]\defaults folder moved successfully.
C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\romzdjt7.default\extensions\
[email protected]\components folder moved successfully.
C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\romzdjt7.default\extensions\
[email protected]\chrome\skin folder moved successfully.
C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\romzdjt7.default\extensions\
[email protected]\chrome\content folder moved successfully.
C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\romzdjt7.default\extensions\
[email protected]\chrome folder moved successfully.
C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\romzdjt7.default\extensions\
[email protected] folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1186195C-871D-4DBC-B408-E497AC107C46}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1186195C-871D-4DBC-B408-E497AC107C46}\ deleted successfully.
C:\Documents and Settings\Sean\Local Settings\Application Data\Securityx86_x64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Update deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DirectxServiceVerifier deleted successfully.
C:\Documents and Settings\All Users\Application Data\DirectxServiceVerifier.dll moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}\ deleted successfully.
File {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\itlntfy\ deleted successfully.
C:\Documents and Settings\Sean\Application Data\1045ae1d moved successfully.
C:\Documents and Settings\Sean\Application Data\6f45d6e7 moved successfully.
C:\Documents and Settings\Sean\Application Data\e73dd9e7 moved successfully.
C:\Documents and Settings\Sean\Application Data\07e02618 moved successfully.
File C:\Documents and Settings\All Users\Application Data\DirectxServiceVerifier.dll not found.
File C:\Documents and Settings\Sean\Local Settings\Application Data\Securityx86_x64.dll not found.
C:\Documents and Settings\Sean\Local Settings\Application Data\30k1s1eym7st251rc7a17a12r4m603p8w70hdk24 moved successfully.
C:\Documents and Settings\All Users\Application Data\30k1s1eym7st251rc7a17a12r4m603p8w70hdk24 moved successfully.
C:\Documents and Settings\All Users\Application Data\ypob.exe moved successfully.
C:\Documents and Settings\Sean\Local Settings\Application Data\tdgi.exe moved successfully.
C:\Documents and Settings\Sean\Local Settings\Application Data\rnpv.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\qxjy.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\jcbk.exe moved successfully.
C:\Documents and Settings\Sean\Local Settings\Application Data\drpi.exe moved successfully.
C:\Documents and Settings\Sean\Local Settings\Application Data\dark.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\anxc.exe moved successfully.
C:\Documents and Settings\Sean\Local Settings\Application Data\faxguc5a1nni8kug0tnr6c130c0r moved successfully.
C:\Documents and Settings\All Users\Application Data\faxguc5a1nni8kug0tnr6c130c0r moved successfully.
C:\Documents and Settings\Sean\Local Settings\Application Data\lvxy.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\hvjl.exe moved successfully.
C:\Documents and Settings\Sean\Local Settings\Application Data\yygk.exe moved successfully.
C:\Documents and Settings\Sean\Local Settings\Application Data\uveg.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\iljg.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\dxsy.exe moved successfully.
C:\Documents and Settings\Sean\Local Settings\Application Data\bshb.exe moved successfully.
C:\Documents and Settings\Sean\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Documents and Settings\Sean\Application Data\998E.DB5 moved successfully.
C:\Documents and Settings\Sean\Local Settings\Application Data\85162q1lkb3i21u00e8073gie15f2n8 moved successfully.
C:\Documents and Settings\All Users\Application Data\85162q1lkb3i21u00e8073gie15f2n8 moved successfully.
C:\Documents and Settings\Sean\Local Settings\Application Data\17e16t76j00yk1muao33at50sr4ruanow2v64g745xuu moved successfully.
C:\Documents and Settings\All Users\Application Data\17e16t76j00yk1muao33at50sr4ruanow2v64g745xuu moved successfully.
C:\Documents and Settings\Sean\Local Settings\Application Data\003uj2617w1gog47 moved successfully.
C:\Documents and Settings\All Users\Application Data\003uj2617w1gog47 moved successfully.
C:\Documents and Settings\Sean\Local Settings\Application Data\okegjy65jj25l0i2x moved successfully.
C:\Documents and Settings\All Users\Application Data\okegjy65jj25l0i2x moved successfully.
C:\Documents and Settings\Sean\Application Data\6419AE0D111AE5CC4DE18FA251D81C0E folder moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >0 File(s) copied
C:\Documents and Settings\Sean\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Sean\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >0 File(s) copied
C:\Documents and Settings\Sean\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Sean\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >0 File(s) copied
C:\Documents and Settings\Sean\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Sean\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >0 File(s) copied
C:\Documents and Settings\Sean\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Sean\Desktop\cmd.txt deleted successfully.
File\Folder C:\Documents and Settings\Sean\Local Settings\Application Data\*.exe not found.
< sc config itlperf start= disabled /c >[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Sean\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Sean\Desktop\cmd.txt deleted successfully.
< sc config helpsvc start= disabled /c >[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Sean\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Sean\Desktop\cmd.txt deleted successfully.
< sc config AVGIDSAgent start= disabled /c >[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Sean\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Sean\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\itlnfw32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Perfermence\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\itlsvc deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\WarnOnZoneCrossing deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\WarnOnPostRedirect deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\WarnonBadCertRecving deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\WarnOnHTTPSToHTTPRedirect deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\WarnOnPost deleted successfully.
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"Flags"|dword:00000001 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1001"|dword:00000001 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1004"|dword:00000003 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1200"|dword:00000000 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1201"|dword:00000003 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1206"|dword:00000003 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1207"|dword:00000003 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1208"|dword:00000003 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1209"|dword:00000003 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"120A"|dword:00000003 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1400"|dword:00000000 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1402"|dword:00000000 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1405"|dword:00000000 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1406"|dword:00000003 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1407"|dword:00000001 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1408"|dword:00000003 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1601"|dword:00000000 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1604"|dword:00000000 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1605"|dword:00000000 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1606"|dword:00000000 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1607"|dword:00000003 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1608"|dword:00000000 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1609"|dword:00000001 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"160A"|dword:00000000 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1800"|dword:00000001 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1802"|dword:00000000 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1803"|dword:00000000 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1804"|dword:00000001 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1805"|dword:00000001 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1806"|dword:00000001 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1807"|dword:00000001 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1808"|dword:00000000 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1809"|dword:00000000 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"180A"|dword:00000003 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"180C"|dword:00000003 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"180D"|dword:00000001 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"2301"|dword:00000000 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1A00"|dword:00020000 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1A02"|dword:00000000 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1A03"|dword:00000000 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1A04"|dword:00000003 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1A05"|dword:00000001 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1A06"|dword:00000000 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1A10"|dword:00000001 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1C00"|dword:00010000 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"1E05"|dword:00020000 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"2000"|dword:00000000 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"2100"|dword:00000000 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"2101"|dword:00000000 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"2102"|dword:00000003 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"2103"|dword:00000003 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"2104"|dword:00000003 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"2105"|dword:00000003 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"2200"|dword:00000003 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"2201"|dword:00000003 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"2300"|dword:00000001 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"2400"|dword:00000000 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"2401"|dword:00000000 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"2402"|dword:00000000 /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\\"2600"|dword:00000000 /E : value set successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\DisableScriptDebuggerIE deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Error Dlg Displayed On Every Error deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Play_Animations deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Display Inline Videos deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.29.1 log created on 09242011_065911
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
OTL logfile created on: 9/24/2011 9:18:47 AM - Run 5
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Sean\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.32% Memory free
3.85 Gb Paging File | 3.45 Gb Available in Paging File | 89.76% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 41.77 Gb Free Space | 56.07% Space Free | Partition Type: NTFS
Computer Name: SEAN-EQUE8PIN0G | User Name: Sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/09/23 17:17:13 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sean\Desktop\OTL.exe
PRC - [2011/09/07 14:34:00 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/03 04:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/01/12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/13 15:11:42 | 000,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2006/05/23 21:20:44 | 000,018,944 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFIHLP.EXE
PRC - [2006/05/23 21:20:41 | 000,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2006/05/23 21:05:45 | 000,730,112 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFISPI.EXE
PRC - [2005/11/04 19:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
========== Modules (No Company Name) ========== MOD - [2011/09/07 14:33:58 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/19 09:25:53 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2006/06/11 20:33:08 | 000,003,072 | ---- | M] () -- C:\WINDOWS\CTXFIRES.DLL
MOD - [2005/06/07 06:10:50 | 000,070,656 | ---- | M] () -- C:\WINDOWS\system32\CTMMACTL.DLL
========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (helpsvc)
SRV - File not found [Disabled | Stopped] -- -- (AVGIDSAgent)
SRV - File not found [On_Demand | Stopped] -- -- (AVG Security Toolbar Service)
SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/08/03 04:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/01/12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2005/10/28 08:41:52 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcfcoms.exe -- (dlcf_device)
========== Driver Services (SafeList) ========== DRV - [2010/12/21 15:04:06 | 000,141,264 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/12/21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/12/21 13:47:38 | 000,094,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2006/05/23 20:41:07 | 000,007,168 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/05/23 20:41:04 | 000,499,584 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006/05/23 20:40:21 | 001,110,016 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2006/05/23 20:38:30 | 000,116,224 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/05/23 20:38:08 | 000,143,872 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/05/23 20:38:01 | 000,078,336 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/05/23 20:37:44 | 000,502,272 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/11/10 02:06:04 | 000,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2005/08/19 18:31:52 | 003,644,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/08/11 23:31:12 | 000,098,432 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/07/29 02:11:04 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 02:11:02 | 000,034,048 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/15 23:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.bing.com/...013&form=ZGAPHPIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/09 05:00:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/09 05:00:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 14:34:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/16 12:23:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\
[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/09/08 10:08:15 | 000,000,000 | ---D | M]
[2011/01/18 18:39:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sean\Application Data\Mozilla\Extensions
[2011/09/24 06:59:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\romzdjt7.default\extensions
[2011/06/24 16:54:57 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\romzdjt7.default\extensions\
[email protected][2011/02/14 21:56:55 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\romzdjt7.default\searchplugins\bing-zugo.xml
[2011/09/24 06:59:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SEAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ROMZDJT7.DEFAULT\EXTENSIONS\{0CBDFB73-07E9-4CDB-8E40-9CD9742057BE}.XPI
[2011/01/23 21:28:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/07 14:34:00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/22 11:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/05/10 21:07:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/09/24 08:38:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [DLCFCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.DLL ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7158378C-A624-4611-95AF-F76342174A4D}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/18 17:49:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - File not found
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2011/09/24 09:08:12 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Sean\Desktop\aswMBR.exe
[2011/09/24 09:01:12 | 001,547,056 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Sean\Desktop\tdsskiller.exe
[2011/09/24 08:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean\Desktop\iphone backups
[2011/09/24 08:53:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean\Desktop\CED
[2011/09/24 08:51:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/24 08:28:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/09/24 08:24:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/24 08:24:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/24 08:24:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/24 08:24:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/24 08:24:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/24 08:19:40 | 004,226,543 | R--- | C] (Swearware) -- C:\Documents and Settings\Sean\Desktop\ComboFix.exe
[2011/09/24 07:30:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/24 07:30:00 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/24 07:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/24 06:59:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/23 17:17:12 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sean\Desktop\OTL.exe
[2011/09/09 19:44:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/09/09 06:38:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2011/09/08 10:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean\Local Settings\Application Data\ESET
[2011/09/08 10:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2011/09/08 10:08:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/08 10:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/09/05 05:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/09/05 05:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/09/03 20:25:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sean\Start Menu\Programs\Administrative Tools
[2011/09/03 11:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/09/03 11:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/09/03 11:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean\Local Settings\Application Data\PackageAware
[2011/09/03 03:17:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/08/31 21:51:50 | 000,914,024 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll
[2011/08/31 21:51:50 | 000,875,112 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco32.dll
[2011/08/29 21:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/08/29 21:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/29 20:25:58 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfserv.dll
[2011/01/29 20:25:58 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfusb1.dll
[2011/01/29 20:25:58 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfpmui.dll
[2011/01/29 20:25:58 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfprox.dll
[2011/01/29 20:25:58 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfpplc.dll
[2011/01/29 20:25:57 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfhbn3.dll
[2011/01/29 20:25:57 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcomc.dll
[2011/01/29 20:25:57 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcoms.exe
[2011/01/29 20:25:57 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcflmpm.dll
[2011/01/29 20:25:57 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcomm.dll
[2011/01/29 20:25:57 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfih.exe
[2011/01/29 20:25:57 | 000,368,640 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcfg.exe
[2011/01/18 18:24:42 | 000,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2006/05/23 20:33:22 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
========== Files - Modified Within 30 Days ========== [2011/09/24 09:15:47 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Sean\Desktop\MBR.dat
[2011/09/24 09:08:21 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Sean\Desktop\aswMBR.exe
[2011/09/24 09:04:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/24 09:04:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/24 09:03:26 | 000,064,900 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000008-00001102-00000005-00311102}.rfx
[2011/09/24 09:03:26 | 000,054,164 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000008-00001102-00000005-00311102}.rfx
[2011/09/24 09:03:26 | 000,054,164 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000008-00001102-00000005-00311102}.rfx
[2011/09/24 09:03:26 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/09/24 09:03:26 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/09/24 09:01:17 | 001,547,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Sean\Desktop\tdsskiller.exe
[2011/09/24 08:58:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/24 08:38:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/24 08:28:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/09/24 08:20:13 | 004,226,543 | R--- | M] (Swearware) -- C:\Documents and Settings\Sean\Desktop\ComboFix.exe
[2011/09/24 07:30:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/23 17:17:13 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sean\Desktop\OTL.exe
[2011/09/13 20:01:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/13 18:39:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/10 06:09:14 | 000,000,272 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2011/09/09 02:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/03 20:39:32 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/09/03 14:27:16 | 000,000,512 | ---- | M] () -- C:\MBR_2011-09-03.bin
[2011/08/31 21:52:21 | 000,280,276 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/08/31 21:52:21 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/08/31 21:52:20 | 000,280,276 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/29 21:02:19 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
========== Files Created - No Company Name ========== [2011/09/24 09:15:47 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Sean\Desktop\MBR.dat
[2011/09/24 08:44:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/24 08:28:38 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/09/24 08:28:35 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/09/24 08:24:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/24 08:24:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/24 08:24:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/24 08:24:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/24 08:24:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/24 07:30:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/10 06:02:38 | 000,000,272 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/09/04 06:09:49 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\d3d9caps.dat
[2011/09/03 14:27:16 | 000,000,512 | ---- | C] () -- C:\MBR_2011-09-03.bin
[2011/08/29 21:02:19 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/08/19 03:38:52 | 000,018,632 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/06/01 17:04:45 | 002,128,778 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/01/29 20:25:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcfvs.dll
[2011/01/29 20:25:57 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcfutil.dll
[2011/01/29 20:25:56 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\dlcfinsb.dll
[2011/01/29 20:25:56 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcfins.dll
[2011/01/29 20:25:56 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcfjswr.dll
[2011/01/29 20:25:56 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcfinsr.dll
[2011/01/29 20:25:56 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcfcub.dll
[2011/01/29 20:25:56 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcfcu.dll
[2011/01/29 20:25:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcfcfg.dll
[2011/01/29 20:25:56 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcfcur.dll
[2011/01/19 10:31:20 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/01/19 10:04:16 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/19 10:04:15 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/19 10:04:15 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/19 00:38:04 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2011/01/18 18:39:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/18 18:25:14 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011/01/18 18:24:42 | 000,323,640 | R--- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2011/01/18 18:24:42 | 000,313,207 | R--- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2011/01/18 18:24:42 | 000,053,932 | R--- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2011/01/18 18:24:42 | 000,044,567 | R--- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2011/01/18 18:24:14 | 000,086,445 | R--- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2011/01/18 18:24:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2011/01/18 18:24:14 | 000,000,191 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2011/01/18 18:02:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/01/18 18:02:07 | 000,001,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2011/01/18 18:01:45 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2011/01/18 18:01:43 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2011/01/18 17:50:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/18 17:47:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/18 09:40:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/18 09:39:13 | 000,115,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/11 21:45:20 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/11 21:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/23 22:00:48 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/05/23 21:20:42 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/05/23 20:37:56 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2006/05/23 20:37:12 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2006/05/23 20:34:34 | 000,264,526 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT
[2006/05/23 20:34:14 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2006/05/23 20:34:13 | 000,231,281 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2006/05/23 20:33:29 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\ENLOCSTR.EXE
[2005/07/26 22:13:12 | 000,000,214 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/06/07 06:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2002/08/29 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/29 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 05:00:00 | 000,341,680 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 05:00:00 | 000,052,196 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== Custom Scans ========== < %SYSTEMDRIVE%\*.* >[2011/01/18 17:49:02 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/07/07 22:05:31 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/09/24 08:28:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/09/24 08:47:48 | 000,016,871 | ---- | M] () -- C:\ComboFix.txt
[2011/01/18 17:49:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/09/24 09:03:06 | 000,020,416 | ---- | M] () -- C:\dlcf.log
[2011/01/18 17:49:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/09/03 14:27:16 | 000,000,512 | ---- | M] () -- C:\MBR_2011-09-03.bin
[2011/01/18 17:49:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/01/19 10:59:08 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/01/19 13:58:13 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/09/24 09:04:08 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\Fonts\*.com > < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini >[2011/01/18 17:48:44 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 > < %systemroot%\Fonts\*.exe > < %systemroot%\system32\spool\prtprocs\w32x86\*.* >[2005/11/23 12:37:44 | 000,073,728 | ---- | M] (Dell, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlcfPP5C.DLL
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.jpg > < %systemroot%\*.png > < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\System32\config\*.sav >[2011/01/18 09:38:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011/01/18 09:38:16 | 000,602,112 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011/01/18 09:38:16 | 000,421,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %PROGRAMFILES%\bak. /s > < %systemroot%\system32\bak. /s > < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >[2011/01/19 14:01:49 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
< %systemroot%\system32\config\systemprofile\*.dat /x > < %systemroot%\*.config > < %systemroot%\system32\*.db > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-07 21:36:22
< End of report >
OTL Extras logfile created on: 9/24/2011 9:18:47 AM - Run 5
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Sean\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.32% Memory free
3.85 Gb Paging File | 3.45 Gb Available in Paging File | 89.76% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 41.77 Gb Free Space | 56.07% Space Free | Partition Type: NTFS
Computer Name: SEAN-EQUE8PIN0G | User Name: Sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- "%1" %*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Sean\Desktop\utorrent.exe" = C:\Documents and Settings\Sean\Desktop\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 23
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{900C2AB5-3F37-4F84-B58C-893FA5F42D7D}_is1" = WiseFixer 3.2
"{A66242A1-9101-425D-9BE5-D19A50E1D0D8}" = ESET NOD32 Antivirus
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.94
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Dell Color Printer 725" = Dell Color Printer 725
"DivX Setup.divx.com" = DivX Setup
"Free RAR Extract Frog" = Free RAR Extract Frog
"ie8" = Windows Internet Explorer 8
"Intelli-studio" = SAMSUNG Intelli-studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"SysInfo" = Creative System Information
"uTorrent" = µTorrent
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Winamp Detect" = Winamp Detector Plug-in
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 8/19/2011 12:06:05 AM | Computer Name = SEAN-EQUE8PIN0G | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 10.4.0.80, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 8/19/2011 12:06:05 AM | Computer Name = SEAN-EQUE8PIN0G | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 8/19/2011 12:06:05 AM | Computer Name = SEAN-EQUE8PIN0G | Source = Bonjour Service | ID = 100
Description = 220: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 8/19/2011 12:06:05 AM | Computer Name = SEAN-EQUE8PIN0G | Source = Bonjour Service | ID = 100
Description = 416: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 8/19/2011 12:06:05 AM | Computer Name = SEAN-EQUE8PIN0G | Source = Bonjour Service | ID = 100
Description = 204: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 8/19/2011 12:06:05 AM | Computer Name = SEAN-EQUE8PIN0G | Source = Bonjour Service | ID = 100
Description = 228: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 8/19/2011 7:48:49 AM | Computer Name = SEAN-EQUE8PIN0G | Source = Bonjour Service | ID = 100
Description = 228: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 8/19/2011 7:48:49 AM | Computer Name = SEAN-EQUE8PIN0G | Source = Bonjour Service | ID = 100
Description = 204: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 8/19/2011 7:48:49 AM | Computer Name = SEAN-EQUE8PIN0G | Source = Bonjour Service | ID = 100
Description = 416: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 8/19/2011 7:48:49 AM | Computer Name = SEAN-EQUE8PIN0G | Source = Bonjour Service | ID = 100
Description = 220: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
[ System Events ]
Error - 9/24/2011 11:36:58 AM | Computer Name = SEAN-EQUE8PIN0G | Source = Service Control Manager | ID = 7000
Description = The dlcf_device service failed to start due to the following error:
%%1053
Error - 9/24/2011 11:37:05 AM | Computer Name = SEAN-EQUE8PIN0G | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service dlcf_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441060}
Error - 9/24/2011 11:38:43 AM | Computer Name = SEAN-EQUE8PIN0G | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126
Error - 9/24/2011 12:02:56 PM | Computer Name = SEAN-EQUE8PIN0G | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service dlcf_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441060}
Error - 9/24/2011 12:02:56 PM | Computer Name = SEAN-EQUE8PIN0G | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the dlcf_device service to
connect.
Error - 9/24/2011 12:02:56 PM | Computer Name = SEAN-EQUE8PIN0G | Source = Service Control Manager | ID = 7000
Description = The dlcf_device service failed to start due to the following error:
%%1053
Error - 9/24/2011 12:03:06 PM | Computer Name = SEAN-EQUE8PIN0G | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service dlcf_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441060}
Error - 9/24/2011 12:03:06 PM | Computer Name = SEAN-EQUE8PIN0G | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the dlcf_device service to
connect.
Error - 9/24/2011 12:03:06 PM | Computer Name = SEAN-EQUE8PIN0G | Source = Service Control Manager | ID = 7000
Description = The dlcf_device service failed to start due to the following error:
%%1053
Error - 9/24/2011 12:04:25 PM | Computer Name = SEAN-EQUE8PIN0G | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126
< End of report >
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7789
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
9/24/2011 7:45:08 AM
mbam-log-2011-09-24 (07-45-08).txt
Scan type: Quick scan
Objects scanned: 197022
Time elapsed: 7 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\Sean\local settings\application data\Adobe\adobeupdate\adobeupdt32.dll (Trojan.SHarpro) -> Quarantined and deleted successfully.
ComboFix 11-09-24.01 - Sean 09/24/2011 8:30.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1277 [GMT -7:00]
Running from: c:\documents and settings\Sean\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3uegn181.default\extensions\{b93ad58f-cbad-42f6-bf92-df0b31e7a64e}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3uegn181.default\extensions\{b93ad58f-cbad-42f6-bf92-df0b31e7a64e}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3uegn181.default\extensions\{b93ad58f-cbad-42f6-bf92-df0b31e7a64e}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3uegn181.default\extensions\{b93ad58f-cbad-42f6-bf92-df0b31e7a64e}\install.rdf
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\Sean\Application Data\Adobe\plugs
c:\documents and settings\Sean\Application Data\Adobe\shed
c:\documents and settings\Sean\Application Data\Local
c:\documents and settings\Sean\Application Data\Local\Temp\DDM\Settings\(2).ddr
c:\documents and settings\Sean\Application Data\Local\Temp\DDM\Settings\.ddr
c:\documents and settings\Sean\Application Data\Local\Temp\DDM\Settings\0.ddi
c:\documents and settings\Sean\Application Data\Local\Temp\DDM\Settings\1.ddi
c:\documents and settings\Sean\Application Data\Local\Temp\DDM\Settings\2.ddi
c:\documents and settings\Sean\Application Data\Local\Temp\DDM\Settings\3.ddi
c:\documents and settings\Sean\Application Data\Local\Temp\DDM\Settings\4.ddi
c:\documents and settings\Sean\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\Sean\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2)
c:\documents and settings\Sean\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3)
c:\documents and settings\Sean\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\video.avi(2).ddp
c:\documents and settings\Sean\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\video.avi.ddp
c:\documents and settings\Sean\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\x8dkl5we35l9u.avi
c:\documents and settings\Sean\Application Data\Local\Temp\DDM\Settings\video.avi(2).ddr
c:\documents and settings\Sean\Application Data\Local\Temp\DDM\Settings\video.avi.ddr
c:\documents and settings\Sean\Application Data\Local\Temp\DDM\Settings\x8dkl5we35l9u.avi.ddr
c:\program files\driver
c:\program files\messenger\msmsgsin.exe
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\system32\d3d9caps.dat
c:\windows\tsoc.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ITLPERF
-------\Service_itlperf
.
.
((((((((((((((((((((((((( Files Created from 2011-08-24 to 2011-09-24 )))))))))))))))))))))))))))))))
.
.
2011-09-24 14:30 . 2011-09-24 14:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-24 14:30 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-24 13:59 . 2011-09-24 13:59 -------- d-----w- C:\_OTL
2011-09-09 13:38 . 2011-09-09 13:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2011-09-08 17:21 . 2011-09-08 17:21 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\ESET
2011-09-08 17:08 . 2011-09-08 17:08 -------- d-----w- c:\program files\ESET
2011-09-08 17:08 . 2011-09-08 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-09-03 21:27 . 2011-09-03 21:27 512 ----a-w- C:\MBR_2011-09-03.bin
2011-09-03 19:52 . 2011-09-03 19:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2011-09-03 19:51 . 2011-09-03 19:51 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-09-03 18:15 . 2011-09-03 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-09-03 18:09 . 2011-09-03 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2011-09-03 18:03 . 2011-09-03 18:03 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\PackageAware
2011-09-03 10:17 . 2011-09-09 09:12 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-09-01 04:51 . 2011-08-03 11:49 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-09-01 04:51 . 2011-08-03 11:49 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-08-30 04:01 . 2011-08-30 04:01 -------- d-----w- c:\program files\iPod
2011-08-27 17:15 . 2011-08-27 17:15 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2002-08-29 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-04 03:39 . 2011-07-21 17:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-03 11:49 . 2011-04-08 05:15 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-08-03 11:49 . 2011-04-08 05:15 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-08-03 11:49 . 2011-04-08 05:15 13892200 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:49 . 2011-04-08 05:15 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:49 . 2011-04-08 05:15 146024 ----a-w- c:\windows\system32\nvsvc32.exe
2011-08-03 11:49 . 2011-04-08 05:15 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-08-03 11:49 . 2011-01-19 17:04 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:49 . 2011-01-19 17:04 5427200 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-03 11:49 . 2011-01-19 17:04 2387560 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:49 . 2011-01-19 17:04 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:49 . 2011-01-19 17:04 16191488 ----a-w- c:\windows\system32\nvoglnt.dll
2011-08-03 11:49 . 2011-01-19 17:04 4210816 ----a-w- c:\windows\system32\nv4_disp.dll
2011-08-03 11:49 . 2011-01-19 17:04 2404864 ----a-w- c:\windows\system32\nvapi.dll
2011-08-03 11:49 . 2011-01-19 17:04 17186816 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:49 . 2011-01-19 17:04 12542592 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-07-15 13:29 . 2002-08-29 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 18:20 . 2011-07-12 18:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 18:20 . 2011-07-12 18:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02 . 2002-08-29 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 01:37 . 2011-07-06 01:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-06 01:37 . 2011-07-06 01:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-09-07 21:34 . 2011-05-11 04:07 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-08-18 90112]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-05 49152]
"CTHelper"="CTHELPER.EXE" [2006-05-24 17920]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-05-24 18944]
"DLCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 73728]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Sean^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Sean\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 08:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-06-16 04:32 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-22 18:37 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Sean\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [1/18/2011 5:54 PM 13696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [12/21/2010 3:04 PM 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2010 1:47 PM 94872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1/12/2011 4:41 PM 810144]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [5/6/2011 9:38 AM 2255464]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 cpuz134;cpuz134;\??\c:\docume~1\Sean\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Sean\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S4 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=Z013&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Sean\Application Data\Mozilla\Firefox\Profiles\romzdjt7.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-09-24 08:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,65,a6,7a,27,ac,a8,e5,4e,a2,fa,23,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,65,a6,7a,27,ac,a8,e5,4e,a2,fa,23,\
.
[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"WinSock_Registry_Version"="2.0"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4052)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RunDLL32.exe
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2011-09-24 08:47:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-24 15:47
.
Pre-Run: 44,718,850,048 bytes free
Post-Run: 44,931,170,304 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 3A12539C876E1ABFF0AD2858703098D7
09:02:05.0718 2316 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37
09:02:06.0218 2316 ============================================================
09:02:06.0218 2316 Current date / time: 2011/09/24 09:02:06.0218
09:02:06.0218 2316 SystemInfo:
09:02:06.0218 2316
09:02:06.0218 2316 OS Version: 5.1.2600 ServicePack: 3.0
09:02:06.0218 2316 Product type: Workstation
09:02:06.0218 2316 ComputerName: SEAN-EQUE8PIN0G
09:02:06.0218 2316 UserName: Sean
09:02:06.0218 2316 Windows directory: C:\WINDOWS
09:02:06.0218 2316 System windows directory: C:\WINDOWS
09:02:06.0218 2316 Processor architecture: Intel x86
09:02:06.0218 2316 Number of processors: 1
09:02:06.0218 2316 Page size: 0x1000
09:02:06.0218 2316 Boot type: Normal boot
09:02:06.0218 2316 ============================================================
09:02:06.0484 2316 Initialize success
09:02:13.0859 2828 ============================================================
09:02:13.0859 2828 Scan started
09:02:13.0859 2828 Mode: Manual;
09:02:13.0859 2828 ============================================================
09:02:14.0078 2828 Abiosdsk - ok
09:02:14.0093 2828 abp480n5 - ok
09:02:14.0171 2828 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:02:14.0171 2828 ACPI - ok
09:02:14.0250 2828 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:02:14.0250 2828 ACPIEC - ok
09:02:14.0265 2828 adpu160m - ok
09:02:14.0312 2828 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:02:14.0328 2828 aec - ok
09:02:14.0390 2828 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
09:02:14.0390 2828 AegisP - ok
09:02:14.0468 2828 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
09:02:14.0468 2828 AFD - ok
09:02:14.0484 2828 Aha154x - ok
09:02:14.0484 2828 aic78u2 - ok
09:02:14.0500 2828 aic78xx - ok
09:02:14.0703 2828 ALCXWDM (92ae420be14b0d97d14dac4aba22a702) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
09:02:14.0875 2828 ALCXWDM - ok
09:02:14.0890 2828 AliIde - ok
09:02:14.0890 2828 amsint - ok
09:02:14.0921 2828 asc - ok
09:02:14.0921 2828 asc3350p - ok
09:02:14.0937 2828 asc3550 - ok
09:02:15.0000 2828 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:02:15.0000 2828 AsyncMac - ok
09:02:15.0078 2828 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:02:15.0078 2828 atapi - ok
09:02:15.0093 2828 Atdisk - ok
09:02:15.0109 2828 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:02:15.0109 2828 Atmarpc - ok
09:02:15.0171 2828 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:02:15.0171 2828 audstub - ok
09:02:15.0265 2828 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:02:15.0265 2828 Beep - ok
09:02:15.0328 2828 BIOS (be5d50529799b9bab6be879ec768b6cf) C:\WINDOWS\System32\drivers\BIOS.sys
09:02:15.0328 2828 BIOS - ok
09:02:15.0343 2828 catchme - ok
09:02:15.0375 2828 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:02:15.0375 2828 cbidf2k - ok
09:02:15.0390 2828 cd20xrnt - ok
09:02:15.0453 2828 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:02:15.0453 2828 Cdaudio - ok
09:02:15.0500 2828 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:02:15.0500 2828 Cdfs - ok
09:02:15.0546 2828 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:02:15.0546 2828 Cdrom - ok
09:02:15.0562 2828 Changer - ok
09:02:15.0578 2828 CmdIde - ok
09:02:15.0593 2828 Cpqarray - ok
09:02:15.0750 2828 cpuz134 - ok
09:02:15.0828 2828 ctac32k (04a43d6b00bf09b2d5cffcd3c5790741) C:\WINDOWS\system32\drivers\ctac32k.sys
09:02:15.0828 2828 ctac32k - ok
09:02:15.0921 2828 ctaud2k (f501738d0bf4de69f7307109efa0246c) C:\WINDOWS\system32\drivers\ctaud2k.sys
09:02:15.0953 2828 ctaud2k - ok
09:02:16.0031 2828 ctdvda2k (c4333325d325efa668888d0d3177c6ff) C:\WINDOWS\system32\drivers\ctdvda2k.sys
09:02:16.0031 2828 ctdvda2k - ok
09:02:16.0062 2828 ctprxy2k (e3aad66077b2594503ab11a31c3d2e7d) C:\WINDOWS\system32\drivers\ctprxy2k.sys
09:02:16.0062 2828 ctprxy2k - ok
09:02:16.0093 2828 ctsfm2k (72c73af1a60321d7e3aaa61859a32f0b) C:\WINDOWS\system32\drivers\ctsfm2k.sys
09:02:16.0093 2828 ctsfm2k - ok
09:02:16.0109 2828 dac2w2k - ok
09:02:16.0125 2828 dac960nt - ok
09:02:16.0187 2828 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:02:16.0187 2828 Disk - ok
09:02:16.0265 2828 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:02:16.0296 2828 dmboot - ok
09:02:16.0312 2828 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:02:16.0312 2828 dmio - ok
09:02:16.0343 2828 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:02:16.0343 2828 dmload - ok
09:02:16.0421 2828 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:02:16.0421 2828 DMusic - ok
09:02:16.0453 2828 dpti2o - ok
09:02:16.0515 2828 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:02:16.0515 2828 drmkaud - ok
09:02:16.0593 2828 eamon (d42dd9021acd47683b33adf21bca49aa) C:\WINDOWS\system32\DRIVERS\eamon.sys
09:02:16.0593 2828 eamon - ok
09:02:16.0671 2828 ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
09:02:16.0671 2828 ehdrv - ok
09:02:16.0765 2828 emupia (bb1d92ac27b6129d3bef215c5a1b9a84) C:\WINDOWS\system32\drivers\emupia2k.sys
09:02:16.0765 2828 emupia - ok
09:02:16.0781 2828 epfwtdir (aa0667eb9a92414abb784c101a6c7fec) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
09:02:16.0781 2828 epfwtdir - ok
09:02:16.0875 2828 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:02:16.0875 2828 Fastfat - ok
09:02:16.0937 2828 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:02:16.0937 2828 Fdc - ok
09:02:16.0953 2828 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:02:16.0953 2828 Fips - ok
09:02:16.0968 2828 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:02:16.0968 2828 Flpydisk - ok
09:02:17.0015 2828 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:02:17.0015 2828 FltMgr - ok
09:02:17.0031 2828 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:02:17.0031 2828 Fs_Rec - ok
09:02:17.0046 2828 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:02:17.0046 2828 Ftdisk - ok
09:02:17.0093 2828 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:02:17.0093 2828 GEARAspiWDM - ok
09:02:17.0171 2828 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:02:17.0171 2828 Gpc - ok
09:02:17.0281 2828 ha20x2k (b70a5f66a5505da65e54a4c2bab4c78f) C:\WINDOWS\system32\drivers\ha20x2k.sys
09:02:17.0281 2828 ha20x2k - ok
09:02:17.0453 2828 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:02:17.0453 2828 hidusb - ok
09:02:17.0468 2828 hpn - ok
09:02:17.0546 2828 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:02:17.0546 2828 HTTP - ok
09:02:17.0562 2828 i2omgmt - ok
09:02:17.0562 2828 i2omp - ok
09:02:17.0625 2828 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:02:17.0625 2828 i8042prt - ok
09:02:17.0703 2828 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:02:17.0703 2828 Imapi - ok
09:02:17.0718 2828 ini910u - ok
09:02:17.0734 2828 IntelIde - ok
09:02:17.0781 2828 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:02:17.0796 2828 ip6fw - ok
09:02:17.0859 2828 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:02:17.0859 2828 IpFilterDriver - ok
09:02:17.0875 2828 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:02:17.0875 2828 IpInIp - ok
09:02:17.0921 2828 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:02:17.0937 2828 IpNat - ok
09:02:17.0953 2828 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:02:17.0953 2828 IPSec - ok
09:02:18.0000 2828 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:02:18.0000 2828 IRENUM - ok
09:02:18.0062 2828 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:02:18.0062 2828 isapnp - ok
09:02:18.0109 2828 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:02:18.0109 2828 Kbdclass - ok
09:02:18.0125 2828 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:02:18.0125 2828 kbdhid - ok
09:02:18.0171 2828 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:02:18.0171 2828 kmixer - ok
09:02:18.0218 2828 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:02:18.0218 2828 KSecDD - ok
09:02:18.0234 2828 lbrtfdc - ok
09:02:18.0265 2828 MBAMSwissArmy - ok
09:02:18.0296 2828 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:02:18.0312 2828 mnmdd - ok
09:02:18.0421 2828 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:02:18.0421 2828 Modem - ok
09:02:18.0421 2828 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:02:18.0437 2828 Mouclass - ok
09:02:18.0468 2828 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:02:18.0468 2828 mouhid - ok
09:02:18.0484 2828 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:02:18.0484 2828 MountMgr - ok
09:02:18.0500 2828 mraid35x - ok
09:02:18.0546 2828 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:02:18.0546 2828 MRxDAV - ok
09:02:18.0656 2828 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:02:18.0671 2828 MRxSmb - ok
09:02:18.0734 2828 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:02:18.0734 2828 Msfs - ok
09:02:18.0765 2828 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:02:18.0781 2828 MSKSSRV - ok
09:02:18.0875 2828 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:02:18.0875 2828 MSPCLOCK - ok
09:02:18.0906 2828 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:02:18.0921 2828 MSPQM - ok
09:02:18.0968 2828 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:02:18.0968 2828 mssmbios - ok
09:02:19.0000 2828 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:02:19.0015 2828 Mup - ok
09:02:19.0109 2828 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:02:19.0109 2828 NDIS - ok
09:02:19.0187 2828 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:02:19.0187 2828 NdisTapi - ok
09:02:19.0250 2828 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:02:19.0250 2828 Ndisuio - ok
09:02:19.0312 2828 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:02:19.0312 2828 NdisWan - ok
09:02:19.0343 2828 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:02:19.0343 2828 NDProxy - ok
09:02:19.0390 2828 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:02:19.0390 2828 NetBIOS - ok
09:02:19.0453 2828 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:02:19.0453 2828 NetBT - ok
09:02:19.0562 2828 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:02:19.0562 2828 Npfs - ok
09:02:19.0640 2828 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:02:19.0640 2828 Ntfs - ok
09:02:19.0671 2828 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:02:19.0671 2828 Null - ok
09:02:20.0203 2828 nv (6733e80a193fc36f41c24142b0c45c0e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:02:20.0687 2828 nv - ok
09:02:20.0781 2828 nvata (11d1ad7e946538e02f9ef6a6e1792061) C:\WINDOWS\system32\DRIVERS\nvata.sys
09:02:20.0781 2828 nvata - ok
09:02:20.0812 2828 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
09:02:20.0812 2828 NVENETFD - ok
09:02:20.0890 2828 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
09:02:20.0890 2828 nvnetbus - ok
09:02:20.0953 2828 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:02:20.0953 2828 NwlnkFlt - ok
09:02:21.0000 2828 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:02:21.0000 2828 NwlnkFwd - ok
09:02:21.0062 2828 ossrv (594f2968c741ca03e41e57e65f616351) C:\WINDOWS\system32\drivers\ctoss2k.sys
09:02:21.0062 2828 ossrv - ok
09:02:21.0140 2828 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:02:21.0140 2828 Parport - ok
09:02:21.0156 2828 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:02:21.0156 2828 PartMgr - ok
09:02:21.0218 2828 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:02:21.0218 2828 ParVdm - ok
09:02:21.0312 2828 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:02:21.0312 2828 PCI - ok
09:02:21.0328 2828 PCIDump - ok
09:02:21.0359 2828 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:02:21.0359 2828 PCIIde - ok
09:02:21.0406 2828 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:02:21.0406 2828 Pcmcia - ok
09:02:21.0484 2828 PDCOMP - ok
09:02:21.0484 2828 PDFRAME - ok
09:02:21.0500 2828 PDRELI - ok
09:02:21.0515 2828 PDRFRAME - ok
09:02:21.0531 2828 perc2 - ok
09:02:21.0546 2828 perc2hib - ok
09:02:21.0625 2828 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:02:21.0625 2828 PptpMiniport - ok
09:02:21.0656 2828 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
09:02:21.0656 2828 Processor - ok
09:02:21.0671 2828 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:02:21.0671 2828 PSched - ok
09:02:21.0703 2828 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:02:21.0703 2828 Ptilink - ok
09:02:21.0734 2828 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:02:21.0734 2828 PxHelp20 - ok
09:02:21.0750 2828 ql1080 - ok
09:02:21.0765 2828 Ql10wnt - ok
09:02:21.0765 2828 ql12160 - ok
09:02:21.0781 2828 ql1240 - ok
09:02:21.0796 2828 ql1280 - ok
09:02:21.0828 2828 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:02:21.0828 2828 RasAcd - ok
09:02:21.0859 2828 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:02:21.0859 2828 Rasl2tp - ok
09:02:21.0890 2828 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:02:21.0890 2828 RasPppoe - ok
09:02:21.0890 2828 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:02:21.0890 2828 Raspti - ok
09:02:21.0921 2828 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:02:21.0921 2828 Rdbss - ok
09:02:21.0937 2828 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:02:21.0968 2828 RDPCDD - ok
09:02:22.0015 2828 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
09:02:22.0015 2828 RDPWD - ok
09:02:22.0062 2828 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:02:22.0062 2828 redbook - ok
09:02:22.0140 2828 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:02:22.0140 2828 Secdrv - ok
09:02:22.0187 2828 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:02:22.0187 2828 serenum - ok
09:02:22.0203 2828 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:02:22.0203 2828 Serial - ok
09:02:22.0234 2828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:02:22.0234 2828 Sfloppy - ok
09:02:22.0265 2828 Simbad - ok
09:02:22.0265 2828 Sparrow - ok
09:02:22.0328 2828 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:02:22.0328 2828 splitter - ok
09:02:22.0453 2828 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:02:22.0453 2828 sr - ok
09:02:22.0609 2828 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:02:22.0609 2828 Srv - ok
09:02:22.0687 2828 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:02:22.0687 2828 swenum - ok
09:02:22.0765 2828 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:02:22.0765 2828 swmidi - ok
09:02:22.0781 2828 symc810 - ok
09:02:22.0796 2828 symc8xx - ok
09:02:22.0812 2828 sym_hi - ok
09:02:22.0812 2828 sym_u3 - ok
09:02:22.0890 2828 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:02:22.0890 2828 sysaudio - ok
09:02:22.0968 2828 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:02:22.0968 2828 Tcpip - ok
09:02:23.0031 2828 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:02:23.0046 2828 TDPIPE - ok
09:02:23.0062 2828 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:02:23.0062 2828 TDTCP - ok
09:02:23.0125 2828 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:02:23.0125 2828 TermDD - ok
09:02:23.0187 2828 TosIde - ok
09:02:23.0234 2828 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:02:23.0234 2828 Udfs - ok
09:02:23.0250 2828 ultra - ok
09:02:23.0312 2828 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:02:23.0312 2828 Update - ok
09:02:23.0390 2828 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
09:02:23.0390 2828 USBAAPL - ok
09:02:23.0453 2828 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:02:23.0453 2828 usbccgp - ok
09:02:23.0531 2828 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:02:23.0531 2828 usbehci - ok
09:02:23.0546 2828 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:02:23.0546 2828 usbhub - ok
09:02:23.0578 2828 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
09:02:23.0578 2828 usbohci - ok
09:02:23.0625 2828 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:02:23.0625 2828 usbprint - ok
09:02:23.0640 2828 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:02:23.0656 2828 usbscan - ok
09:02:23.0671 2828 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:02:23.0671 2828 USBSTOR - ok
09:02:23.0718 2828 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:02:23.0718 2828 VgaSave - ok
09:02:23.0718 2828 ViaIde - ok
09:02:23.0734 2828 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:02:23.0734 2828 VolSnap - ok
09:02:23.0765 2828 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:02:23.0765 2828 Wanarp - ok
09:02:23.0843 2828 WDICA - ok
09:02:23.0921 2828 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:02:23.0921 2828 wdmaud - ok
09:02:24.0000 2828 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
09:02:24.0000 2828 WpdUsb - ok
09:02:24.0093 2828 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:02:24.0093 2828 WudfPf - ok
09:02:24.0140 2828 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:02:24.0140 2828 WudfRd - ok
09:02:24.0171 2828 MBR (0x1B8) (cdac57608c39097805c8c958f1f73d97) \Device\Harddisk0\DR0
09:02:24.0171 2828 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - infected
09:02:24.0171 2828 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0)
09:02:24.0187 2828 Boot (0x1200) (d9008968436a575358ef331f924cf2e3) \Device\Harddisk0\DR0\Partition0
09:02:24.0187 2828 \Device\Harddisk0\DR0\Partition0 - ok
09:02:24.0187 2828 ============================================================
09:02:24.0187 2828 Scan finished
09:02:24.0187 2828 ============================================================
09:02:24.0187 0568 Detected object count: 1
09:02:24.0187 0568 Actual detected object count: 1
09:02:51.0578 0568 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - will be cured on reboot
09:02:51.0578 0568 \Device\Harddisk0\DR0 - ok
09:02:51.0578 0568 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - User select action: Cure
09:02:55.0796 2300 Deinitialize success
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-24 09:09:05
-----------------------------
09:09:05.578 OS Version: Windows 5.1.2600 Service Pack 3
09:09:05.578 Number of processors: 1 586 0x2F02
09:09:05.578 ComputerName: SEAN-EQUE8PIN0G UserName: Sean
09:09:05.828 Initialize success
09:11:51.890 AVAST engine defs: 11092400
09:12:44.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
09:12:44.968 Disk 0 Vendor: WDC_WD800JD-75MSA2 10.01E03 Size: 76293MB BusType: 3
09:12:45.000 Disk 0 MBR read successfully
09:12:45.000 Disk 0 MBR scan
09:12:45.031 Disk 0 Windows XP default MBR code
09:12:45.031 Disk 0 scanning sectors +156232125
09:12:45.109 Disk 0 scanning C:\WINDOWS\system32\drivers
09:12:59.843 Service scanning
09:13:00.875 Modules scanning
09:13:05.937 Scan finished successfully
09:15:47.515 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sean\Desktop\MBR.dat"
09:15:47.546 The log file has been saved successfully to "C:\Documents and Settings\Sean\Desktop\aswMBR.txt"
OTL logfile created on: 9/24/2011 9:18:47 AM - Run 5
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Sean\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.32% Memory free
3.85 Gb Paging File | 3.45 Gb Available in Paging File | 89.76% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 41.77 Gb Free Space | 56.07% Space Free | Partition Type: NTFS
Computer Name: SEAN-EQUE8PIN0G | User Name: Sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/09/23 17:17:13 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sean\Desktop\OTL.exe
PRC - [2011/09/07 14:34:00 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/03 04:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/01/12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/13 15:11:42 | 000,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2006/05/23 21:20:44 | 000,018,944 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFIHLP.EXE
PRC - [2006/05/23 21:20:41 | 000,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2006/05/23 21:05:45 | 000,730,112 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFISPI.EXE
PRC - [2005/11/04 19:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
========== Modules (No Company Name) ========== MOD - [2011/09/07 14:33:58 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/19 09:25:53 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2006/06/11 20:33:08 | 000,003,072 | ---- | M] () -- C:\WINDOWS\CTXFIRES.DLL
MOD - [2005/06/07 06:10:50 | 000,070,656 | ---- | M] () -- C:\WINDOWS\system32\CTMMACTL.DLL
========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (helpsvc)
SRV - File not found [Disabled | Stopped] -- -- (AVGIDSAgent)
SRV - File not found [On_Demand | Stopped] -- -- (AVG Security Toolbar Service)
SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/08/03 04:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/01/12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2005/10/28 08:41:52 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcfcoms.exe -- (dlcf_device)
========== Driver Services (SafeList) ========== DRV - [2010/12/21 15:04:06 | 000,141,264 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/12/21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/12/21 13:47:38 | 000,094,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2006/05/23 20:41:07 | 000,007,168 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/05/23 20:41:04 | 000,499,584 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006/05/23 20:40:21 | 001,110,016 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2006/05/23 20:38:30 | 000,116,224 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/05/23 20:38:08 | 000,143,872 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/05/23 20:38:01 | 000,078,336 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/05/23 20:37:44 | 000,502,272 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/11/10 02:06:04 | 000,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2005/08/19 18:31:52 | 003,644,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/08/11 23:31:12 | 000,098,432 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/07/29 02:11:04 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 02:11:02 | 000,034,048 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/15 23:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.bing.com/...013&form=ZGAPHPIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/09 05:00:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/09 05:00:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 14:34:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/16 12:23:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\
[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/09/08 10:08:15 | 000,000,000 | ---D | M]
[2011/01/18 18:39:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sean\Application Data\Mozilla\Extensions
[2011/09/24 06:59:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\romzdjt7.default\extensions
[2011/06/24 16:54:57 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\romzdjt7.default\extensions\
[email protected][2011/02/14 21:56:55 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\romzdjt7.default\searchplugins\bing-zugo.xml
[2011/09/24 06:59:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SEAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ROMZDJT7.DEFAULT\EXTENSIONS\{0CBDFB73-07E9-4CDB-8E40-9CD9742057BE}.XPI
[2011/01/23 21:28:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/07 14:34:00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/22 11:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/05/10 21:07:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/09/24 08:38:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [DLCFCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.DLL ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7158378C-A624-4611-95AF-F76342174A4D}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/18 17:49:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - File not found
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2011/09/24 09:08:12 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Sean\Desktop\aswMBR.exe
[2011/09/24 09:01:12 | 001,547,056 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Sean\Desktop\tdsskiller.exe
[2011/09/24 08:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean\Desktop\iphone backups
[2011/09/24 08:53:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean\Desktop\CED
[2011/09/24 08:51:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/24 08:28:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/09/24 08:24:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/24 08:24:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/24 08:24:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/24 08:24:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/24 08:24:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/24 08:19:40 | 004,226,543 | R--- | C] (Swearware) -- C:\Documents and Settings\Sean\Desktop\ComboFix.exe
[2011/09/24 07:30:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/24 07:30:00 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/24 07:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/24 06:59:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/23 17:17:12 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sean\Desktop\OTL.exe
[2011/09/09 19:44:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/09/09 06:38:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2011/09/08 10:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean\Local Settings\Application Data\ESET
[2011/09/08 10:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2011/09/08 10:08:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/08 10:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/09/05 05:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/09/05 05:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/09/03 20:25:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sean\Start Menu\Programs\Administrative Tools
[2011/09/03 11:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/09/03 11:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/09/03 11:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean\Local Settings\Application Data\PackageAware
[2011/09/03 03:17:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/08/31 21:51:50 | 000,914,024 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll
[2011/08/31 21:51:50 | 000,875,112 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco32.dll
[2011/08/29 21:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/08/29 21:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/29 20:25:58 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfserv.dll
[2011/01/29 20:25:58 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfusb1.dll
[2011/01/29 20:25:58 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfpmui.dll
[2011/01/29 20:25:58 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfprox.dll
[2011/01/29 20:25:58 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfpplc.dll
[2011/01/29 20:25:57 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfhbn3.dll
[2011/01/29 20:25:57 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcomc.dll
[2011/01/29 20:25:57 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcoms.exe
[2011/01/29 20:25:57 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcflmpm.dll
[2011/01/29 20:25:57 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcomm.dll
[2011/01/29 20:25:57 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfih.exe
[2011/01/29 20:25:57 | 000,368,640 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcfg.exe
[2011/01/18 18:24:42 | 000,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2006/05/23 20:33:22 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
========== Files - Modified Within 30 Days ========== [2011/09/24 09:15:47 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Sean\Desktop\MBR.dat
[2011/09/24 09:08:21 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Sean\Desktop\aswMBR.exe
[2011/09/24 09:04:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/24 09:04:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/24 09:03:26 | 000,064,900 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000008-00001102-00000005-00311102}.rfx
[2011/09/24 09:03:26 | 000,054,164 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000008-00001102-00000005-00311102}.rfx
[2011/09/24 09:03:26 | 000,054,164 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000008-00001102-00000005-00311102}.rfx
[2011/09/24 09:03:26 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/09/24 09:03:26 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/09/24 09:01:17 | 001,547,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Sean\Desktop\tdsskiller.exe
[2011/09/24 08:58:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/24 08:38:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/24 08:28:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/09/24 08:20:13 | 004,226,543 | R--- | M] (Swearware) -- C:\Documents and Settings\Sean\Desktop\ComboFix.exe
[2011/09/24 07:30:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/23 17:17:13 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sean\Desktop\OTL.exe
[2011/09/13 20:01:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/13 18:39:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/10 06:09:14 | 000,000,272 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2011/09/09 02:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/03 20:39:32 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/09/03 14:27:16 | 000,000,512 | ---- | M] () -- C:\MBR_2011-09-03.bin
[2011/08/31 21:52:21 | 000,280,276 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/08/31 21:52:21 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/08/31 21:52:20 | 000,280,276 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/29 21:02:19 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
========== Files Created - No Company Name ========== [2011/09/24 09:15:47 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Sean\Desktop\MBR.dat
[2011/09/24 08:44:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/24 08:28:38 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/09/24 08:28:35 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/09/24 08:24:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/24 08:24:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/24 08:24:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/24 08:24:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/24 08:24:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/24 07:30:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/10 06:02:38 | 000,000,272 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/09/04 06:09:49 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\d3d9caps.dat
[2011/09/03 14:27:16 | 000,000,512 | ---- | C] () -- C:\MBR_2011-09-03.bin
[2011/08/29 21:02:19 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/08/19 03:38:52 | 000,018,632 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/06/01 17:04:45 | 002,128,778 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/01/29 20:25:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcfvs.dll
[2011/01/29 20:25:57 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcfutil.dll
[2011/01/29 20:25:56 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\dlcfinsb.dll
[2011/01/29 20:25:56 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcfins.dll
[2011/01/29 20:25:56 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcfjswr.dll
[2011/01/29 20:25:56 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcfinsr.dll
[2011/01/29 20:25:56 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcfcub.dll
[2011/01/29 20:25:56 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcfcu.dll
[2011/01/29 20:25:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcfcfg.dll
[2011/01/29 20:25:56 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcfcur.dll
[2011/01/19 10:31:20 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/01/19 10:04:16 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/19 10:04:15 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/19 10:04:15 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/19 00:38:04 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2011/01/18 18:39:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/18 18:25:14 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011/01/18 18:24:42 | 000,323,640 | R--- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2011/01/18 18:24:42 | 000,313,207 | R--- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2011/01/18 18:24:42 | 000,053,932 | R--- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2011/01/18 18:24:42 | 000,044,567 | R--- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2011/01/18 18:24:14 | 000,086,445 | R--- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2011/01/18 18:24:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2011/01/18 18:24:14 | 000,000,191 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2011/01/18 18:02:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/01/18 18:02:07 | 000,001,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2011/01/18 18:01:45 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2011/01/18 18:01:43 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2011/01/18 17:50:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/18 17:47:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/18 09:40:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/18 09:39:13 | 000,115,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/11 21:45:20 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/11 21:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/23 22:00:48 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/05/23 21:20:42 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/05/23 20:37:56 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2006/05/23 20:37:12 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2006/05/23 20:34:34 | 000,264,526 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT
[2006/05/23 20:34:14 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2006/05/23 20:34:13 | 000,231,281 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2006/05/23 20:33:29 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\ENLOCSTR.EXE
[2005/07/26 22:13:12 | 000,000,214 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/06/07 06:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2002/08/29 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/29 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 05:00:00 | 000,341,680 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 05:00:00 | 000,052,196 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== Custom Scans ========== < %SYSTEMDRIVE%\*.* >[2011/01/18 17:49:02 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/07/07 22:05:31 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/09/24 08:28:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/09/24 08:47:48 | 000,016,871 | ---- | M] () -- C:\ComboFix.txt
[2011/01/18 17:49:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/09/24 09:03:06 | 000,020,416 | ---- | M] () -- C:\dlcf.log
[2011/01/18 17:49:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/09/03 14:27:16 | 000,000,512 | ---- | M] () -- C:\MBR_2011-09-03.bin
[2011/01/18 17:49:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/01/19 10:59:08 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/01/19 13:58:13 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/09/24 09:04:08 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\Fonts\*.com > < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini >[2011/01/18 17:48:44 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 > < %systemroot%\Fonts\*.exe > < %systemroot%\system32\spool\prtprocs\w32x86\*.* >[2005/11/23 12:37:44 | 000,073,728 | ---- | M] (Dell, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlcfPP5C.DLL
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.jpg > < %systemroot%\*.png > < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\System32\config\*.sav >[2011/01/18 09:38:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011/01/18 09:38:16 | 000,602,112 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011/01/18 09:38:16 | 000,421,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %PROGRAMFILES%\bak. /s > < %systemroot%\system32\bak. /s > < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >[2011/01/19 14:01:49 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
< %systemroot%\system32\config\systemprofile\*.dat /x > < %systemroot%\*.config > < %systemroot%\system32\*.db > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-07 21:36:22
< End of report >
Sign In
Create Account
