Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Swellsearchsystem hijack & AV software disabled.

Started by amberleaf , Oct 18 2011 04:29 AM

  • Please log in to reply

#1
amberleaf
Posted 18 October 2011 - 04:29 AM

amberleaf

    Member

  • Member
  • PipPip
  • 14 posts
Hi there

My browser is intermittently redirecting to a phishing ebay website - comes up as "Swellsearchsystem". I can't run any Avast scans...

Here is my OTL log & many thanks in advance for help!

---------------------------------------------------------------------------

OTL logfile created on: 18/10/2011 11:04:18 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.43% Memory free
3.85 Gb Paging File | 3.31 Gb Available in Paging File | 86.11% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 30.28 Gb Free Space | 39.49% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 148.78 Gb Free Space | 99.82% Space Free | Partition Type: NTFS
Drive E: | 6.94 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ORGANIZA-49CABA | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/18 11:03:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
PRC - [2011/09/06 21:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/08 17:04:02 | 000,142,848 | ---- | M] () -- C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
PRC - [2011/03/23 16:32:20 | 001,740,696 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2010/03/18 19:17:48 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe
PRC - [2008/09/26 06:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIFBE.EXE
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/16 12:26:44 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
MOD - [2011/10/16 12:25:11 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/16 12:24:28 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/16 12:12:05 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/16 12:12:00 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/16 12:11:48 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/16 12:09:53 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/16 12:09:33 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/16 00:39:10 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/07/08 17:04:02 | 000,142,848 | ---- | M] () -- C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
MOD - [2011/04/19 21:56:56 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/03/23 16:32:20 | 001,740,696 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
MOD - [2010/03/16 12:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe
MOD - [2008/06/20 17:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/06 21:45:28 | 000,044,768 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/08 16:15:13 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/03/23 16:32:20 | 001,740,696 | ---- | M] () [Auto | Running] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV - [2011/09/06 21:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 21:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 21:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 21:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 21:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 21:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 21:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/04/20 03:41:56 | 006,537,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/03/23 16:17:48 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2011/03/23 16:15:48 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2011/03/23 16:15:48 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/03/23 16:15:48 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011/03/23 16:15:48 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/03/23 16:15:48 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2010/03/18 20:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 20:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 20:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 20:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 20:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 20:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 20:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 20:40:56 | 000,018,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2010/03/18 20:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 20:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010/03/18 20:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2006/11/22 08:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)



O1 HOSTS File: ([2007/07/27 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AdVantage] C:\Documents and Settings\Admin\Application Data\advantage\AdVantage.exe ()
O4 - HKCU..\Run: [EPSON SX110 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Warner Bros.lnk = C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15117/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CD9530E-F597-4DD4-9B50-E7F7B95E7D81}: NameServer = 145.253.2.11,194.168.4.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7ADB3A2D-30BE-4420-B9AE-E0C3ABDF3DF9}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Admin\Local Settings\Application Data\e6bce2b7\X) -C:\Documents and Settings\Admin\Local Settings\Application Data\e6bce2b7\X ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/07 13:27:40 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/21 15:11:43 | 000,000,027 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{8081af08-9100-11e0-887f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{8081af08-9100-11e0-887f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8081af08-9100-11e0-887f-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- [2009/08/21 15:12:02 | 000,609,064 | R--- | M] (Volition Inc. )
O33 - MountPoints2\{d1de1352-d965-11e0-b1ea-00016c0401f0}\Shell - "" = AutoRun
O33 - MountPoints2\{d1de1352-d965-11e0-b1ea-00016c0401f0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d1de1352-d965-11e0-b1ea-00016c0401f0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d1de1356-d965-11e0-b1ea-00016c0401f0}\Shell - "" = AutoRun
O33 - MountPoints2\{d1de1356-d965-11e0-b1ea-00016c0401f0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d1de1356-d965-11e0-b1ea-00016c0401f0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/10/18 11:03:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2011/10/18 10:58:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2011/10/18 10:41:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\THQ
[2011/10/18 10:41:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2011/10/18 10:41:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive
[2011/10/18 10:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2011/10/18 10:40:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/10/18 10:40:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011/10/18 10:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Volition Inc
[2011/10/18 10:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\Volition Inc
[2011/10/18 10:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/10/18 10:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\advantage
[2011/10/18 09:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/10/18 09:44:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\e6bce2b7
[2011/09/27 21:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\uPlayer
[2011/09/27 21:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\uPlayer
[2011/09/27 21:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\uPlayer
[2011/09/27 21:04:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\Administrative Tools
[2011/09/22 21:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Skype
[2011/09/22 21:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/09/22 21:37:30 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/09/22 21:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/09/22 21:34:42 | 001,029,000 | ---- | C] (Skype Technologies S.A.) -- C:\Documents and Settings\Admin\Desktop\SkypeSetup.exe
[2010/03/18 19:18:32 | 000,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2010/03/18 18:59:50 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/10/18 11:03:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2011/10/18 10:03:34 | 001,264,572 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Red_Faction_Guerrilla_keygen.exe
[2011/10/18 09:47:25 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/18 09:44:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\3085090022
[2011/10/17 08:02:16 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/17 08:01:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/17 00:20:48 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000001-00001102-00000004-10071102}.rfx
[2011/10/17 00:20:48 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000001-00001102-00000004-10071102}.rfx
[2011/10/17 00:20:48 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000001-00001102-00000004-10071102}.rfx
[2011/10/17 00:20:48 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000001-00001102-00000004-10071102}.rfx
[2011/10/17 00:20:48 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000001-00001102-00000004-10071102}.rfx
[2011/10/16 19:23:36 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\World of Warcraft.lnk
[2011/10/16 12:08:34 | 000,104,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/16 00:39:37 | 000,433,108 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/16 00:39:37 | 000,067,938 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/27 21:12:07 | 000,001,549 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\uPlayer.lnk
[2011/09/22 21:37:36 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/09/22 21:35:25 | 001,029,000 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\Admin\Desktop\SkypeSetup.exe
[2011/09/19 00:27:15 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/18 10:03:26 | 001,264,572 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Red_Faction_Guerrilla_keygen.exe
[2011/10/18 09:47:25 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/18 09:44:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\3085090022
[2011/09/27 21:12:07 | 000,001,549 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\uPlayer.lnk
[2011/09/22 21:37:36 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/09/15 16:52:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2011/09/07 16:27:42 | 000,067,156 | ---- | C] () -- C:\WINDOWS\Huawei ModemsUninstall.exe
[2011/09/07 16:27:38 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys
[2011/09/03 11:37:17 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/26 17:33:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2011/08/06 20:48:50 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/06/08 14:59:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/06/08 14:59:46 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/06/08 14:59:46 | 000,233,012 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/06/08 14:59:46 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/06/07 14:54:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/07 13:33:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/07 13:32:42 | 000,104,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/07 12:55:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/06/07 12:49:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/05/02 23:30:50 | 001,144,147 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2011/05/02 23:27:54 | 003,935,545 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2011/05/02 21:23:46 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2011/05/02 21:19:34 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2011/05/02 21:19:20 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/04/19 22:10:32 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/03/18 22:32:44 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2011/03/18 22:29:56 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2011/03/18 22:28:30 | 001,557,504 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2011/03/18 22:27:08 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2011/03/18 22:26:44 | 000,484,864 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2011/03/18 22:25:38 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2011/03/18 22:25:24 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2011/03/03 12:40:08 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2011/03/03 12:39:56 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2011/03/03 12:39:46 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2011/03/03 12:39:34 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2011/03/03 12:39:02 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2011/03/03 12:38:54 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2011/03/03 12:38:40 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2011/03/03 12:38:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2011/03/03 12:38:04 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2011/03/03 12:37:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2011/03/03 12:37:40 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2011/03/03 12:35:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2011/03/03 12:35:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2011/02/22 20:39:04 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/02/22 20:37:30 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/08/18 20:56:38 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2010/03/18 19:59:54 | 000,050,439 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2010/03/18 19:59:50 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/03/18 19:19:58 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2010/03/18 19:17:50 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2010/03/18 19:07:54 | 000,386,852 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2010/03/18 19:07:54 | 000,051,787 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2010/03/18 19:03:12 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2010/03/18 19:02:14 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2010/03/18 19:00:42 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2010/03/18 19:00:28 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2010/03/18 19:00:28 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2010/03/18 18:59:56 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2010/03/18 18:59:56 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2010/03/18 18:59:54 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2009/08/11 22:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2009/08/11 22:21:20 | 001,021,440 | ---- | C] () -- C:\WINDOWS\System32\ac3filter_intl.dll
[2009/08/07 19:51:34 | 000,178,430 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/07/08 15:10:56 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2009/05/20 13:04:42 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\spdifer_config.exe
[2008/11/06 16:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/08/13 20:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2007/07/27 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007/07/27 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2007/07/27 13:00:00 | 000,433,108 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007/07/27 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2007/07/27 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2007/07/27 13:00:00 | 000,067,938 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007/07/27 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2007/07/27 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2007/07/27 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/07/27 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007/07/27 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2007/07/27 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/03/04 05:52:00 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\OptimFROG.dll
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== LOP Check ==========

[2011/10/18 10:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\advantage
[2011/09/07 16:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Birdstep Technology
[2011/07/08 17:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2011/09/27 21:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\uPlayer
[2011/06/08 18:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/09/07 16:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
[2011/08/09 11:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/06/07 13:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 816 bytes -> C:\WINDOWS\3085090022:423828808.exe

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 18 October 2011 - 05:35 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
This is the Zero Access Rootkit. Fairly new and still changing but sometimes we get lucky.

Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK




ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted.

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Ron
  • 0

#3
amberleaf
Posted 19 October 2011 - 08:01 AM

amberleaf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Ron. Thank you for your help. I am now unable to open up explorer so I am posting from another PC. Here is the Combofix log as requested. I followed your instructions to disable Avast and whilst I was able to change the sandbox setting, and the system as a whole advised me that Avast was not running, when running Combofix, it advised me that it was still running, but still enabled me to do a scan.

___________________________________________________________________________


ComboFix 11-10-19.03 - Admin 19/10/2011 14:13:22.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1691 [GMT 1:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\Application Data\AdVantage
c:\documents and settings\Admin\Application Data\advantage\AdVantage.exe
c:\documents and settings\All Users\invokesi.exe
c:\windows\$NtUninstallKB64500$
c:\windows\$NtUninstallKB64500$\122468852
c:\windows\$NtUninstallKB64500$\3871138487\@
c:\windows\$NtUninstallKB64500$\3871138487\L\ueubxsqe
c:\windows\$NtUninstallKB64500$\3871138487\loader.tlb
c:\windows\$NtUninstallKB64500$\3871138487\U\@00000001
c:\windows\$NtUninstallKB64500$\3871138487\U\@000000c0
c:\windows\$NtUninstallKB64500$\3871138487\U\@000000cb
c:\windows\$NtUninstallKB64500$\3871138487\U\@000000cf
c:\windows\$NtUninstallKB64500$\3871138487\U\@80000000
c:\windows\$NtUninstallKB64500$\3871138487\U\@800000c0
c:\windows\$NtUninstallKB64500$\3871138487\U\@800000cb
c:\windows\$NtUninstallKB64500$\3871138487\U\@800000cf
c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
c:\windows\3085090022
c:\windows\system32\
c:\windows\system32\c_15933.nls
c:\windows\system32\d3d9caps.dat
.
Infected copy of c:\windows\system32\drivers\ipsec.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_e6bce2b7
.
.
((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))))
.
.
2011-10-19 13:04 . 2008-04-13 19:19 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys
2011-10-19 13:04 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-10-18 14:40 . 2011-10-18 14:41 -------- d-----w- c:\documents and settings\Admin\Application Data\QuickScan
2011-10-18 14:36 . 2011-10-18 14:36 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-18 14:35 . 2011-10-18 14:35 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2011-10-18 14:35 . 2011-10-18 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-18 14:35 . 2011-10-18 14:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-18 14:35 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-18 13:57 . 2011-10-18 14:19 22032 ----a-w- c:\windows\DCEBoot.exe
2011-10-18 13:57 . 2011-10-18 14:19 102400 ----a-w- c:\windows\RegBootClean.exe
2011-10-18 13:37 . 2011-10-18 13:37 -------- d-----w- c:\program files\STOPzilla!
2011-10-18 13:37 . 2011-10-18 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-10-18 13:37 . 2011-10-18 13:37 -------- d-----w- c:\program files\Common Files\iS3
2011-10-18 13:24 . 2011-10-18 14:06 -------- d-----w- c:\program files\PC Tools Security
2011-10-18 13:24 . 2011-10-18 14:06 -------- d-----w- c:\program files\Common Files\PC Tools
2011-10-18 13:24 . 2011-10-18 14:05 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-10-18 11:34 . 2011-10-18 11:34 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2011-10-18 09:40 . 2008-03-05 15:03 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2011-10-18 09:40 . 2008-03-05 15:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2011-10-18 09:40 . 2008-03-05 15:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2011-10-18 09:40 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2011-10-18 09:40 . 2008-03-05 14:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2011-10-18 09:40 . 2008-02-05 22:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2011-10-18 09:40 . 2011-10-18 09:58 -------- d-----w- c:\windows\Logs
2011-10-18 09:23 . 2011-10-18 09:23 -------- d-----w- c:\program files\Volition Inc
2011-10-18 08:44 . 2011-10-18 08:44 -------- d-sh--w- c:\documents and settings\Admin\Local Settings\Application Data\e6bce2b7
2011-10-17 17:44 . 2011-10-17 17:44 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-10-17 17:44 . 2011-10-17 17:44 480720 ----a-r- c:\windows\system32\SZBase5.dll
2011-10-17 17:44 . 2011-10-17 17:44 456144 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-10-17 17:44 . 2011-10-17 17:44 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-10-17 17:44 . 2011-10-17 17:44 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-10-17 17:44 . 2011-10-17 17:44 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-10-17 17:44 . 2011-10-17 17:44 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-10-17 17:44 . 2011-10-17 17:44 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-10-17 17:44 . 2011-10-17 17:44 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-10-17 17:44 . 2011-10-17 17:44 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-10-17 17:44 . 2011-10-17 17:44 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-10-17 17:44 . 2011-10-17 17:44 103888 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-09-27 20:12 . 2011-09-27 20:12 -------- d-----w- c:\documents and settings\Admin\Application Data\uPlayer
2011-09-27 20:12 . 2011-09-27 20:12 -------- d-----w- c:\program files\uPlayer
2011-09-26 11:21 . 2011-09-26 11:21 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2011-09-26 11:21 . 2011-09-26 11:21 61328 ----a-r- c:\windows\system32\drivers\is3srv.sys
2011-09-22 20:38 . 2011-09-22 22:06 -------- d-----w- c:\documents and settings\Admin\Application Data\Skype
2011-09-22 20:37 . 2011-09-22 20:38 -------- d-----r- c:\program files\Skype
2011-09-22 20:37 . 2011-09-22 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-18 14:19 . 2011-06-08 15:29 46080 ------w- c:\windows\system32\CTSVCCDA.EXE
2011-10-18 13:57 . 2011-06-08 13:59 647168 ----a-w- c:\windows\system32\ati2evxx.exe
2011-10-16 11:10 . 2011-06-09 14:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 10:41 . 2007-10-09 12:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2007-07-27 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2007-07-27 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2007-07-27 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-07 15:27 . 2011-09-07 15:27 67156 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2011-09-06 20:45 . 2011-06-08 17:39 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-06-08 17:39 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-06-08 17:39 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2011-06-08 17:39 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-06-08 17:39 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-06-08 17:39 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-06-08 17:39 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2011-06-08 17:39 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2011-06-08 17:39 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2011-06-08 17:39 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 13:20 . 2007-07-27 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2007-07-27 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2007-07-27 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2007-07-27 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2007-07-27 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-16 16:48 . 2011-08-16 16:48 59080 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 98304]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"dcmsvc"="c:\program files\dcmsvc\dcmsvc.exe" [2009-04-07 30440]
.
c:\documents and settings\Admin\Start Menu\Programs\Startup\
Warner Bros.lnk - c:\program files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe [2011-7-8 142848]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Documents and Settings\\Admin\\Desktop\\Mirc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\SETUP.EXE"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Volition Inc\\Red Faction Guerrilla\\rfg.exe"=
"c:\\Program Files\\Volition Inc\\Red Faction Guerrilla\\rfg_launcher.exe"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\Documents and Settings\\Admin\\Desktop\\STOPzilla_Setup.exe"=
"c:\\Program Files\\STOPzilla!\\SZInit.Exe"=
"c:\\Program Files\\Warner Bros. Digital Copy Manager\\Warner Bros. Digital Copy Manager.exe"=
"c:\\Program Files\\STOPzilla!\\SZPixelDrop.exe"=
"c:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [26/09/2011 12:21 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [16/08/2011 17:48 59080]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [08/06/2011 18:39 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [08/06/2011 18:39 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [08/06/2011 18:39 20568]
R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [07/09/2011 16:28 1740696]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [18/03/2010 20:39 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [18/03/2010 20:39 555096]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [18/03/2010 20:40 18904]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [18/03/2010 20:39 566360]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [07/09/2011 16:27 73216]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [26/09/2011 12:21 61328]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [18/03/2010 20:39 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [08/06/2011 16:15 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [18/03/2010 20:39 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [18/03/2010 20:39 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [18/03/2010 20:39 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [18/03/2010 20:39 566360]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [07/09/2011 16:27 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [07/09/2011 16:27 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [07/09/2011 16:27 235392]
S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6CD9530E-F597-4DD4-9B50-E7F7B95E7D81}: NameServer = 145.253.2.11,194.168.4.100
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdVantage - c:\documents and settings\Admin\Application Data\advantage\AdVantage.exe
Notify-TPSvc - TPSvc.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-19 14:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2744)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\system32\wdfmgr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2011-10-19 14:25:10 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-19 13:25
.
Pre-Run: 31,714,529,280 bytes free
Post-Run: 32,088,461,312 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - DE9FA075771A34F83F2140D4E7601F83


Here is the TDSSKiller Log

14:35:09.0703 3736 TDSS rootkit removing tool 2.6.11.0 Oct 19 2011 13:50:27
14:35:09.0718 3736 ============================================================
14:35:09.0718 3736 Current date / time: 2011/10/19 14:35:09.0718
14:35:09.0718 3736 SystemInfo:
14:35:09.0718 3736
14:35:09.0718 3736 OS Version: 5.1.2600 ServicePack: 3.0
14:35:09.0718 3736 Product type: Workstation
14:35:09.0718 3736 ComputerName: ORGANIZA-49CABA
14:35:09.0718 3736 UserName: Admin
14:35:09.0718 3736 Windows directory: C:\WINDOWS
14:35:09.0718 3736 System windows directory: C:\WINDOWS
14:35:09.0718 3736 Processor architecture: Intel x86
14:35:09.0718 3736 Number of processors: 2
14:35:09.0718 3736 Page size: 0x1000
14:35:09.0718 3736 Boot type: Normal boot
14:35:09.0718 3736 ============================================================
14:35:10.0734 3736 Initialize success
14:35:17.0312 3844 ============================================================
14:35:17.0312 3844 Scan started
14:35:17.0312 3844 Mode: Manual;
14:35:17.0312 3844 ============================================================
14:35:17.0531 3844 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
14:35:17.0531 3844 Aavmker4 - ok
14:35:17.0546 3844 Abiosdsk - ok
14:35:17.0546 3844 abp480n5 - ok
14:35:17.0593 3844 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:35:17.0593 3844 ACPI - ok
14:35:17.0625 3844 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:35:17.0625 3844 ACPIEC - ok
14:35:17.0640 3844 adpu160m - ok
14:35:17.0656 3844 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:35:17.0656 3844 aec - ok
14:35:17.0718 3844 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:35:17.0734 3844 AFD - ok
14:35:17.0734 3844 Aha154x - ok
14:35:17.0734 3844 aic78u2 - ok
14:35:17.0750 3844 aic78xx - ok
14:35:17.0765 3844 AliIde - ok
14:35:17.0765 3844 amsint - ok
14:35:17.0796 3844 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:35:17.0796 3844 Arp1394 - ok
14:35:17.0796 3844 asc - ok
14:35:17.0812 3844 asc3350p - ok
14:35:17.0812 3844 asc3550 - ok
14:35:17.0859 3844 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
14:35:17.0859 3844 aswFsBlk - ok
14:35:17.0859 3844 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
14:35:17.0859 3844 aswMon2 - ok
14:35:17.0890 3844 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
14:35:17.0890 3844 aswRdr - ok
14:35:17.0921 3844 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
14:35:17.0921 3844 aswSnx - ok
14:35:17.0953 3844 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
14:35:17.0953 3844 aswSP - ok
14:35:18.0015 3844 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
14:35:18.0015 3844 aswTdi - ok
14:35:18.0046 3844 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:35:18.0046 3844 AsyncMac - ok
14:35:18.0062 3844 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:35:18.0078 3844 atapi - ok
14:35:18.0078 3844 Atdisk - ok
14:35:18.0265 3844 ati2mtag (8e280e25a7a3ca8f5f35946cdf41d434) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:35:18.0296 3844 ati2mtag - ok
14:35:18.0375 3844 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
14:35:18.0375 3844 AtiHdmiService - ok
14:35:18.0406 3844 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:35:18.0406 3844 Atmarpc - ok
14:35:18.0437 3844 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:35:18.0437 3844 audstub - ok
14:35:18.0484 3844 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:35:18.0484 3844 Beep - ok
14:35:18.0500 3844 catchme - ok
14:35:18.0625 3844 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:35:18.0640 3844 cbidf2k - ok
14:35:18.0656 3844 cd20xrnt - ok
14:35:18.0671 3844 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:35:18.0671 3844 Cdaudio - ok
14:35:18.0703 3844 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:35:18.0703 3844 Cdfs - ok
14:35:18.0718 3844 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:35:18.0718 3844 Cdrom - ok
14:35:18.0734 3844 Changer - ok
14:35:18.0750 3844 CmdIde - ok
14:35:18.0781 3844 COMMONFX (ef44c32b1aef62380426b260bf2c66f1) C:\WINDOWS\system32\drivers\COMMONFX.SYS
14:35:18.0781 3844 COMMONFX - ok
14:35:18.0812 3844 COMMONFX.SYS (ef44c32b1aef62380426b260bf2c66f1) C:\WINDOWS\System32\drivers\COMMONFX.SYS
14:35:18.0812 3844 COMMONFX.SYS - ok
14:35:18.0828 3844 Cpqarray - ok
14:35:18.0875 3844 ctac32k (357c534b38019b597f51c8bf7186c118) C:\WINDOWS\system32\drivers\ctac32k.sys
14:35:18.0875 3844 ctac32k - ok
14:35:18.0921 3844 ctaud2k (691f8259a1f9c983356d8db2cde8043c) C:\WINDOWS\system32\drivers\ctaud2k.sys
14:35:18.0921 3844 ctaud2k - ok
14:35:18.0968 3844 CTAUDFX (7fc78aa6521ef3d9f16e51efab0bf13b) C:\WINDOWS\system32\drivers\CTAUDFX.SYS
14:35:18.0968 3844 CTAUDFX - ok
14:35:19.0000 3844 CTAUDFX.SYS (7fc78aa6521ef3d9f16e51efab0bf13b) C:\WINDOWS\System32\drivers\CTAUDFX.SYS
14:35:19.0000 3844 CTAUDFX.SYS - ok
14:35:19.0046 3844 ctdvda2k (8545d70b0335a05498f34e7e3f8ca9a2) C:\WINDOWS\system32\drivers\ctdvda2k.sys
14:35:19.0062 3844 ctdvda2k - ok
14:35:19.0093 3844 CTERFXFX (16f448354067914e7deaea709011bd60) C:\WINDOWS\system32\drivers\CTERFXFX.SYS
14:35:19.0109 3844 CTERFXFX - ok
14:35:19.0109 3844 CTERFXFX.SYS (16f448354067914e7deaea709011bd60) C:\WINDOWS\System32\drivers\CTERFXFX.SYS
14:35:19.0109 3844 CTERFXFX.SYS - ok
14:35:19.0140 3844 ctgame (b4f6b60feed3eb5f85be85e8fa4c0cc1) C:\WINDOWS\system32\DRIVERS\ctgame.sys
14:35:19.0140 3844 ctgame - ok
14:35:19.0140 3844 ctprxy2k (4d71541283aea28fb839007be90b5fc7) C:\WINDOWS\system32\drivers\ctprxy2k.sys
14:35:19.0140 3844 ctprxy2k - ok
14:35:19.0171 3844 CTSBLFX (64c83684661be137023f5186a612cf34) C:\WINDOWS\system32\drivers\CTSBLFX.SYS
14:35:19.0171 3844 CTSBLFX - ok
14:35:19.0203 3844 CTSBLFX.SYS (64c83684661be137023f5186a612cf34) C:\WINDOWS\System32\drivers\CTSBLFX.SYS
14:35:19.0203 3844 CTSBLFX.SYS - ok
14:35:19.0218 3844 ctsfm2k (632194572ebde8d461728cf382a7e964) C:\WINDOWS\system32\drivers\ctsfm2k.sys
14:35:19.0234 3844 ctsfm2k - ok
14:35:19.0265 3844 dac2w2k - ok
14:35:19.0265 3844 dac960nt - ok
14:35:19.0296 3844 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:35:19.0312 3844 Disk - ok
14:35:19.0343 3844 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:35:19.0359 3844 dmboot - ok
14:35:19.0359 3844 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:35:19.0359 3844 dmio - ok
14:35:19.0390 3844 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:35:19.0390 3844 dmload - ok
14:35:19.0406 3844 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:35:19.0406 3844 DMusic - ok
14:35:19.0453 3844 dpti2o - ok
14:35:19.0500 3844 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:35:19.0500 3844 drmkaud - ok
14:35:19.0546 3844 emupia (bacd9cc06d7a787e529e7ebf56b671aa) C:\WINDOWS\system32\drivers\emupia2k.sys
14:35:19.0546 3844 emupia - ok
14:35:19.0593 3844 ewusbnet (fb54f67974d13d73be3e2f1df042d295) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
14:35:19.0609 3844 ewusbnet - ok
14:35:19.0640 3844 ew_hwusbdev (57c171ea22f0a7f068fcb0caedd1e8e7) C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
14:35:19.0640 3844 ew_hwusbdev - ok
14:35:19.0671 3844 ew_usbenumfilter (61a973f60e94a551ba7b15f3460444fb) C:\WINDOWS\system32\DRIVERS\ew_usbenumfilter.sys
14:35:19.0671 3844 ew_usbenumfilter - ok
14:35:19.0703 3844 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:35:19.0703 3844 Fastfat - ok
14:35:19.0734 3844 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:35:19.0734 3844 Fdc - ok
14:35:19.0750 3844 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:35:19.0750 3844 Fips - ok
14:35:19.0765 3844 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:35:19.0765 3844 Flpydisk - ok
14:35:19.0796 3844 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:35:19.0796 3844 FltMgr - ok
14:35:19.0859 3844 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:35:19.0859 3844 Fs_Rec - ok
14:35:19.0875 3844 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:35:19.0875 3844 Ftdisk - ok
14:35:19.0875 3844 FXDrv32 - ok
14:35:19.0921 3844 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:35:19.0921 3844 Gpc - ok
14:35:19.0984 3844 ha10kx2k (70606233f3ed0e53cb3ea17f846d6a4f) C:\WINDOWS\system32\drivers\ha10kx2k.sys
14:35:19.0984 3844 ha10kx2k - ok
14:35:20.0000 3844 hap16v2k (a0c69ad2a61e576b0207acdd9626e167) C:\WINDOWS\system32\drivers\hap16v2k.sys
14:35:20.0000 3844 hap16v2k - ok
14:35:20.0062 3844 hap17v2k (2ee89452c574d259ada4fc9fc1c07243) C:\WINDOWS\system32\drivers\hap17v2k.sys
14:35:20.0062 3844 hap17v2k - ok
14:35:20.0109 3844 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:35:20.0109 3844 HDAudBus - ok
14:35:20.0125 3844 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:35:20.0125 3844 hidusb - ok
14:35:20.0125 3844 hpn - ok
14:35:20.0171 3844 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:35:20.0187 3844 HTTP - ok
14:35:20.0218 3844 huawei_enumerator (f44461e66f1b7dd267957fe9baa63ed0) C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
14:35:20.0218 3844 huawei_enumerator - ok
14:35:20.0281 3844 hwdatacard (f547f862b8907f1bcbd9b72a72a6449e) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
14:35:20.0296 3844 hwdatacard - ok
14:35:20.0296 3844 i2omgmt - ok
14:35:20.0296 3844 i2omp - ok
14:35:20.0343 3844 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:35:20.0343 3844 i8042prt - ok
14:35:20.0359 3844 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:35:20.0359 3844 Imapi - ok
14:35:20.0375 3844 ini910u - ok
14:35:20.0375 3844 IntelIde - ok
14:35:20.0406 3844 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:35:20.0406 3844 intelppm - ok
14:35:20.0437 3844 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:35:20.0437 3844 Ip6Fw - ok
14:35:20.0453 3844 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:35:20.0453 3844 IpFilterDriver - ok
14:35:20.0515 3844 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:35:20.0515 3844 IpInIp - ok
14:35:20.0562 3844 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:35:20.0562 3844 IpNat - ok
14:35:20.0609 3844 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:35:20.0609 3844 IPSec - ok
14:35:20.0640 3844 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:35:20.0640 3844 IRENUM - ok
14:35:20.0718 3844 is3srv (447e6a7c3e7e1cd550a8af889a8209e9) C:\WINDOWS\system32\drivers\is3srv.sys
14:35:20.0718 3844 is3srv - ok
14:35:20.0750 3844 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:35:20.0750 3844 isapnp - ok
14:35:20.0765 3844 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:35:20.0781 3844 Kbdclass - ok
14:35:20.0812 3844 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:35:20.0812 3844 kbdhid - ok
14:35:20.0843 3844 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:35:20.0843 3844 kmixer - ok
14:35:20.0890 3844 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:35:20.0890 3844 KSecDD - ok
14:35:20.0906 3844 lbrtfdc - ok
14:35:20.0937 3844 mdvrmng (4e10e84320a8ec1c12bd0d00973b22ab) C:\WINDOWS\system32\drivers\mdvrmng.sys
14:35:20.0937 3844 mdvrmng - ok
14:35:20.0953 3844 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:35:20.0953 3844 mnmdd - ok
14:35:20.0984 3844 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:35:20.0984 3844 Modem - ok
14:35:21.0000 3844 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:35:21.0000 3844 Mouclass - ok
14:35:21.0015 3844 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:35:21.0015 3844 mouhid - ok
14:35:21.0062 3844 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:35:21.0078 3844 MountMgr - ok
14:35:21.0078 3844 mraid35x - ok
14:35:21.0093 3844 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:35:21.0093 3844 MRxDAV - ok
14:35:21.0140 3844 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:35:21.0140 3844 MRxSmb - ok
14:35:21.0156 3844 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:35:21.0156 3844 Msfs - ok
14:35:21.0171 3844 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:35:21.0171 3844 MSKSSRV - ok
14:35:21.0203 3844 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:35:21.0203 3844 MSPCLOCK - ok
14:35:21.0203 3844 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:35:21.0203 3844 MSPQM - ok
14:35:21.0218 3844 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:35:21.0234 3844 mssmbios - ok
14:35:21.0250 3844 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:35:21.0250 3844 Mup - ok
14:35:21.0312 3844 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:35:21.0312 3844 NDIS - ok
14:35:21.0328 3844 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:35:21.0328 3844 NdisTapi - ok
14:35:21.0359 3844 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:35:21.0359 3844 Ndisuio - ok
14:35:21.0375 3844 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:35:21.0375 3844 NdisWan - ok
14:35:21.0390 3844 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:35:21.0390 3844 NDProxy - ok
14:35:21.0437 3844 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:35:21.0437 3844 NetBIOS - ok
14:35:21.0453 3844 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:35:21.0453 3844 NetBT - ok
14:35:21.0515 3844 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:35:21.0531 3844 NIC1394 - ok
14:35:21.0531 3844 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:35:21.0531 3844 Npfs - ok
14:35:21.0562 3844 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:35:21.0578 3844 Ntfs - ok
14:35:21.0625 3844 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:35:21.0625 3844 Null - ok
14:35:21.0656 3844 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:35:21.0656 3844 NwlnkFlt - ok
14:35:21.0656 3844 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:35:21.0656 3844 NwlnkFwd - ok
14:35:21.0671 3844 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:35:21.0687 3844 ohci1394 - ok
14:35:21.0765 3844 ossrv (ae896073e1bbf98fefc2ec52f62c0fba) C:\WINDOWS\system32\drivers\ctoss2k.sys
14:35:21.0765 3844 ossrv - ok
14:35:21.0781 3844 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:35:21.0781 3844 Parport - ok
14:35:21.0796 3844 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:35:21.0796 3844 PartMgr - ok
14:35:21.0843 3844 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:35:21.0843 3844 ParVdm - ok
14:35:21.0843 3844 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:35:21.0859 3844 PCI - ok
14:35:21.0859 3844 PCIDump - ok
14:35:21.0890 3844 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:35:21.0890 3844 PCIIde - ok
14:35:21.0906 3844 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:35:21.0906 3844 Pcmcia - ok
14:35:21.0953 3844 PDCOMP - ok
14:35:21.0968 3844 PDFRAME - ok
14:35:21.0968 3844 PDRELI - ok
14:35:21.0984 3844 PDRFRAME - ok
14:35:21.0984 3844 perc2 - ok
14:35:21.0984 3844 perc2hib - ok
14:35:22.0015 3844 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:35:22.0031 3844 PptpMiniport - ok
14:35:22.0031 3844 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:35:22.0031 3844 PSched - ok
14:35:22.0046 3844 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:35:22.0046 3844 Ptilink - ok
14:35:22.0078 3844 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:35:22.0078 3844 PxHelp20 - ok
14:35:22.0093 3844 ql1080 - ok
14:35:22.0093 3844 Ql10wnt - ok
14:35:22.0093 3844 ql12160 - ok
14:35:22.0109 3844 ql1240 - ok
14:35:22.0109 3844 ql1280 - ok
14:35:22.0125 3844 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:35:22.0125 3844 RasAcd - ok
14:35:22.0140 3844 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:35:22.0140 3844 Rasl2tp - ok
14:35:22.0156 3844 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:35:22.0156 3844 RasPppoe - ok
14:35:22.0171 3844 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:35:22.0171 3844 Raspti - ok
14:35:22.0203 3844 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:35:22.0203 3844 Rdbss - ok
14:35:22.0203 3844 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:35:22.0203 3844 RDPCDD - ok
14:35:22.0234 3844 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:35:22.0234 3844 rdpdr - ok
14:35:22.0312 3844 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:35:22.0312 3844 RDPWD - ok
14:35:22.0328 3844 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:35:22.0343 3844 redbook - ok
14:35:22.0375 3844 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:35:22.0375 3844 Secdrv - ok
14:35:22.0390 3844 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:35:22.0390 3844 serenum - ok
14:35:22.0437 3844 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:35:22.0437 3844 Serial - ok
14:35:22.0500 3844 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:35:22.0500 3844 Sfloppy - ok
14:35:22.0515 3844 Simbad - ok
14:35:22.0515 3844 Sparrow - ok
14:35:22.0546 3844 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:35:22.0546 3844 splitter - ok
14:35:22.0562 3844 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:35:22.0562 3844 sr - ok
14:35:22.0593 3844 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:35:22.0609 3844 Srv - ok
14:35:22.0625 3844 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:35:22.0625 3844 swenum - ok
14:35:22.0671 3844 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:35:22.0671 3844 swmidi - ok
14:35:22.0718 3844 symc810 - ok
14:35:22.0718 3844 symc8xx - ok
14:35:22.0734 3844 sym_hi - ok
14:35:22.0734 3844 sym_u3 - ok
14:35:22.0765 3844 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:35:22.0765 3844 sysaudio - ok
14:35:22.0812 3844 szkg5 (447e6a7c3e7e1cd550a8af889a8209e9) C:\WINDOWS\system32\DRIVERS\szkg.sys
14:35:22.0812 3844 szkg5 - ok
14:35:22.0843 3844 szkgfs (2b8581dc75d6d043e273eb0244632bcb) C:\WINDOWS\system32\drivers\szkgfs.sys
14:35:22.0843 3844 szkgfs - ok
14:35:22.0890 3844 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:35:22.0890 3844 Tcpip - ok
14:35:22.0953 3844 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:35:22.0953 3844 TDPIPE - ok
14:35:22.0984 3844 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:35:22.0984 3844 TDTCP - ok
14:35:23.0000 3844 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:35:23.0000 3844 TermDD - ok
14:35:23.0015 3844 TosIde - ok
14:35:23.0031 3844 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:35:23.0046 3844 Udfs - ok
14:35:23.0046 3844 ultra - ok
14:35:23.0093 3844 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:35:23.0093 3844 Update - ok
14:35:23.0140 3844 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
14:35:23.0140 3844 usbaudio - ok
14:35:23.0156 3844 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:35:23.0156 3844 usbccgp - ok
14:35:23.0234 3844 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:35:23.0234 3844 usbehci - ok
14:35:23.0234 3844 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:35:23.0250 3844 usbhub - ok
14:35:23.0281 3844 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:35:23.0281 3844 usbprint - ok
14:35:23.0296 3844 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:35:23.0296 3844 USBSTOR - ok
14:35:23.0312 3844 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:35:23.0312 3844 usbuhci - ok
14:35:23.0328 3844 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:35:23.0328 3844 VgaSave - ok
14:35:23.0375 3844 ViaIde - ok
14:35:23.0406 3844 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:35:23.0421 3844 VolSnap - ok
14:35:23.0437 3844 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:35:23.0437 3844 Wanarp - ok
14:35:23.0468 3844 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
14:35:23.0484 3844 Wdf01000 - ok
14:35:23.0484 3844 WDICA - ok
14:35:23.0515 3844 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:35:23.0531 3844 wdmaud - ok
14:35:23.0593 3844 yukonwxp (a5d4eae27e68625296d685a786897491) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
14:35:23.0593 3844 yukonwxp - ok
14:35:23.0609 3844 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:35:23.0718 3844 \Device\Harddisk0\DR0 - ok
14:35:23.0718 3844 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
14:35:23.0718 3844 \Device\Harddisk1\DR1 - ok
14:35:23.0734 3844 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk2\DR6
14:35:23.0890 3844 \Device\Harddisk2\DR6 - ok
14:35:23.0890 3844 Boot (0x1200) (6b1a964adb15c903f6ab5fe1571a5caf) \Device\Harddisk0\DR0\Partition0
14:35:23.0890 3844 \Device\Harddisk0\DR0\Partition0 - ok
14:35:23.0890 3844 Boot (0x1200) (e24181b7dddc3725491ae2ad17e6fd7e) \Device\Harddisk1\DR1\Partition0
14:35:23.0890 3844 \Device\Harddisk1\DR1\Partition0 - ok
14:35:23.0890 3844 Boot (0x1200) (a21a27478a924f4c0fd8ab8099556a4d) \Device\Harddisk2\DR6\Partition0
14:35:23.0890 3844 \Device\Harddisk2\DR6\Partition0 - ok
14:35:23.0890 3844 ============================================================
14:35:23.0890 3844 Scan finished
14:35:23.0890 3844 ============================================================
14:35:23.0906 3800 Detected object count: 0
14:35:23.0906 3800 Actual detected object count: 0
14:37:08.0890 2936 Deinitialize success




And finally here is the aswMBR file. On completion of the process, the "Fix" button was not enabled.



aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-19 14:40:02
-----------------------------
14:40:02.656 OS Version: Windows 5.1.2600 Service Pack 3
14:40:02.656 Number of processors: 2 586 0xF06
14:40:02.656 ComputerName: ORGANIZA-49CABA UserName: Admin
14:40:02.890 Initialize success
14:40:03.468 AVAST engine defs: 11101701
14:40:21.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-f
14:40:21.984 Disk 0 Vendor: Hitachi_HDS721680PLA380 P21OA70A Size: 78533MB BusType: 3
14:40:21.984 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-17
14:40:21.984 Disk 1 Vendor: WDC_WD1600JS-70SGB1 20.06C06 Size: 152627MB BusType: 3
14:40:24.000 Disk 0 MBR read successfully
14:40:24.000 Disk 0 MBR scan
14:40:24.390 Disk 0 Windows XP default MBR code
14:40:24.406 Disk 0 scanning sectors +160810650
14:40:24.968 Disk 0 scanning C:\WINDOWS\system32\drivers
14:40:38.203 Service scanning
14:40:39.046 Modules scanning
14:40:43.796 Disk 0 trace - called modules:
14:40:43.828 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:40:44.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a61aab8]
14:40:44.328 3 CLASSPNP.SYS[f7517fd7] -> nt!IofCallDriver -> \Device\00000073[0x8a6559a0]
14:40:44.328 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-f[0x8a658940]
14:40:44.578 AVAST engine scan C:\WINDOWS
14:40:47.828 AVAST engine scan C:\WINDOWS\system32
14:41:51.093 AVAST engine scan C:\WINDOWS\system32\drivers
14:42:00.390 AVAST engine scan C:\Documents and Settings\Admin
14:42:18.078 File: C:\Documents and Settings\Admin\Local Settings\Application Data\e6bce2b7\U\80000000.@ **INFECTED** Win32:Malware-gen
14:42:18.093 File: C:\Documents and Settings\Admin\Local Settings\Application Data\e6bce2b7\U\800000cb.@ **INFECTED** Win32:Sirefef-AO [Rtk]
14:42:23.390 AVAST engine scan C:\Documents and Settings\All Users
14:42:33.500 Scan finished successfully
14:44:51.781 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\MBR.dat"
14:44:51.781 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\aswMBR.txt"




Before posting this I attempted to open Explorer again, but I got the message "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

Thanks.
  • 0

#4
RKinner
Posted 19 October 2011 - 09:15 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Assume you mean Internet Explorer and not Windows Explorer.



Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

FCopy::
c:\windows\system32\dllcache\iexplore.exe | C:\Program Files\Internet Explorer\iexplore.exe

Driver::
FXDrv32

Folder::
C:\Documents and Settings\Admin\Local Settings\Application Data\e6bce2b7


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Run OTL

select the All option in both the STANDARD and EXTRA Registry groups then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0

#5
amberleaf
Posted 19 October 2011 - 11:37 AM

amberleaf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Yep, I meant Internet Explorer (which is now running :) )

New Combofix Log

ComboFix 11-10-19.03 - Admin 19/10/2011 18:06:56.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1575 [GMT 1:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\Local Settings\Application Data\e6bce2b7
c:\documents and settings\Admin\Local Settings\Application Data\e6bce2b7\@
c:\documents and settings\Admin\Local Settings\Application Data\e6bce2b7\U\80000000.$
c:\documents and settings\Admin\Local Settings\Application Data\e6bce2b7\U\80000000.@
c:\documents and settings\Admin\Local Settings\Application Data\e6bce2b7\U\800000cb.$
c:\documents and settings\Admin\Local Settings\Application Data\e6bce2b7\U\800000cb.@
c:\documents and settings\Admin\Local Settings\Application Data\e6bce2b7\X
.
.
--------------- FCopy ---------------
.
c:\windows\system32\dllcache\iexplore.exe --> c:\program files\Internet Explorer\iexplore.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_FXDRV32
-------\Service_FXDrv32
.
.
((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))))
.
.
2011-10-19 13:04 . 2008-04-13 19:19 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys
2011-10-19 13:04 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-10-18 14:40 . 2011-10-18 14:41 -------- d-----w- c:\documents and settings\Admin\Application Data\QuickScan
2011-10-18 14:36 . 2011-10-18 14:36 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-18 14:35 . 2011-10-18 14:35 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2011-10-18 14:35 . 2011-10-18 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-18 14:35 . 2011-10-18 14:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-18 14:35 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-18 13:57 . 2011-10-18 14:19 22032 ----a-w- c:\windows\DCEBoot.exe
2011-10-18 13:57 . 2011-10-18 14:19 102400 ----a-w- c:\windows\RegBootClean.exe
2011-10-18 13:37 . 2011-10-18 13:37 -------- d-----w- c:\program files\STOPzilla!
2011-10-18 13:37 . 2011-10-18 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-10-18 13:37 . 2011-10-18 13:37 -------- d-----w- c:\program files\Common Files\iS3
2011-10-18 13:24 . 2011-10-18 14:06 -------- d-----w- c:\program files\PC Tools Security
2011-10-18 13:24 . 2011-10-18 14:06 -------- d-----w- c:\program files\Common Files\PC Tools
2011-10-18 13:24 . 2011-10-18 14:05 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-10-18 11:34 . 2011-10-18 11:34 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2011-10-18 09:40 . 2008-03-05 15:03 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2011-10-18 09:40 . 2008-03-05 15:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2011-10-18 09:40 . 2008-03-05 15:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2011-10-18 09:40 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2011-10-18 09:40 . 2008-03-05 14:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2011-10-18 09:40 . 2008-02-05 22:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2011-10-18 09:40 . 2011-10-18 09:58 -------- d-----w- c:\windows\Logs
2011-10-18 09:23 . 2011-10-18 09:23 -------- d-----w- c:\program files\Volition Inc
2011-10-17 17:44 . 2011-10-17 17:44 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-10-17 17:44 . 2011-10-17 17:44 480720 ----a-r- c:\windows\system32\SZBase5.dll
2011-10-17 17:44 . 2011-10-17 17:44 456144 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-10-17 17:44 . 2011-10-17 17:44 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-10-17 17:44 . 2011-10-17 17:44 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-10-17 17:44 . 2011-10-17 17:44 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-10-17 17:44 . 2011-10-17 17:44 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-10-17 17:44 . 2011-10-17 17:44 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-10-17 17:44 . 2011-10-17 17:44 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-10-17 17:44 . 2011-10-17 17:44 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-10-17 17:44 . 2011-10-17 17:44 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-10-17 17:44 . 2011-10-17 17:44 103888 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-09-27 20:12 . 2011-09-27 20:12 -------- d-----w- c:\documents and settings\Admin\Application Data\uPlayer
2011-09-27 20:12 . 2011-09-27 20:12 -------- d-----w- c:\program files\uPlayer
2011-09-26 11:21 . 2011-09-26 11:21 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2011-09-26 11:21 . 2011-09-26 11:21 61328 ----a-r- c:\windows\system32\drivers\is3srv.sys
2011-09-22 20:38 . 2011-09-22 22:06 -------- d-----w- c:\documents and settings\Admin\Application Data\Skype
2011-09-22 20:37 . 2011-09-22 20:38 -------- d-----r- c:\program files\Skype
2011-09-22 20:37 . 2011-09-22 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-18 14:19 . 2011-06-08 15:29 46080 ------w- c:\windows\system32\CTSVCCDA.EXE
2011-10-18 13:57 . 2011-06-08 13:59 647168 ----a-w- c:\windows\system32\ati2evxx.exe
2011-10-16 11:10 . 2011-06-09 14:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 10:41 . 2007-10-09 12:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2007-07-27 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2007-07-27 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2007-07-27 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-07 15:27 . 2011-09-07 15:27 67156 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2011-09-06 20:45 . 2011-06-08 17:39 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-06-08 17:39 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-06-08 17:39 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2011-06-08 17:39 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-06-08 17:39 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-06-08 17:39 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-06-08 17:39 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2011-06-08 17:39 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2011-06-08 17:39 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2011-06-08 17:39 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 13:20 . 2007-07-27 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2007-07-27 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2007-07-27 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2007-07-27 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2007-07-27 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-16 16:48 . 2011-08-16 16:48 59080 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 98304]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"dcmsvc"="c:\program files\dcmsvc\dcmsvc.exe" [2009-04-07 30440]
.
c:\documents and settings\Admin\Start Menu\Programs\Startup\
Warner Bros.lnk - c:\program files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe [2011-7-8 142848]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Documents and Settings\\Admin\\Desktop\\Mirc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\SETUP.EXE"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Volition Inc\\Red Faction Guerrilla\\rfg.exe"=
"c:\\Program Files\\Volition Inc\\Red Faction Guerrilla\\rfg_launcher.exe"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\Documents and Settings\\Admin\\Desktop\\STOPzilla_Setup.exe"=
"c:\\Program Files\\STOPzilla!\\SZInit.Exe"=
"c:\\Program Files\\Warner Bros. Digital Copy Manager\\Warner Bros. Digital Copy Manager.exe"=
"c:\\Program Files\\STOPzilla!\\SZPixelDrop.exe"=
"c:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [26/09/2011 12:21 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [16/08/2011 17:48 59080]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [08/06/2011 18:39 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [08/06/2011 18:39 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [08/06/2011 18:39 20568]
R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [07/09/2011 16:28 1740696]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [18/03/2010 20:39 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [18/03/2010 20:39 555096]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [18/03/2010 20:40 18904]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [18/03/2010 20:39 566360]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [07/09/2011 16:27 73216]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [26/09/2011 12:21 61328]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [18/03/2010 20:39 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [08/06/2011 16:15 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [18/03/2010 20:39 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [18/03/2010 20:39 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [18/03/2010 20:39 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [18/03/2010 20:39 566360]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [07/09/2011 16:27 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [07/09/2011 16:27 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [07/09/2011 16:27 235392]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
TCP: Interfaces\{6CD9530E-F597-4DD4-9B50-E7F7B95E7D81}: NameServer = 145.253.2.11,194.168.4.100
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-19 18:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3680)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\system32\wdfmgr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2011-10-19 18:17:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-19 17:17
.
Pre-Run: 32,141,950,976 bytes free
Post-Run: 32,125,460,480 bytes free
.
- - End Of File - - 059EF182765F65C62092A9DBC698CD6C


_________________________________________________________________________________

New OTL Log

OTL logfile created on: 19/10/2011 18:27:06 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.26% Memory free
3.85 Gb Paging File | 3.40 Gb Available in Paging File | 88.33% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 29.94 Gb Free Space | 39.05% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 148.78 Gb Free Space | 99.82% Space Free | Partition Type: NTFS
Drive E: | 6.94 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 953.73 Mb Total Space | 824.73 Mb Free Space | 86.47% Space Free | Partition Type: FAT

Computer Name: ORGANIZA-49CABA | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/19 18:25:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
PRC - [2011/10/18 14:57:50 | 001,740,696 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2011/10/18 14:57:50 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2011/09/06 21:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/08 17:04:02 | 000,142,848 | ---- | M] () -- C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
PRC - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/18 14:57:50 | 001,740,696 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
MOD - [2011/10/16 12:26:44 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
MOD - [2011/10/16 12:25:11 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/16 12:24:28 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/16 12:12:05 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/16 12:12:00 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/16 12:11:48 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/16 12:09:53 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/16 12:09:33 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/16 00:39:10 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/07/08 17:04:02 | 000,142,848 | ---- | M] () -- C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
MOD - [2011/04/19 21:56:56 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/03/16 12:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (szserver)
SRV - [2011/10/18 14:57:50 | 001,740,696 | ---- | M] () [Auto | Running] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2011/10/18 14:57:50 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2011/09/06 21:45:28 | 000,044,768 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/08 16:15:13 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/09/26 12:21:00 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2011/09/26 12:21:00 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2011/09/06 21:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 21:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 21:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 21:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 21:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 21:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 21:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/08/16 17:48:30 | 000,059,080 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2011/04/20 03:41:56 | 006,537,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/03/23 16:17:48 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2011/03/23 16:15:48 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2011/03/23 16:15:48 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/03/23 16:15:48 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011/03/23 16:15:48 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/03/23 16:15:48 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2010/03/18 20:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 20:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 20:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 20:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 20:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 20:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 20:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 20:40:56 | 000,018,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2010/03/18 20:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 20:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010/03/18 20:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2006/11/22 08:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/06/10 03:11:05 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/10/19 18:15:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Warner Bros.lnk = C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15117/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CD9530E-F597-4DD4-9B50-E7F7B95E7D81}: NameServer = 145.253.2.11,194.168.4.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7ADB3A2D-30BE-4420-B9AE-E0C3ABDF3DF9}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/07 13:27:40 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/21 15:11:43 | 000,000,027 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/10/19 18:25:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2011/10/19 18:17:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/19 14:39:56 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Admin\Desktop\aswMBR.exe
[2011/10/19 14:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\tdsskiller
[2011/10/19 14:04:28 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsec.sys
[2011/10/19 14:02:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/19 13:59:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/19 13:59:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/19 13:59:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/19 13:59:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/19 13:59:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/19 13:57:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/19 13:56:20 | 004,266,113 | R--- | C] (Swearware) -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2011/10/19 13:55:38 | 001,559,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Admin\Desktop\TDSSKiller.exe
[2011/10/18 15:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\QuickScan
[2011/10/18 15:36:12 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/18 15:35:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2011/10/18 15:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/18 15:35:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/18 15:35:19 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/18 15:35:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/18 14:46:03 | 002,002,320 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Admin\Desktop\HousecallLauncher.exe
[2011/10/18 14:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\STOPzilla
[2011/10/18 14:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/10/18 14:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/10/18 14:37:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/10/18 14:35:46 | 000,603,648 | ---- | C] (iS3, Inc.) -- C:\Documents and Settings\Admin\Desktop\STOPzilla_Setup.exe
[2011/10/18 14:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/10/18 14:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/10/18 14:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/10/18 14:23:25 | 038,357,400 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Admin\Desktop\spdoc.exe
[2011/10/18 10:58:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2011/10/18 10:41:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\THQ
[2011/10/18 10:41:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2011/10/18 10:41:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive
[2011/10/18 10:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2011/10/18 10:41:02 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2011/10/18 10:41:02 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2011/10/18 10:41:02 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2011/10/18 10:41:02 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2011/10/18 10:41:02 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2011/10/18 10:41:01 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2011/10/18 10:41:01 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2011/10/18 10:41:01 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2011/10/18 10:41:01 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2011/10/18 10:41:00 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2011/10/18 10:41:00 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2011/10/18 10:41:00 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2011/10/18 10:41:00 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2011/10/18 10:40:59 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2011/10/18 10:40:59 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2011/10/18 10:40:59 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2011/10/18 10:40:58 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2011/10/18 10:40:58 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2011/10/18 10:40:58 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2011/10/18 10:40:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011/10/18 10:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Volition Inc
[2011/10/18 10:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\Volition Inc
[2011/10/18 10:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/10/18 09:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/10/17 18:44:40 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/10/17 18:44:40 | 000,480,720 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/10/17 18:44:40 | 000,456,144 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/10/17 18:44:40 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/10/17 18:44:40 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/10/17 18:44:40 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/10/17 18:44:38 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/10/17 18:44:38 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/10/17 18:44:38 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/10/17 18:44:38 | 000,103,888 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/10/17 18:44:38 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/10/17 18:44:38 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/09/27 21:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\uPlayer
[2011/09/27 21:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\uPlayer
[2011/09/27 21:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\uPlayer
[2011/09/27 21:04:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\Administrative Tools
[2011/09/26 12:21:00 | 000,061,328 | R--- | C] (iS3 Inc.) -- C:\WINDOWS\System32\drivers\SZKG.sys
[2011/09/26 12:21:00 | 000,061,328 | R--- | C] (iS3 Inc.) -- C:\WINDOWS\System32\drivers\is3srv.sys
[2011/09/22 21:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Skype
[2011/09/22 21:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/09/22 21:37:30 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/09/22 21:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/09/22 21:34:42 | 001,029,000 | ---- | C] (Skype Technologies S.A.) -- C:\Documents and Settings\Admin\Desktop\SkypeSetup.exe
[2010/03/18 19:18:32 | 000,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2010/03/18 18:59:50 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/19 18:25:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2011/10/19 18:15:19 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000001-00001102-00000004-10071102}.CDF
[2011/10/19 18:15:19 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000001-00001102-00000004-10071102}.BAK
[2011/10/19 18:15:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/19 18:14:59 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/19 18:14:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/19 18:14:11 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000001-00001102-00000004-10071102}.rfx
[2011/10/19 18:14:11 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000001-00001102-00000004-10071102}.rfx
[2011/10/19 18:14:11 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000001-00001102-00000004-10071102}.rfx
[2011/10/19 18:14:11 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000001-00001102-00000004-10071102}.rfx
[2011/10/19 18:14:11 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000001-00001102-00000004-10071102}.rfx
[2011/10/19 14:44:51 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\MBR.dat
[2011/10/19 14:39:58 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Admin\Desktop\aswMBR.exe
[2011/10/19 14:33:56 | 001,540,631 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\tdsskiller.zip
[2011/10/19 14:02:08 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/19 13:55:42 | 004,266,113 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2011/10/19 13:55:38 | 001,559,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Admin\Desktop\TDSSKiller.exe
[2011/10/18 18:44:54 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Internet Explorer Troubleshooting.url
[2011/10/18 18:35:24 | 000,104,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/18 15:59:31 | 000,246,439 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\census.cache
[2011/10/18 15:59:30 | 000,183,580 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\ars.cache
[2011/10/18 15:51:55 | 000,000,610 | ---- | M] () -- C:\WINDOWS\DCEBOOT.RST
[2011/10/18 15:36:19 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/18 15:35:23 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/18 15:19:09 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2011/10/18 15:19:09 | 000,022,032 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2011/10/18 14:46:25 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\housecall.guid.cache
[2011/10/18 14:46:17 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Admin\Desktop\HousecallLauncher.exe
[2011/10/18 14:35:51 | 000,603,648 | ---- | M] (iS3, Inc.) -- C:\Documents and Settings\Admin\Desktop\STOPzilla_Setup.exe
[2011/10/18 14:25:06 | 000,643,236 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/10/18 14:23:31 | 038,357,400 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Admin\Desktop\spdoc.exe
[2011/10/18 10:03:34 | 001,264,572 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Red_Faction_Guerrilla_keygen.exe
[2011/10/17 18:44:40 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/10/17 18:44:40 | 000,480,720 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/10/17 18:44:40 | 000,456,144 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/10/17 18:44:40 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/10/17 18:44:40 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/10/17 18:44:40 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/10/17 18:44:38 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/10/17 18:44:38 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/10/17 18:44:38 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/10/17 18:44:38 | 000,103,888 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/10/17 18:44:38 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/10/17 18:44:38 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/10/16 19:23:36 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\World of Warcraft.lnk
[2011/10/16 12:10:06 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/16 00:39:37 | 000,433,108 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/16 00:39:37 | 000,067,938 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/16 00:36:10 | 048,324,552 | ---- | M] () -- C:\WINDOWS\System32\MRT.exe
[2011/10/03 09:35:11 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/09/27 21:12:07 | 000,001,549 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\uPlayer.lnk
[2011/09/26 12:21:00 | 000,061,328 | R--- | M] (iS3 Inc.) -- C:\WINDOWS\System32\drivers\SZKG.sys
[2011/09/26 12:21:00 | 000,061,328 | R--- | M] (iS3 Inc.) -- C:\WINDOWS\System32\drivers\is3srv.sys
[2011/09/26 11:41:20 | 000,611,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll
[2011/09/26 11:41:20 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll
[2011/09/22 21:37:36 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/09/22 21:35:25 | 001,029,000 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\Admin\Desktop\SkypeSetup.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/19 14:44:51 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\MBR.dat
[2011/10/19 14:34:26 | 001,540,631 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\tdsskiller.zip
[2011/10/19 14:02:08 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/19 14:02:07 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/19 13:59:16 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/19 13:59:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/19 13:59:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/19 13:59:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/19 13:59:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/18 18:44:54 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Internet Explorer Troubleshooting.url
[2011/10/18 15:35:23 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/18 15:05:19 | 004,931,577 | ---- | C] () -- C:\WINDOWS\{00000002-00000000-00000001-00001102-00000004-10071102}.BAK
[2011/10/18 15:00:20 | 000,000,610 | ---- | C] () -- C:\WINDOWS\DCEBOOT.RST
[2011/10/18 14:57:50 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2011/10/18 14:57:50 | 000,022,032 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2011/10/18 14:53:03 | 000,246,439 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\census.cache
[2011/10/18 14:52:58 | 000,183,580 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\ars.cache
[2011/10/18 14:46:25 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\housecall.guid.cache
[2011/10/18 14:24:55 | 000,643,236 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/10/18 10:03:26 | 001,264,572 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Red_Faction_Guerrilla_keygen.exe
[2011/09/27 21:12:07 | 000,001,549 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\uPlayer.lnk
[2011/09/22 21:37:36 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/09/15 16:52:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2011/09/07 16:27:42 | 000,067,156 | ---- | C] () -- C:\WINDOWS\Huawei ModemsUninstall.exe
[2011/09/07 16:27:38 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys
[2011/09/03 11:37:17 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/26 17:33:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2011/08/06 20:48:50 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/06/08 17:24:46 | 048,324,552 | ---- | C] () -- C:\WINDOWS\System32\MRT.exe
[2011/06/08 14:59:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/06/08 14:59:46 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/06/08 14:59:46 | 000,233,012 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/06/08 14:59:46 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/06/07 13:33:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/07 13:32:42 | 000,104,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/07 12:55:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/06/07 12:49:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/05/02 23:30:50 | 001,144,147 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2011/05/02 23:27:54 | 003,935,545 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2011/05/02 21:23:46 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2011/05/02 21:19:34 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2011/05/02 21:19:20 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/04/19 22:10:32 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/03/18 22:32:44 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2011/03/18 22:29:56 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2011/03/18 22:28:30 | 001,557,504 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2011/03/18 22:27:08 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2011/03/18 22:26:44 | 000,484,864 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2011/03/18 22:25:38 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2011/03/18 22:25:24 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2011/03/03 12:40:08 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2011/03/03 12:39:56 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2011/03/03 12:39:46 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2011/03/03 12:39:34 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2011/03/03 12:39:02 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2011/03/03 12:38:54 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2011/03/03 12:38:40 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2011/03/03 12:38:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2011/03/03 12:38:04 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2011/03/03 12:37:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2011/03/03 12:37:40 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2011/03/03 12:35:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2011/03/03 12:35:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2011/02/22 20:39:04 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/02/22 20:37:30 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/08/18 20:56:38 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2010/03/18 19:59:54 | 000,050,439 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2010/03/18 19:59:50 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/03/18 19:19:58 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2010/03/18 19:17:50 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2010/03/18 19:07:54 | 000,386,852 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2010/03/18 19:07:54 | 000,051,787 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2010/03/18 19:03:12 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2010/03/18 19:02:14 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2010/03/18 19:00:42 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2010/03/18 19:00:28 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2010/03/18 19:00:28 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2010/03/18 18:59:56 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2010/03/18 18:59:56 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2010/03/18 18:59:54 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2009/08/11 22:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2009/08/11 22:21:20 | 001,021,440 | ---- | C] () -- C:\WINDOWS\System32\ac3filter_intl.dll
[2009/08/07 19:51:34 | 000,178,430 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/07/08 15:10:56 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2009/05/20 13:04:42 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\spdifer_config.exe
[2008/11/06 16:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/08/13 20:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2007/07/27 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007/07/27 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2007/07/27 13:00:00 | 000,433,108 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007/07/27 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2007/07/27 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2007/07/27 13:00:00 | 000,067,938 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007/07/27 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2007/07/27 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2007/07/27 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/07/27 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007/07/27 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2007/07/27 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/03/04 05:52:00 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\OptimFROG.dll
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >


________________________________________________

Extras Log

OTL Extras logfile created on: 19/10/2011 18:27:06 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.26% Memory free
3.85 Gb Paging File | 3.40 Gb Available in Paging File | 88.33% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 29.94 Gb Free Space | 39.05% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 148.78 Gb Free Space | 99.82% Space Free | Partition Type: NTFS
Drive E: | 6.94 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 953.73 Mb Total Space | 824.73 Mb Free Space | 86.47% Space Free | Partition Type: FAT

Computer Name: ORGANIZA-49CABA | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"6881:TCP" = 6881:TCP:*:Enabled:Blizzard Downloader: 6881

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Documents and Settings\Admin\Desktop\Mirc.exe" = C:\Documents and Settings\Admin\Desktop\Mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"E:\SETUP.EXE" = E:\SETUP.EXE:*:Enabled:Setup Launcher -- (Volition Inc. )
"C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:Windows® installer -- (Microsoft Corporation)
"C:\Program Files\Volition Inc\Red Faction Guerrilla\rfg.exe" = C:\Program Files\Volition Inc\Red Faction Guerrilla\rfg.exe:*:Enabled:Red Faction: Guerrilla -- (THQ Inc.)
"C:\Program Files\Volition Inc\Red Faction Guerrilla\rfg_launcher.exe" = C:\Program Files\Volition Inc\Red Faction Guerrilla\rfg_launcher.exe:*:Enabled:RFG Launcher -- (THQ Inc.)
"C:\Program Files\CCleaner\CCleaner.exe" = C:\Program Files\CCleaner\CCleaner.exe:*:Disabled:CCleaner -- (Piriform Ltd)
"C:\Documents and Settings\Admin\Desktop\STOPzilla_Setup.exe" = C:\Documents and Settings\Admin\Desktop\STOPzilla_Setup.exe:*:Enabled:STOPzilla_Setup -- (iS3, Inc.)
"C:\Program Files\STOPzilla!\SZInit.Exe" = C:\Program Files\STOPzilla!\SZInit.Exe:*:Enabled:STOPzilla Application -- (iS3, Inc.)
"C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe" = C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe:*:Enabled:Warner Bros. Digital Copy Manager -- ()
"C:\Program Files\STOPzilla!\SZPixelDrop.exe" = C:\Program Files\STOPzilla!\SZPixelDrop.exe:*:Disabled:STOPzilla Pixel Drop -- (iS3, Inc.)
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" = C:\Program Files\AVAST Software\Avast\AvastUI.exe:*:Enabled:avast! Antivirus -- (AVAST Software)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{147A8145-0AA6-0921-8414-9B1EE5A8108F}" = Warner Bros. Digital Copy Manager
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{6C9EF6DE-391E-665A-92F2-2BF72DF53E61}" = Catalyst Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{AC76BA86-7AD7-1033-7B44-A70700000002}" = Adobe Reader 7.0.7
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AFBF90DF-9FBE-002F-E8F4-2EC713678BD7}" = Catalyst Control Center InstallProxy
"{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers
"{B4A3B14A-1C4B-47B9-A5B5-BF429237D568}" = muveeNow 2.1
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{BA1EA42A-B02E-4210-882C-717416D96E65}" = STOPzilla
"{BB85B4D1-FE48-9AC2-ACF3-5833D539C606}" = ATI Catalyst Install Manager
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C85C8CE6-CA92-7CDC-75C3-AA9C22E7FD75}" = ccc-utility
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D41DA7B0-DE4C-20A5-FC4C-F00327548F0D}" = CCC Help English
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F90D9C89-7918-7994-66CC-513C4A92D3A6}" = Catalyst Control Center Graphics Previews Common
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Audacity_is1" = Audacity 1.2.6
"AudioCS" = Creative Audio Console
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1" = Warner Bros. Digital Copy Manager
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"dcmsvc_is1" = dcmsvc 1.0
"EPSON SX110 Series" = EPSON SX110 Series Printer Uninstall
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Huawei Modems" = Huawei modem
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Media Player - Codec Pack" = Media Player Codec Pack 4.0.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"PCFriendly" = PCFriendly
"SFBM" = SoundFont Bank Manager
"WaveStudio 7" = Creative WaveStudio 7
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"World of Warcraft" = World of Warcraft
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/07/2011 14:14:20 | Computer Name = ORGANIZA-49CABA | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....D8050B566A.crt>
with error: The specified server cannot perform the requested operation.

Error - 14/07/2011 15:13:38 | Computer Name = ORGANIZA-49CABA | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....D8050B566A.crt>
with error: This operation returned because the timeout period expired.

Error - 14/07/2011 15:13:38 | Computer Name = ORGANIZA-49CABA | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....D8050B566A.crt>
with error: The specified server cannot perform the requested operation.

Error - 26/07/2011 07:08:56 | Computer Name = ORGANIZA-49CABA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/08/2011 05:33:40 | Computer Name = ORGANIZA-49CABA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 03/09/2011 06:33:58 | Computer Name = ORGANIZA-49CABA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 03/09/2011 16:26:03 | Computer Name = ORGANIZA-49CABA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 07/09/2011 12:47:39 | Computer Name = ORGANIZA-49CABA | Source = Application Hang | ID = 1002
Description = Hanging application WelcomeApp.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 18/10/2011 04:45:01 | Computer Name = ORGANIZA-49CABA | Source = Application Error | ID = 1000
Description = Faulting application 3085090022:423828808.exe, version 0.0.0.0, faulting
module unknown, version 0.0.0.0, fault address 0x000002e8.

Error - 18/10/2011 10:03:53 | Computer Name = ORGANIZA-49CABA | Source = pctsSvc.exe | ID = 0
Description =

[ System Events ]
Error - 15/10/2011 13:34:04 | Computer Name = ORGANIZA-49CABA | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.0.2
with the system having network hardware address 6C:F0:49:52:93:55. Network operations
on this system may be disrupted as a result.


< End of report >


Thanks
  • 0

#6
RKinner
Posted 19 October 2011 - 12:03 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Logs look good. Run aswMBR again and let's see if it is now happy.

Your stopzilla is not happy. If you need it then uninstall and reinstall otherwise just uninstall.


Also uninstall Abobe Reader 7. Your version is very obsolete and dangerous to have. Go to Adobe.com and get the latest version of Reader which is 10 I think.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


We had a couple of events at the end of the Extras log that were associated with ZA so I want to make sure they are not coming back.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Ron
  • 0

#7
amberleaf
Posted 19 October 2011 - 02:53 PM

amberleaf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi, here are the logs - I have uninstalled Stopzilla & Adobe 7.0 -

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-19 14:40:02
-----------------------------
14:40:02.656 OS Version: Windows 5.1.2600 Service Pack 3
14:40:02.656 Number of processors: 2 586 0xF06
14:40:02.656 ComputerName: ORGANIZA-49CABA UserName: Admin
14:40:02.890 Initialize success
14:40:03.468 AVAST engine defs: 11101701
14:40:21.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-f
14:40:21.984 Disk 0 Vendor: Hitachi_HDS721680PLA380 P21OA70A Size: 78533MB BusType: 3
14:40:21.984 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-17
14:40:21.984 Disk 1 Vendor: WDC_WD1600JS-70SGB1 20.06C06 Size: 152627MB BusType: 3
14:40:24.000 Disk 0 MBR read successfully
14:40:24.000 Disk 0 MBR scan
14:40:24.390 Disk 0 Windows XP default MBR code
14:40:24.406 Disk 0 scanning sectors +160810650
14:40:24.968 Disk 0 scanning C:\WINDOWS\system32\drivers
14:40:38.203 Service scanning
14:40:39.046 Modules scanning
14:40:43.796 Disk 0 trace - called modules:
14:40:43.828 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:40:44.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a61aab8]
14:40:44.328 3 CLASSPNP.SYS[f7517fd7] -> nt!IofCallDriver -> \Device\00000073[0x8a6559a0]
14:40:44.328 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-f[0x8a658940]
14:40:44.578 AVAST engine scan C:\WINDOWS
14:40:47.828 AVAST engine scan C:\WINDOWS\system32
14:41:51.093 AVAST engine scan C:\WINDOWS\system32\drivers
14:42:00.390 AVAST engine scan C:\Documents and Settings\Admin
14:42:18.078 File: C:\Documents and Settings\Admin\Local Settings\Application Data\e6bce2b7\U\80000000.@ **INFECTED** Win32:Malware-gen
14:42:18.093 File: C:\Documents and Settings\Admin\Local Settings\Application Data\e6bce2b7\U\800000cb.@ **INFECTED** Win32:Sirefef-AO [Rtk]
14:42:23.390 AVAST engine scan C:\Documents and Settings\All Users
14:42:33.500 Scan finished successfully
14:44:51.781 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\MBR.dat"
14:44:51.781 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-19 21:16:17
-----------------------------
21:16:17.265 OS Version: Windows 5.1.2600 Service Pack 3
21:16:17.265 Number of processors: 2 586 0xF06
21:16:17.265 ComputerName: ORGANIZA-49CABA UserName: Admin
21:16:17.546 Initialize success
21:16:17.609 AVAST engine defs: 11101701
21:16:22.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-f
21:16:22.750 Disk 0 Vendor: Hitachi_HDS721680PLA380 P21OA70A Size: 78533MB BusType: 3
21:16:22.750 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-17
21:16:22.750 Disk 1 Vendor: WDC_WD1600JS-70SGB1 20.06C06 Size: 152627MB BusType: 3
21:16:24.750 Disk 0 MBR read successfully
21:16:24.750 Disk 0 MBR scan
21:16:24.750 Disk 0 Windows XP default MBR code
21:16:24.750 Disk 0 scanning sectors +160810650
21:16:24.812 Disk 0 scanning C:\WINDOWS\system32\drivers
21:16:33.968 Service scanning
21:16:34.828 Modules scanning
21:16:42.734 Scan finished successfully
21:17:27.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\MBR.dat"
21:17:27.218 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\aswMBR.txt"


The only recent file showing by using sigverif is as follows

ati2evxx.exe - c:\windows\system32 - 10/18/2011 - version 6.14.10.4254


Here is the Event Viewer Log as requested. The first time the log came up, I attempted to uninstall Avast as I thought it was stopping the event viewer from working. But I still get the same message.

Vino's Event Viewer v01c run on Windows XP in English
Report run at 19/10/2011 21:40:47

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/10/2011 21:23:25
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The avast! Antivirus service failed to start due to the following error: Access is denied.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This is the log for the "Application"

Vino's Event Viewer v01c run on Windows XP in English
Report run at 19/10/2011 21:41:31

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Internet connection icon shows screens lit up all the time although nothing is running.

Thanks
  • 0

#8
RKinner
Posted 19 October 2011 - 03:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Download and save the free Avast installer.

Uninstall Avast

Reboot.

Install Avast.

Once it is installed, click on the Avast ball near the clock and see if under Summary it says you are protected.

Ron
  • 0

#9
amberleaf
Posted 20 October 2011 - 04:41 AM

amberleaf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Avast reinstalled & shows under summary I am protected, thanks.

Something is still running in the background though as internet connection shows constant stream of data

Any ideas?

Thanks
  • 0

#10
RKinner
Posted 20 October 2011 - 07:03 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
It might just be Windows update but let's run some more tests.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
  • 0

Advertisements

#11
amberleaf
Posted 20 October 2011 - 10:42 AM

amberleaf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Ron

I think we're there

ESET Scanner showed no threats whatsoever.

Bitdefender log -


QuickScan Beta 32-bit v0.9.9.99
-------------------------------
Scan date: Thu Oct 20 17:16:19 2011
Machine ID: 349E0E82



No infection found.
-------------------



Processes
---------
ATI External Event Utility for Windows 984 C:\WINDOWS\system32\ati2evxx.exe
ATI External Event Utility for Windows 1536 C:\WINDOWS\system32\ati2evxx.exe
avast! Antivirus 1512 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
avast! Antivirus 1956 C:\Program Files\AVAST Software\Avast\AvastUI.exe
BecHelperService.exe 1508 C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
Catalyst Control Center 2116 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
Catalyst Control Centre 1916 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
Creative Audio Service 116 C:\Program Files\Creative\Shared Files\CTAudSvc.exe
Creative Service for CDROM Access 516 C:\WINDOWS\system32\CTSVCCDA.EXE
CtHelper Application 1896 C:\WINDOWS\system32\CtHelper.exe
dcmsvc.exe 1940 C:\Program Files\dcmsvc\dcmsvc.exe
Microsoft® Windows® Operating System 284 C:\WINDOWS\system32\spoolsv.exe
Warner Bros. Digital Copy Manager.exe 1012 C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
(verified) Microsoft® Windows® Operating System 540 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 2944 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 716 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 596 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 812 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 800 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 664 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 120 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1004 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1072 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1180 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1268 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1368 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 3652 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1884 C:\WINDOWS\system32\wdfmgr.exe
(verified) Microsoft® Windows® Operating System 756 C:\WINDOWS\system32\winlogon.exe
(verified) Microsoft® Windows® Operating System 2140 C:\WINDOWS\system32\wuauclt.exe
(verified) Windows® Internet Explorer 1284 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3168 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 2384 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3924 C:\Program Files\Internet Explorer\iexplore.exe


Network activity
----------------
Process svchost.exe (1180) connected on port 5000 (UPnP) --> 192.168.0.1
Process iexplore.exe (1284) connected on port 443 (HTTP over SSL) --> 209.85.147.95
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 50.19.208.8
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 66.220.158.53
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 84.53.178.88
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 66.235.142.58
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 209.85.147.113
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 66.235.142.58
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 84.53.178.89
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 209.85.147.113

Process svchost.exe (1072) listens on ports: 135 (RPC)
Process svchost.exe (1368) listens on ports: 2869 (SSDP event notification, UPNP)


Autoruns and critical files
---------------------------
ATI External Event Utility for Windows C:\WINDOWS\system32\Ati2evxx.dll
avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastUI.exe
Catalyst® Control Center C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
CtHelper Application C:\WINDOWS\system32\CtHelper.exe
dcmsvc.exe C:\Program Files\dcmsvc\dcmsvc.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\CSCDLL.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\logon.scr
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
Warner Bros. Digital Copy Manager.exe C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
(verified) Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
avast! WebRep C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
CTPID ActiveX Control Module C:\WINDOWS\Downloaded Program Files\CTPIDPDE.ocx
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft® Windows® Operating System C:\WINDOWS\System32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
Skype Toolbars C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


Scan
----
MD5: 4c957aa6eecb9a28cc0efd9cb351cb10 C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
MD5: d12c9890bdf6e50bf1ffc9c07cacaae2 C:\Program Files\3 Mobile Broadband\3Connect\Logger.dll
MD5: d310f0cc161799ea3b08bd6288261ee5 C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MD5: d68018aebb6226bca5103da8b66a57d6 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\32\wbhelp2.dll
MD5: 0be92b27dc8c7b6035a5ec373fc2b619 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\32\wbocx.ocx
MD5: ee877c7fd718c3ac10acc08d67734fcb C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ADL.Foundation.dll
MD5: 76e138c39b50294bd7dd403bd23dec9b C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Actions.CCAA.Shared.dll
MD5: df2d49729316034271ae85075cae6bd3 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.DPPE.Shared.dll
MD5: 2b223bdc0c22fae1861b7a7aebed1f2b C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.EEU.Shared.dll
MD5: 2114fdb9f8c0babf6276029c266127b6 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.GD.Shared.dll
MD5: d231ad9f0588576e8613a32ed3d012bb C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Hotkeys.Shared.dll
MD5: c65708e5e3a4227227456a0b0173888a C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.REG.Shared.dll
MD5: 7b7f9a6bd4143fee3a37e18cb1a10e65 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Source.Kit.Server.dll
MD5: 884784fbe3186a9f740488af2f3747c3 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.WinMessages.Shared.dll
MD5: d61f27ded42d4ac519f8f038291f6056 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.dll
MD5: 501a128ec5556c524746715176d0926e C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.Shared.dll
MD5: bf3fc97c2c74200212d39dbb73bb165e C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\APM.Foundation.dll
MD5: 3c2c20064dea8a49ef4bfc156b0286fe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\APM.Server.dll
MD5: 6adca7df70769829b665b04511cdfdda C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ATICCCom.dll
MD5: d317f45e10d208e4befa3a26b64525df C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ATIDEMGX.dll
MD5: ee850c95ed088e8835f2425ee551296f C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atixclib.dll
MD5: cd632a9274e7e85b9f37f84c91595c27 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MD5: cce5d71f19ab70d969f9819b5c88438d C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
MD5: c7ca661a1cfed7033bb401b6f1302436 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.Implementation.dll
MD5: 290e4c7346470537a872e670c367dd87 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MD5: df04042f59213948d2b0b597782ec602 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MD5: 3611986028e45f10500932a3f4d871e9 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MD5: 1b5e39e2e3513c5dda14f2d46a9c7e12 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MD5: 7e9bd69b52f416b9d5ce22783d51b4a1 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCRT.Graphics.shared.dll
MD5: 0898290dcd0aa80b1c4ab02e8c469555 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MD5: feac01f5665efd86799bc356bac81a6e C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MD5: d5de02db42a972fbeff6f24144927349 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MD5: 5f324d0ddb9947ade866e792901ce9f9 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MD5: dc82b0ce01713a48246ff71227ca1a3b C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MD5: 1d643f1455fe0661c459142baf434532 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MD5: dc91dfdfc198fd09d4b9ee21613fe352 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MD5: 9ac8dfa0069d979b827d3bf12b34a33f C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MD5: 189071b7209eedd788cc2f2591cb0428 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MD5: 474c773387c3a0afdc7ee5d78c877c15 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MD5: 2efdd166a5b7e98079100d9b2d8c6913 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceTV.Graphics.shared.dll
MD5: 1802c0e31b8e7a379fca30724e384d1d C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MD5: a9c11e54caaf4a587bff8302030f1d9e C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MD5: 57d554a1fb3641c9fad213ea6a629b05 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MD5: 462141bf888f98ba6d5f740beab1430b C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MD5: 2c997682a34ed6b5d3ef188b35709cbc C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MD5: cc3e371ee60efe51f92c9d92a39cd11d C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MD5: 1fe6fdd856f39cde97a6ed3d1f9c068d C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MD5: c98efa4d268d23927b0c37e64eaed275 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MD5: b5c524e82dc82858b225224560f5dbf9 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MD5: 62a876eeb232b58de62c4c4b2c51f6f8 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MD5: a7193b2395020292b7fe40d7105487fa C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MD5: e0b39bc7c3a92f863ccc0e484ea02c8a C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MD5: 5d4ca7aa04d78ec1f5a0db8091d4c419 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MD5: 01d292a94a0e9878d9357d21693f99bb C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MD5: 51c4771e92603a8305bf41d116a9feca C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Shared.dll
MD5: 5206b8afad59633277f77c1350eff226 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MD5: c835ac4f2cd334eaa7afff42697591ab C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MD5: b2b735f0d825f46198df3c959290ec45 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MD5: 46b2da8799a33325eb043b30cdc17693 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.shared.dll
MD5: fede6d43177493eba0d2ed3af20c334a C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MD5: a93c931e2175ece3038b59bc06d80491 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MD5: 1781e7dd6b4dcc5723779220a18e0ca8 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MD5: d70a2ba384e85403a13bda29e9a49b2e C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MD5: 492d60ec6710669c48e6da45d3cac1b6 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Dashboard.dll
MD5: 5a5aaaf6351b785e030f0bbb520b6d44 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Runtime.dll
MD5: 2dd8df9113ceb51b2ce2472bec679c12 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.shared.dll
MD5: f65789cd58001ce169eb10195b20d621 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MD5: 7c41caa7a37854b4305922052058f221 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MD5: e4246238a94426c01306fca8cc1db117 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.VPURecover.Graphics.Shared.dll
MD5: d11e8d2907bf30f7ee5231cbd98f9599 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MD5: 5d45652904eea1f0aeec5269ea008675 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Welcome.Graphics.Runtime.dll
MD5: 23aceb200a3c87a34001d4f41738e2a4 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Welcome.Graphics.shared.dll
MD5: 64f58e05511e08081c26f51bcb125f67 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.dll
MD5: 50e57044ced24d65c7652ae669d81e51 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.Shared.dll
MD5: 25bb78c72be0fc4eb18f6974269fb0e2 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
MD5: f60a9487687953136888dcd0ad1026fe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MD5: 796f04b5e8430fe110a02736a340e531 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
MD5: f7ece384ff6628b226c1364139657d7f C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Wizard.dll
MD5: e021f3a12f73d2f64335ac9fa5a5cb20 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Wizard.Shared.dll
MD5: 443487588eee2dcb93ffe1b9ec5fc890 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Dashboard.dll
MD5: fe33b096a763bedcffeb3daa9276459d C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Runtime.dll
MD5: b0e02fdba433aee19e70424f94730d7b C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Shared.dll
MD5: cc79b8bc56f2b6f62ffff7756c90f8cb C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Wizard.dll
MD5: df68b709d60d0efa818cf94252a43ea7 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.dll
MD5: af3d521f20c41bcfce533257f7fa40cc C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.Private.dll
MD5: 44fbfa54fd9c540f402ce28f1799abf6 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.dll
MD5: ed62a0190a338c47aa50371c3b97af3d C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.dll
MD5: 9dba79d33633680b4426871c116c811c C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.Private.dll
MD5: 468fe561d7a3a6f1f14d5cf04aa55c95 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.dll
MD5: 0aad33075d65a925455daf37fde59054 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Extension.EEU.dll
MD5: 2ebaee5c10b10259b2cbc8d76c538c3e C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.dll
MD5: ff006ffef664d29538dda9498dcc9d0b C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.Private.dll
MD5: 50361ee495f055a786b1ee86bd3671f1 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.SkinFactory.dll
MD5: c69ac25e8cf1d74224675cbf65aa0918 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Systemtray.dll
MD5: 3c5c58ef178d7f1cce8c1a86713d441d C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Wizard.dll
MD5: 1abe5da9755992431f961b7e281c0a46 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Wizard.Shared.dll
MD5: a1d53d8d8faee0033df98079a9197bdc C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Wizard.Shared.Private.dll
MD5: 7c3ac676585fde54dcd9aef689333c2b C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.dll
MD5: fccbcb1f75528ca27a72f04a71e4dc09 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Private.dll
MD5: d93affaa6d03c21d4da4735ae4986a83 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.XManifest.dll
MD5: 9a7f6b70939124bc0469db3ec6b99963 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MD5: 6db95ec55124d7ddf4b1bab82f71903d C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.dll
MD5: 0deab952a0a36abcb6270fe45d3cace1 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0703.dll
MD5: 2e7fab502a8615b1aab0eab35afbca3b C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0706.dll
MD5: 40261429e4139a04d27bc9489f3ed7eb C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0709.dll
MD5: 5c281ffe91b8639a7448fcec5754e123 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0712.dll
MD5: 7f9a009e33940087fde0fa25d8aa5706 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0804.dll
MD5: 0386fad4fee556be7c263dd397d30e75 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0805.dll
MD5: acfd0d2cd67c478673f2eab1cb4d9d79 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0812.dll
MD5: 258c457aed786e5f6360a8472bf6c176 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0906.dll
MD5: 9e897687058f8a8d95ce888ac6835ad7 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0912.dll
MD5: a5c47c3e4d34aba18bee65674e53516c C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I1010.dll
MD5: 1bf1820b86f4921d42d74c922044ac18 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\Interop.WBOCXLib.dll
MD5: a82e273117d752d5fff56c8a1539a995 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.dll
MD5: 25c87a759cf5342b4246fe1910c65a63 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.dll
MD5: 93dabc67a21027d7d8bfe26a11ca6ca5 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.Private.dll
MD5: 4ee569684bc0bb518dd5c098ba1a75a0 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Private.dll
MD5: e7704cbf568815c1caa6e513387bd3f2 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
MD5: bc738d32809886f58cefc7c4534a857c C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.Foundation.dll
MD5: 1ea7db8a1c29f03a6639b47e920b94fa C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.Implementation.dll
MD5: 3b735b15c804396e071bdab4ce963710 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\NEWAEM.Foundation.dll
MD5: 892f8b08f1a7b09b7afb1fce5bbc5836 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Implementation.dll
MD5: d7aab510cc70e3b9863098463774965e C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Private.dll
MD5: dbbb63fe48c45f441f0165ffaa9a0ead C:\Program Files\AVAST Software\Avast\1033\Base.dll
MD5: e5a781e810109d38069e73659028c008 C:\Program Files\AVAST Software\Avast\1033\UILangRes.dll
MD5: 66e311cd6a9fba55aaf6d26e8199bffa C:\Program Files\AVAST Software\Avast\Aavm4h.dll
MD5: a718f0be9356554342ce7ba1d18fff5c C:\Program Files\AVAST Software\Avast\AavmRpch.dll
MD5: 47b1859a7114ba2cec510e9fdbd7e07f C:\Program Files\AVAST Software\Avast\AhAScr.dll
MD5: 6c82672611e42577b2b07a49e72985bb C:\Program Files\AVAST Software\Avast\AhResBhv.dll
MD5: 981982e3a175f931dc60107ef74f54e3 C:\Program Files\AVAST Software\Avast\AhResJs.dll
MD5: dab8f3fce714a6d675e3d036e69cf373 C:\Program Files\AVAST Software\Avast\AhResMai.dll
MD5: 1eebea23ace1889d6ba1c1c7d37cd11b C:\Program Files\AVAST Software\Avast\AhResMes.dll
MD5: 7aa9d8c998a267ce5caa4e903caed4d0 C:\Program Files\AVAST Software\Avast\AhResNS.dll
MD5: 8a88089916efdd23157dbb4a9e79dd1b C:\Program Files\AVAST Software\Avast\AhResP2P.dll
MD5: c5cc2862c4f081efe0e8c1a81f1f6125 C:\Program Files\AVAST Software\Avast\AhResStd.dll
MD5: 8bd3aa83d4b9dbb922cf1655ae388d09 C:\Program Files\AVAST Software\Avast\AhResWS.dll
MD5: a33de5c0c163d77b0c8ca6eb02b82f12 C:\Program Files\AVAST Software\Avast\ashBase.dll
MD5: 1a8e2109eec95e3f721cca31e472eab0 C:\Program Files\AVAST Software\Avast\ashMaiSv.dll
MD5: 17154c42a5456364fa347e3ead7a6d2c C:\Program Files\AVAST Software\Avast\ashServ.dll
MD5: 8031ca4620cdfc2f11d0c6ac1615a825 C:\Program Files\AVAST Software\Avast\ashShell.dll
MD5: 2be6e4e89ec6427d714452310ba85c60 C:\Program Files\AVAST Software\Avast\ashTask.dll
MD5: 3d1aeb7286494687b1c8c0f8bd8f2970 C:\Program Files\AVAST Software\Avast\ashTaskEx.dll
MD5: d1ab297ac3b2e8e7331be1431a6c91e3 C:\Program Files\AVAST Software\Avast\ashWebSv.dll
MD5: bd55cc542e83a1b269b83ee852303d23 C:\Program Files\AVAST Software\Avast\ashWsFtr.dll
MD5: d7c07dbbbfb79da44c1e48ee9b1e8114 C:\Program Files\AVAST Software\Avast\aswAux.dll
MD5: 9cc01ae4fa1b79199ad6ad3c6b1c0a7b C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
MD5: 5219f4819c46e3b19ae7d60b03266db4 C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
MD5: 2dad4523a6374bd027b1788840e44c26 C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
MD5: 2ef0199d5ea4b05cbd7bf5b33ab624d0 C:\Program Files\AVAST Software\Avast\aswData.dll
MD5: b5f186d148edd7a29d9169b8fcff281e C:\Program Files\AVAST Software\Avast\aswDld.dll
MD5: ec2b57d3be2a5fa938d50bf9d5c52f0b C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
MD5: 8e3c04cb60d582ee0bb95245afbfc986 C:\Program Files\AVAST Software\Avast\aswIdle.dll
MD5: a96991acc3db5c73aeb0e2cdc7f6b19d C:\Program Files\AVAST Software\Avast\aswJsFlt.dll
MD5: 586faeeee2dbd8364f174254bf5d65fe C:\Program Files\AVAST Software\Avast\aswLog.dll
MD5: 302eda53097b7e1d56b221485ea63ac5 C:\Program Files\AVAST Software\Avast\aswProperty.dll
MD5: 3eafd8472ac9802260dd206569eeebd9 C:\Program Files\AVAST Software\Avast\aswSqLt.dll
MD5: 067232b48472353aa5391f696b53f521 C:\Program Files\AVAST Software\Avast\aswStrm.dll
MD5: 76315880bb6688e840b4d93e134a6765 C:\Program Files\AVAST Software\Avast\aswUtil.dll
MD5: 5bda46ace462ab52f79a3ea45f513cf8 C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
MD5: c76769f246250edad34a5581419e9d60 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
MD5: e2b4488830b9f047930bb5fe0e4fd71b C:\Program Files\AVAST Software\Avast\AvastUI.exe
MD5: ec8ef68b248c17218e6060d5837a45e4 C:\Program Files\AVAST Software\Avast\CommonRes.dll
MD5: 1b80ba51029e2d7889b16740835333d7 C:\Program Files\AVAST Software\Avast\defs\11102001\algo.dll
MD5: 8f9112cf6dc4bf1a22ff80fc43111b37 C:\Program Files\AVAST Software\Avast\defs\11102001\arPot.dll
MD5: f71126735b75672c044b1181dcf6a618 C:\Program Files\AVAST Software\Avast\defs\11102001\aswCmnBS.dll
MD5: e3e8bc6b2d6cd2cf0d99355e76c89166 C:\Program Files\AVAST Software\Avast\defs\11102001\aswCmnIS.dll
MD5: 534f0fa25bcd9398103428164bb81479 C:\Program Files\AVAST Software\Avast\defs\11102001\aswCmnOS.dll
MD5: 3558754e54dd399184b9677190d3ac7a C:\Program Files\AVAST Software\Avast\defs\11102001\aswEngin.dll
MD5: 1919a92b594b687ff46dc0cbcaf3264e C:\Program Files\AVAST Software\Avast\defs\11102001\aswRep.dll
MD5: 00f8c414b807924fdc8fbe9683be72fd C:\Program Files\AVAST Software\Avast\defs\11102001\aswScan.dll
MD5: afc8ed3ab0a8b4ac5f2fbc1f9cca4b30 C:\Program Files\AVAST Software\Avast\defs\11102001\uiExt.dll
MD5: 7b809dac75fe322aa789c5d0dc3f6a34 C:\Program Files\AVAST Software\Avast\snxhk.dll
MD5: 7db297fdfa8fa15b540c2a923f3abc2e c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll
MD5: c0ead9f8ab83d41ff07303c75589c2b8 C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
MD5: fb4c7b747d17882f8c5e3644cf07012f C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll
MD5: 6e1f534ea74f693cd99733494ee63ab8 C:\Program Files\Creative\Shared Files\CTAudSvc.exe
MD5: 36143067e041a98083fb204dac49293c C:\Program Files\dcmsvc\dcmsvc.exe
MD5: 8eb0a2a9040cf4b66690fc80ca355902 C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 1115eea4ae0da72e416b210adba424a2 C:\Program Files\Internet Explorer\xpshims.dll
MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe
MD5: 344f1dca40af0304619d32f9569427dc C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
MD5: 6fbb5678cd74cffadb360ce2c00a464c C:\Program Files\Skype\Toolbars\Shared\SkypePnr.dll
MD5: a505d809c1e63e963668993e598f6bc0 C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: 2849f13593d2712ccb97ffbdd3c1232e C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MD5: d49a19d8d27b1fe7761ba3c11fc9a149 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MD5: 516fd7927172bbbe2d335ea94d816b9e C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MD5: a093e1fd3d1338d3c0ef45df07e18462 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MD5: 5f37bc7efa94df2cceba0220641834a6 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MD5: f8a84311b7f3adc0732fca6774622b2f C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
MD5: 5f4ddb1a6d77eba78b408b8016b10d43 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MD5: 01d92f377f7afa834b4a3be41a28fd17 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MD5: 7400c2b29c0024ebc98b94f3ae6034d5 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MD5: f0aff96456d7f1427c804b779e9c79bd C:\WINDOWS\CTDCRES.DLL
MD5: 6a3ad6dabe21b7f0d19c3072c02f9d52 C:\WINDOWS\Downloaded Program Files\CTPIDPDE.ocx
MD5: 823451876778f382b23afe20ef2ddc20 C:\WINDOWS\Downloaded Program Files\qsax.dll
MD5: 2bac92e8ac5e16ed60062e9141b8d5f6 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
MD5: bf88feadc7786ea328bdcc5cb116de89 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: 59e3a980f3485b30ce9a987e469b41c5 C:\WINDOWS\system32\Ati2edxx.dll
MD5: f5cd05d910bbb92d8d8bf619cb959c74 C:\WINDOWS\system32\Ati2evxx.dll
MD5: 7c972863197eae82f1b0a927179c37d5 C:\WINDOWS\system32\ati2evxx.exe
MD5: 062a7bf23c98419c64f42ed6161d8b05 C:\WINDOWS\system32\atiadlxx.dll
MD5: 9117aaa6b7685a60226c85512de00cb1 C:\WINDOWS\system32\atipdlxx.dll
MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll
MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll
MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll
MD5: be369da2dda97258303abf1b36b40fa4 C:\WINDOWS\system32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\System32\CSCDLL.dll
MD5: 2a9e427681169f02274ad8c17d52fa2d C:\WINDOWS\system32\CSRSRV.dll
MD5: 6d46d7472cd3ca3303409dfde227fd66 C:\WINDOWS\system32\ctagent.dll
MD5: c3a3af562ad5e1186cd0b4a32aa7aa35 C:\WINDOWS\SYSTEM32\CTDC0001.DLL
MD5: 84d2839dc7e6bee33be189c647e77089 C:\WINDOWS\SYSTEM32\CTDCIFCE.DLL
MD5: 187986f58a45421a28d3957645261bbf C:\WINDOWS\SYSTEM32\CTDPROXY.DLL
MD5: 9ee38b5af893d1cc8955b6bcdf5e758d C:\WINDOWS\system32\CtHelper.exe
MD5: 32d23b61cac5a2b40ed8d782f6cebb2c C:\WINDOWS\SYSTEM32\ctosuser.dll
MD5: 02f8ef97bd45c1e356feb9de116ceba4 C:\WINDOWS\system32\ctspkhlp.dll
MD5: ba4fae191f66b1183ec5fc8f3d9ec4ff C:\WINDOWS\system32\CTSVCCDA.EXE
MD5: 0607cbc6fa20114cb491efe4b2f9efad C:\WINDOWS\system32\d3d9.dll
MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll
MD5: 78e862846112347eee8214b649ae563f C:\WINDOWS\system32\dispex.dll
MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll
MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys
MD5: 8e280e25a7a3ca8f5f35946cdf41d434 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
MD5: dc6957811ff95f2dd3004361b20d8d3f C:\WINDOWS\system32\drivers\AtiHdmi.sys
MD5: ef44c32b1aef62380426b260bf2c66f1 C:\WINDOWS\system32\drivers\COMMONFX.SYS
MD5: 357c534b38019b597f51c8bf7186c118 C:\WINDOWS\system32\drivers\ctac32k.sys
MD5: 691f8259a1f9c983356d8db2cde8043c C:\WINDOWS\system32\drivers\ctaud2k.sys
MD5: 7fc78aa6521ef3d9f16e51efab0bf13b C:\WINDOWS\system32\drivers\CTAUDFX.SYS
MD5: 8545d70b0335a05498f34e7e3f8ca9a2 C:\WINDOWS\system32\drivers\ctdvda2k.sys
MD5: 16f448354067914e7deaea709011bd60 C:\WINDOWS\system32\drivers\CTERFXFX.SYS
MD5: b4f6b60feed3eb5f85be85e8fa4c0cc1 C:\WINDOWS\system32\DRIVERS\ctgame.sys
MD5: ae896073e1bbf98fefc2ec52f62c0fba C:\WINDOWS\system32\drivers\ctoss2k.sys
MD5: 4d71541283aea28fb839007be90b5fc7 C:\WINDOWS\system32\drivers\ctprxy2k.sys
MD5: 64c83684661be137023f5186a612cf34 C:\WINDOWS\system32\drivers\CTSBLFX.SYS
MD5: 632194572ebde8d461728cf382a7e964 C:\WINDOWS\system32\drivers\ctsfm2k.sys
MD5: bacd9cc06d7a787e529e7ebf56b671aa C:\WINDOWS\system32\drivers\emupia2k.sys
MD5: 57c171ea22f0a7f068fcb0caedd1e8e7 C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
MD5: f44461e66f1b7dd267957fe9baa63ed0 C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
MD5: 61a973f60e94a551ba7b15f3460444fb C:\WINDOWS\system32\DRIVERS\ew_usbenumfilter.sys
MD5: f547f862b8907f1bcbd9b72a72a6449e C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
MD5: fb54f67974d13d73be3e2f1df042d295 C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
MD5: 70606233f3ed0e53cb3ea17f846d6a4f C:\WINDOWS\system32\drivers\ha10kx2k.sys
MD5: a0c69ad2a61e576b0207acdd9626e167 C:\WINDOWS\system32\drivers\hap16v2k.sys
MD5: 2ee89452c574d259ada4fc9fc1c07243 C:\WINDOWS\system32\drivers\hap17v2k.sys
MD5: 4e10e84320a8ec1c12bd0d00973b22ab C:\WINDOWS\system32\drivers\mdvrmng.sys
MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\system32\DRIVERS\ndistapi.sys
MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys
MD5: a5d4eae27e68625296d685a786897491 C:\WINDOWS\system32\DRIVERS\yk51x86.sys
MD5: b20dd954d1ad81e47018a2033e233a32 C:\WINDOWS\system32\E_FLBFBE.DLL
MD5: f5b754cdea20bbb3a31e16a776ede6d6 C:\WINDOWS\system32\ESENT.dll
MD5: 0217cd51d55ca3e693a682664d3de2bf C:\WINDOWS\system32\ieframe.dll
MD5: aaf56985933f7d3e953e1b994d22e4f4 C:\WINDOWS\system32\iepeers.dll
MD5: 7cfdeb1560eacad6006d653ec55d12d0 C:\WINDOWS\system32\iertutil.dll
MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll
MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll
MD5: 9fad7dff67555ff1e06bc4a3893024a7 C:\WINDOWS\System32\logon.scr
MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll
MD5: bd007d624e4cd905ab2e8df2c6de891c C:\WINDOWS\system32\Macromed\Flash\Flash11c.ocx
MD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\system32\MFC42.dll
MD5: 9e0d70607f833470963672d170bc035d C:\WINDOWS\system32\msfeeds.dll
MD5: 4963cb503600fc3bcbdbfba51fba1fac C:\WINDOWS\system32\mshtml.dll
MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll
MD5: 140ef97b64f560fd78643cae2cdad838 C:\WINDOWS\system32\mspmsnsv.dll
MD5: 29bd913d8fd1feb6728dc9b43b55c1d2 C:\WINDOWS\system32\MSRATING.dll
MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\System32\mswsock.dll
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\system32\NETSHELL.dll
MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll
MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll
MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll
MD5: 20200ee3cfe10e9f0c028d8653be11c6 C:\WINDOWS\system32\OLEACC.dll
MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll
MD5: cec69248edffdd62b3d79ddcdcc89c21 C:\WINDOWS\SYSTEM32\PIAPROXY.DLL
MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll
MD5: abeedd547e939ad827b2e29dec754206 C:\WINDOWS\system32\schannel.dll
MD5: 8bcd11d38fce43a519246a91cc40de6a C:\WINDOWS\system32\security.dll
MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll
MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll
MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll
MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll
MD5: 31b6e9e116a3d6f8eb13202c9b5db403 C:\WINDOWS\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll
MD5: 1a377838b4b468e37c3eeb5baa24f925 C:\WINDOWS\system32\WININET.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll
MD5: 95cf3446911a6e25ee4086df8a45b2aa C:\WINDOWS\system32\winsrv.dll
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll

The following file(s) must be uploaded for server-side scanning:
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\system32\ati2evxx.exe

Upload started - 2 file(s)
CTAudSvc.exe (286720)
ati2evxx.exe (647168)
Upload speed - 30 KB/s
Upload finished - 2 uploaded, 0 failed

The uploaded file(s) were found clean.

Scan finished - communication took 31 sec
Total traffic - 0.92 MB sent, 1.15 KB recvd
Scanned 682 files and modules - 67 seconds

==============================================================================

Procexp Log

Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 98.44 0 K 28 K
procexp.exe 1288 1.56 11,376 K 15,988 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
wuauclt.exe 1620 2,492 K 4,504 K Windows Update Microsoft Corporation
wmiprvse.exe 136 2,692 K 5,372 K WMI Microsoft Corporation
winlogon.exe 756 8,916 K 6,788 K Windows NT Logon Application Microsoft Corporation
wdfmgr.exe 1884 1,796 K 2,308 K Windows User Mode Driver Manager Microsoft Corporation
Warner Bros. Digital Copy Manager.exe 1012 39,212 K 47,120 K
System 4 0 K 256 K
svchost.exe 1180 23,088 K 35,104 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1004 3,292 K 5,372 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1072 2,116 K 4,828 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1268 1,640 K 4,112 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1368 5,472 K 7,444 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 120 1,636 K 4,336 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 3652 1,864 K 3,968 K Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 284 3,580 K 5,468 K Spooler SubSystem App Microsoft Corporation
smss.exe 664 176 K 432 K Windows NT Session Manager Microsoft Corporation
services.exe 800 2,080 K 4,016 K Services and Controller app Microsoft Corporation
notepad.exe 172 1,372 K 588 K Notepad Microsoft Corporation
MOM.exe 1916 25,304 K 4,108 K Catalyst Control Center: Monitoring program Advanced Micro Devices Inc.
lsass.exe 812 4,248 K 968 K LSA Shell (Export Version) Microsoft Corporation
iexplore.exe 2384 134,588 K 148,592 K Internet Explorer Microsoft Corporation
iexplore.exe 3168 11,492 K 4,768 K Internet Explorer Microsoft Corporation
iexplore.exe 3924 82,992 K 92,520 K Internet Explorer Microsoft Corporation
iexplore.exe 1284 70,248 K 78,636 K Internet Explorer Microsoft Corporation
explorer.exe 540 19,656 K 30,244 K Windows Explorer Microsoft Corporation
dcmsvc.exe 1940 912 K 2,580 K
CTSVCCDA.EXE 516 708 K 1,856 K Creative Service for CDROM Access Creative Technology Ltd
CtHelper.exe 1896 4,192 K 6,736 K CtHelper Application Creative Technology Ltd
ctfmon.exe 596 1,188 K 3,732 K CTF Loader Microsoft Corporation
CTAudSvc.exe 116 1,132 K 3,208 K Creative Audio Service Creative Technology Ltd
csrss.exe 716 1,732 K 4,120 K Client Server Runtime Process Microsoft Corporation
CCC.exe 2116 41,484 K 12,340 K Catalyst Control Center: Host application ATI Technologies Inc.
BecHelperService.exe 1508 1,640 K 5,628 K
AvastUI.exe 1956 4,540 K 3,076 K avast! Antivirus AVAST Software
AvastSvc.exe 1512 12,000 K 1,328 K avast! Service AVAST Software
ati2evxx.exe 984 2,224 K 3,832 K ATI External Event Utility EXE Module ATI Technologies Inc.
ati2evxx.exe 1536 2,960 K 5,396 K ATI External Event Utility EXE Module ATI Technologies Inc.
alg.exe 2944 1,468 K 4,072 K Application Layer Gateway Service Microsoft Corporation


Windows update does seem to be running in the background but it is repeatedly attempting to install "Windows Malicious Software Removal Tool" - The install completes succesfully then a few second later is ready to be installed again.

Thanks
  • 0

#12
RKinner
Posted 20 October 2011 - 10:46 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
See if you can download and run it yourself:

http://www.microsoft...ails.aspx?id=16

Ron
  • 0

#13
amberleaf
Posted 20 October 2011 - 02:56 PM

amberleaf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Downloaded it and ran it. Is still attempting to install it repeatedly via automatic updates.

Something is severley draining my bandwidth too..

Thanks
  • 0

#14
RKinner
Posted 20 October 2011 - 03:14 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
See if http://support.microsoft.com/kb/910339 will help. When I went to it it offered to run a Fix-it program to clean up the problem.
  • 0

#15
amberleaf
Posted 21 October 2011 - 02:08 PM

amberleaf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi, yeah I tried that Microsoft fix and it is still coming up for install, I will read through the Microsoft forums and try and sort the issue out. From what I gather it's quite a common problem.

Something is still draining my bandwidth though, very slow a lot of the time. Really sorry to be a nuisance.. Here is an updated OTL log if that helps at all?

Thanks


OTL logfile created on: 10/21/2011 20:57:20 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.47% Memory free
3.85 Gb Paging File | 3.03 Gb Available in Paging File | 78.78% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 36.52 Gb Free Space | 47.63% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 148.78 Gb Free Space | 99.82% Space Free | Partition Type: NTFS
Drive E: | 6.94 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 953.73 Mb Total Space | 824.73 Mb Free Space | 86.47% Space Free | Partition Type: FAT

Computer Name: ORGANIZA-49CABA | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/20 18:17:44 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2011/10/19 18:25:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
PRC - [2011/10/18 14:57:50 | 001,740,696 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2011/10/18 14:57:50 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2011/10/17 18:18:23 | 004,615,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/09/06 21:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 21:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/08 17:04:02 | 000,142,848 | ---- | M] () -- C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
PRC - [2010/03/18 19:17:48 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/21 20:09:55 | 001,600,512 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11102101\algo.dll
MOD - [2011/10/21 14:48:06 | 000,239,432 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11102101\aswRep.dll
MOD - [2011/10/21 13:05:34 | 001,599,488 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11102100\algo.dll
MOD - [2011/10/21 12:48:22 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/10/21 12:48:22 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/10/21 12:22:11 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/10/21 12:22:11 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/10/20 18:06:39 | 001,599,488 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11102002\algo.dll
MOD - [2011/10/20 00:24:36 | 000,239,432 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11102100\aswRep.dll
MOD - [2011/10/20 00:24:36 | 000,239,432 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11102002\aswRep.dll
MOD - [2011/10/18 14:57:50 | 001,740,696 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
MOD - [2011/07/08 17:04:02 | 000,142,848 | ---- | M] () -- C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
MOD - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/10/20 18:17:44 | 000,067,024 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/10/18 14:57:50 | 001,740,696 | ---- | M] () [Auto | Running] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2011/10/18 14:57:50 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2011/09/06 21:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/08 16:15:13 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)


========== Driver Services (SafeList) ==========

DRV - [2011/09/26 12:21:00 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2011/09/26 12:21:00 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2011/09/06 21:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 21:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 21:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 21:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 21:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 21:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 21:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/08/16 17:48:30 | 000,059,080 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/20 03:41:56 | 006,537,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/03/23 16:17:48 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2011/03/23 16:15:48 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2011/03/23 16:15:48 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/03/23 16:15:48 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011/03/23 16:15:48 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/03/23 16:15:48 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2010/03/18 20:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 20:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 20:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 20:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 20:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 20:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 20:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 20:40:56 | 000,018,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2010/03/18 20:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 20:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010/03/18 20:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2006/11/22 08:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)



O1 HOSTS File: ([2011/10/19 18:15:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Warner Bros.lnk = C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15117/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CD9530E-F597-4DD4-9B50-E7F7B95E7D81}: NameServer = 145.253.2.11,194.168.4.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7ADB3A2D-30BE-4420-B9AE-E0C3ABDF3DF9}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/07 13:27:40 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/21 15:11:43 | 000,000,027 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/10/21 16:06:19 | 000,450,352 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Admin\Desktop\FixitCenter_Run.exe
[2011/10/21 12:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\SUPERAntiSpyware.com
[2011/10/21 12:21:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/10/21 12:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/10/21 12:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/10/21 12:21:03 | 012,866,632 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Admin\Desktop\SUPERAntiSpyware.exe
[2011/10/21 11:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\STOPzilla
[2011/10/21 11:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/10/21 11:14:04 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/10/21 01:16:21 | 071,661,064 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Admin\Desktop\msert.exe
[2011/10/21 01:09:32 | 000,347,920 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Admin\Desktop\MicrosoftFixit.wu.Run.exe
[2011/10/21 01:06:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\ElevatedDiagnostics
[2011/10/21 01:06:13 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/10/21 01:05:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/10/21 01:05:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/10/20 19:41:35 | 015,293,896 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Admin\Desktop\windows-kb890830-v4.1.exe
[2011/10/20 18:17:40 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/10/20 18:17:40 | 000,480,720 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/10/20 18:17:40 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/10/20 18:17:40 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/10/20 18:17:40 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/10/20 18:17:38 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/10/20 18:17:38 | 000,456,144 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/10/20 18:17:38 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/10/20 18:17:38 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/10/20 18:17:38 | 000,103,888 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/10/20 18:17:38 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/10/20 18:17:38 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/10/20 17:20:14 | 004,845,856 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Admin\Desktop\procexp.exe
[2011/10/20 15:22:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/20 13:59:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/20 13:59:18 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/20 13:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/20 13:59:02 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Admin\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/20 10:08:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/10/20 10:08:14 | 000,320,856 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/10/20 10:08:14 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/10/20 10:08:12 | 000,442,200 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/10/20 10:08:12 | 000,052,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/10/20 10:08:12 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/10/20 10:08:11 | 000,110,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/10/20 10:08:11 | 000,104,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/10/20 10:08:11 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/10/20 10:07:55 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/10/20 10:07:54 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/10/19 21:33:48 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Admin\Desktop\VEW.exe
[2011/10/19 21:09:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/10/19 18:25:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2011/10/19 18:17:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/19 14:39:56 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Admin\Desktop\aswMBR.exe
[2011/10/19 14:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\tdsskiller
[2011/10/19 14:04:28 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsec.sys
[2011/10/19 14:02:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/19 13:59:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/19 13:59:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/19 13:59:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/19 13:59:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/19 13:59:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/19 13:57:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/19 13:56:20 | 004,268,137 | R--- | C] (Swearware) -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2011/10/19 13:55:38 | 001,559,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Admin\Desktop\TDSSKiller.exe
[2011/10/18 15:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\QuickScan
[2011/10/18 15:35:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2011/10/18 15:35:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/18 14:46:03 | 002,002,320 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Admin\Desktop\HousecallLauncher.exe
[2011/10/18 14:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/10/18 14:37:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/10/18 14:35:46 | 000,603,648 | ---- | C] (iS3, Inc.) -- C:\Documents and Settings\Admin\Desktop\STOPzilla_Setup.exe
[2011/10/18 14:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/10/18 14:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/10/18 14:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/10/18 14:23:25 | 038,357,400 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Admin\Desktop\spdoc.exe
[2011/10/18 10:58:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2011/10/18 10:41:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2011/10/18 10:41:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive
[2011/10/18 10:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2011/10/18 10:41:02 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2011/10/18 10:41:02 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2011/10/18 10:41:02 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2011/10/18 10:41:02 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2011/10/18 10:41:02 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2011/10/18 10:41:01 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2011/10/18 10:41:01 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2011/10/18 10:41:01 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2011/10/18 10:41:01 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2011/10/18 10:41:00 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2011/10/18 10:41:00 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2011/10/18 10:41:00 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2011/10/18 10:41:00 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2011/10/18 10:40:59 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2011/10/18 10:40:59 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2011/10/18 10:40:59 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2011/10/18 10:40:58 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2011/10/18 10:40:58 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2011/10/18 10:40:58 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2011/10/18 10:40:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011/10/18 10:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/10/18 09:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/09/27 21:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\uPlayer
[2011/09/27 21:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\uPlayer
[2011/09/27 21:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\uPlayer
[2011/09/27 21:04:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\Administrative Tools
[2011/09/26 12:21:00 | 000,061,328 | R--- | C] (iS3 Inc.) -- C:\WINDOWS\System32\drivers\SZKG.sys
[2011/09/26 12:21:00 | 000,061,328 | R--- | C] (iS3 Inc.) -- C:\WINDOWS\System32\drivers\is3srv.sys
[2011/09/22 21:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Skype
[2011/09/22 21:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/09/22 21:37:30 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/09/22 21:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/09/22 21:34:42 | 001,029,000 | ---- | C] (Skype Technologies S.A.) -- C:\Documents and Settings\Admin\Desktop\SkypeSetup.exe
[2010/03/18 19:18:32 | 000,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2010/03/18 18:59:50 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/21 16:06:19 | 000,450,352 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Admin\Desktop\FixitCenter_Run.exe
[2011/10/21 12:59:25 | 000,000,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2011/10/21 12:49:12 | 000,000,584 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/10/21 12:48:09 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/21 12:47:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/21 12:46:19 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000001-00001102-00000004-10071102}.rfx
[2011/10/21 12:46:19 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000001-00001102-00000004-10071102}.rfx
[2011/10/21 12:46:19 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000001-00001102-00000004-10071102}.rfx
[2011/10/21 12:46:19 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000001-00001102-00000004-10071102}.rfx
[2011/10/21 12:46:19 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000001-00001102-00000004-10071102}.rfx
[2011/10/21 12:45:47 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000001-00001102-00000004-10071102}.CDF
[2011/10/21 12:45:47 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000001-00001102-00000004-10071102}.BAK
[2011/10/21 12:21:32 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/21 12:21:03 | 012,866,632 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Admin\Desktop\SUPERAntiSpyware.exe
[2011/10/21 10:38:50 | 004,268,137 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2011/10/21 01:16:35 | 071,661,064 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Admin\Desktop\msert.exe
[2011/10/21 01:09:36 | 000,347,920 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Admin\Desktop\MicrosoftFixit.wu.Run.exe
[2011/10/20 21:46:26 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\World of Warcraft.lnk
[2011/10/20 19:41:35 | 015,293,896 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Admin\Desktop\windows-kb890830-v4.1.exe
[2011/10/20 18:17:40 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/10/20 18:17:40 | 000,480,720 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/10/20 18:17:40 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/10/20 18:17:40 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/10/20 18:17:40 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/10/20 18:17:38 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/10/20 18:17:38 | 000,456,144 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/10/20 18:17:38 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/10/20 18:17:38 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/10/20 18:17:38 | 000,103,888 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/10/20 18:17:38 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/10/20 18:17:38 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/10/20 17:20:14 | 004,845,856 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Admin\Desktop\procexp.exe
[2011/10/20 13:59:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/20 13:59:02 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Admin\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/20 10:08:15 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/10/20 10:08:12 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/10/20 09:57:21 | 059,854,808 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\setup_av_free_cnet.exe
[2011/10/19 21:33:48 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Admin\Desktop\VEW.exe
[2011/10/19 21:17:27 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\MBR.dat
[2011/10/19 18:25:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2011/10/19 18:15:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/19 14:39:58 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Admin\Desktop\aswMBR.exe
[2011/10/19 14:33:56 | 001,540,631 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\tdsskiller.zip
[2011/10/19 14:02:08 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/19 13:55:38 | 001,559,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Admin\Desktop\TDSSKiller.exe
[2011/10/18 18:44:54 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Internet Explorer Troubleshooting.url
[2011/10/18 18:35:24 | 000,104,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/18 15:59:31 | 000,246,439 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\census.cache
[2011/10/18 15:59:30 | 000,183,580 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\ars.cache
[2011/10/18 15:51:55 | 000,000,610 | ---- | M] () -- C:\WINDOWS\DCEBOOT.RST
[2011/10/18 15:19:09 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2011/10/18 15:19:09 | 000,022,032 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2011/10/18 14:46:25 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\housecall.guid.cache
[2011/10/18 14:46:17 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Admin\Desktop\HousecallLauncher.exe
[2011/10/18 14:35:51 | 000,603,648 | ---- | M] (iS3, Inc.) -- C:\Documents and Settings\Admin\Desktop\STOPzilla_Setup.exe
[2011/10/18 14:25:06 | 000,643,236 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/10/18 14:23:31 | 038,357,400 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Admin\Desktop\spdoc.exe
[2011/10/18 10:03:34 | 001,264,572 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Red_Faction_Guerrilla_keygen.exe
[2011/10/16 12:10:06 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/16 00:39:37 | 000,433,108 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/16 00:39:37 | 000,067,938 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/16 00:36:10 | 048,324,552 | ---- | M] () -- C:\WINDOWS\System32\MRT.exe
[2011/10/03 09:35:11 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/09/27 21:12:07 | 000,001,549 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\uPlayer.lnk
[2011/09/26 12:21:00 | 000,061,328 | R--- | M] (iS3 Inc.) -- C:\WINDOWS\System32\drivers\SZKG.sys
[2011/09/26 12:21:00 | 000,061,328 | R--- | M] (iS3 Inc.) -- C:\WINDOWS\System32\drivers\is3srv.sys
[2011/09/26 11:41:20 | 000,611,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll
[2011/09/26 11:41:20 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll
[2011/09/22 21:37:36 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/09/22 21:35:25 | 001,029,000 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\Admin\Desktop\SkypeSetup.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/21 12:59:15 | 000,000,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2011/10/21 12:49:08 | 000,000,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/10/21 12:21:32 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/20 13:59:22 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/20 10:08:15 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/10/20 09:57:19 | 059,854,808 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\setup_av_free_cnet.exe
[2011/10/19 14:44:51 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\MBR.dat
[2011/10/19 14:34:26 | 001,540,631 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\tdsskiller.zip
[2011/10/19 14:02:08 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/19 14:02:07 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/19 13:59:16 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/19 13:59:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/19 13:59:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/19 13:59:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/19 13:59:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/18 18:44:54 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Internet Explorer Troubleshooting.url
[2011/10/18 15:05:19 | 004,931,577 | ---- | C] () -- C:\WINDOWS\{00000002-00000000-00000001-00001102-00000004-10071102}.BAK
[2011/10/18 15:00:20 | 000,000,610 | ---- | C] () -- C:\WINDOWS\DCEBOOT.RST
[2011/10/18 14:57:50 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2011/10/18 14:57:50 | 000,022,032 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2011/10/18 14:53:03 | 000,246,439 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\census.cache
[2011/10/18 14:52:58 | 000,183,580 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\ars.cache
[2011/10/18 14:46:25 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\housecall.guid.cache
[2011/10/18 14:24:55 | 000,643,236 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/10/18 10:03:26 | 001,264,572 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Red_Faction_Guerrilla_keygen.exe
[2011/09/27 21:12:07 | 000,001,549 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\uPlayer.lnk
[2011/09/22 21:37:36 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/09/15 16:52:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2011/09/07 16:27:42 | 000,067,156 | ---- | C] () -- C:\WINDOWS\Huawei ModemsUninstall.exe
[2011/09/07 16:27:38 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys
[2011/09/03 11:37:17 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/26 17:33:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2011/08/06 20:48:50 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/06/08 17:24:46 | 048,324,552 | ---- | C] () -- C:\WINDOWS\System32\MRT.exe
[2011/06/08 14:59:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/06/08 14:59:46 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/06/08 14:59:46 | 000,233,012 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/06/08 14:59:46 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/06/07 13:33:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/07 13:32:42 | 000,104,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/07 12:55:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/06/07 12:49:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/05/02 23:30:50 | 001,144,147 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2011/05/02 23:27:54 | 003,935,545 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2011/05/02 21:23:46 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2011/05/02 21:19:34 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2011/05/02 21:19:20 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/04/19 22:10:32 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/03/18 22:32:44 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2011/03/18 22:29:56 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2011/03/18 22:28:30 | 001,557,504 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2011/03/18 22:27:08 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2011/03/18 22:26:44 | 000,484,864 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2011/03/18 22:25:38 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2011/03/18 22:25:24 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2011/03/03 12:40:08 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2011/03/03 12:39:56 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2011/03/03 12:39:46 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2011/03/03 12:39:34 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2011/03/03 12:39:02 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2011/03/03 12:38:54 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2011/03/03 12:38:40 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2011/03/03 12:38:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2011/03/03 12:38:04 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2011/03/03 12:37:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2011/03/03 12:37:40 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2011/03/03 12:35:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2011/03/03 12:35:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2011/02/22 20:39:04 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/02/22 20:37:30 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/08/18 20:56:38 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2010/03/18 19:59:54 | 000,050,439 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2010/03/18 19:59:50 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/03/18 19:19:58 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2010/03/18 19:17:50 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2010/03/18 19:07:54 | 000,386,852 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2010/03/18 19:07:54 | 000,051,787 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2010/03/18 19:03:12 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2010/03/18 19:02:14 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2010/03/18 19:00:42 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2010/03/18 19:00:28 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2010/03/18 19:00:28 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2010/03/18 18:59:56 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2010/03/18 18:59:56 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2010/03/18 18:59:54 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2009/08/11 22:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2009/08/11 22:21:20 | 001,021,440 | ---- | C] () -- C:\WINDOWS\System32\ac3filter_intl.dll
[2009/08/07 19:51:34 | 000,178,430 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/07/08 15:10:56 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2009/05/20 13:04:42 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\spdifer_config.exe
[2008/11/06 16:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/08/13 20:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2007/07/27 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007/07/27 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2007/07/27 13:00:00 | 000,433,108 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007/07/27 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2007/07/27 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2007/07/27 13:00:00 | 000,067,938 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007/07/27 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2007/07/27 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2007/07/27 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/07/27 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007/07/27 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2007/07/27 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/03/04 05:52:00 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\OptimFROG.dll
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP