Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

WinAntivirus 2004


  • Please log in to reply

#1
Draconian

Draconian

    Member

  • Member
  • PipPip
  • 38 posts
I was reading several posts on different subjects and decided to do the OTL log thingy. When I was rummaging around in my user App data folder I noticed a folder named "Vantage Software". When I opened the folder I found another folder named "WinAntivirus 2004". I remembered seeing something about this in another post and decided to find out if this was legit or if in fact I have a problem. I have been dealing with 100% CPU usage, predominately when I'm on the internet, and figured what the heck I probably have multiple problems so here goes.

Here's the OTL log file.

OTL logfile created on: 7/17/2012 8:49:57 AM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Dave\Desktop\Malware Removal Resources
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 61.81% Memory free
2.60 Gb Paging File | 2.03 Gb Available in Paging File | 77.79% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 437.88 Gb Free Space | 94.02% Space Free | Partition Type: NTFS
Drive F: | 149.05 Gb Total Space | 134.70 Gb Free Space | 90.37% Space Free | Partition Type: NTFS
Drive G: | 1.88 Gb Total Space | 0.69 Gb Free Space | 36.76% Space Free | Partition Type: FAT

Computer Name: DAVID | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/13 15:37:21 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\Malware Removal Resources\OTL.exe
PRC - [2012/05/15 05:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/03/06 18:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/30 16:59:34 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/17 02:34:02 | 001,783,808 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12071700\algo.dll
MOD - [2011/07/18 16:04:08 | 000,296,448 | ---- | M] () -- F:\Notepad++\NppShell_04.dll
MOD - [2010/08/15 17:08:44 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009/07/20 13:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2006/10/30 16:59:34 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
MOD - [2006/10/20 20:56:48 | 000,098,304 | ---- | M] () -- C:\Program Files\Photo Toolkit\IvBar\ivbshlext.dll
MOD - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/12 10:28:25 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/15 05:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (usbcm)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (motmodem)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (GenericMount)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (GEARAspiWDM)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/04/18 12:08:05 | 000,123,840 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2012/03/06 18:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 18:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 18:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 18:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 18:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 18:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 17:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/06/17 11:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 11:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/04/11 15:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 15:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2005/11/25 18:43:48 | 000,031,896 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2005/11/10 18:00:48 | 000,102,400 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SI3112r.sys -- (SI3112r)
DRV - [2005/09/19 09:41:00 | 000,241,280 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/11/01 12:21:32 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2004/10/22 10:41:46 | 000,413,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2004/10/22 10:38:28 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2004/08/03 23:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/06/06 17:53:16 | 000,070,656 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2003/05/14 14:42:56 | 000,021,216 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2003/05/14 14:42:50 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2003/05/14 14:42:48 | 000,005,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2003/05/14 14:42:44 | 000,044,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2002/08/28 21:59:12 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://rd.yahoo.com/...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=MIE8HMPG
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {2960D57E-094E-47A5-8F3B-A7BBDE375EAB}
IE - HKCU\..\SearchScopes\{2960D57E-094E-47A5-8F3B-A7BBDE375EAB}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;192.168.*.*

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: F:\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2010/08/12 05:38:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions
[2009/09/06 08:07:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/03/26 12:06:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2006/10/12 18:18:00 | 001,245,184 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npRACtrl.dll
[2006/10/12 18:17:00 | 000,003,072 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
[2006/02/13 13:07:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\unicows.dll
[2007/07/26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2009/11/22 17:01:09 | 000,001,216 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [ATI Launchpad] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: secureserver.net ([email02] http in Trusted sites)
O15 - HKCU\..Trusted Domains: secureserver.net ([www.email] * in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1005.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files\AutoCAD LT 2000i\AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} http://download.zone...ctor/WebAAS.cab (Anonymizer Anti-Spyware Scanner)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file://C:\Program Files\AutoCAD LT 2000i\InstFred.ocx (NOXLATE)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...672/mcfscan.cab (McFreeScan Class)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files\AutoCAD LT 2000i\AcPreview.ocx (AcPreview Control)
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} http://zone.msn.com/...rp.cab56961.cab (ChessControl Class)
O16 - DPF: ppctlcab http://www.pestscan....er/ppctlcab.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30FCCDDE-040C-4283-9638-C9C10CDA4B34}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5E385A1-391A-4D1F-BA3E-CFB3B6AD1F99}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 () - http://cdn.fastclick.../media46462.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Dark Hex.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Dark Hex.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/16 10:34:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\UltraDefrag
[2012/07/16 10:23:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dave\Recent
[2012/07/14 11:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Quarantine items
[2012/07/14 09:03:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/07/13 15:37:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Malware Removal Resources
[2012/07/12 11:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Tiles from Images
[2012/07/09 16:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Keepers
[2012/07/04 08:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Music Downloads
[2012/07/02 07:16:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\GnomeWallpapers
[2012/07/02 06:49:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Theme Making
[2012/06/30 17:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\New Patterns
[2012/06/29 14:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2012/06/29 13:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\PS Workaround
[2012/06/27 16:56:05 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/27 16:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/27 12:07:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\FixCleaner
[2012/06/27 12:07:17 | 000,000,000 | ---D | C] -- C:\Program Files\FixCleaner
[2012/06/27 12:07:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloaded Installers
[2012/06/26 17:42:05 | 000,700,416 | ---- | C] (MAGIX AG) -- C:\WINDOWS\System32\mgxoschk.dll
[2012/06/26 17:42:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MAGIX
[2012/06/26 17:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\MM
[2012/06/26 15:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Gimp Themes v1.0
[2012/06/26 11:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\FIXED_More_MM_Codes
[2012/06/26 10:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2012/06/26 08:59:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/06/24 06:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\fontconfig
[2012/06/24 06:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\gegl-0.2
[2012/06/21 13:10:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Metal Samples
[2012/06/20 12:31:12 | 000,031,232 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\System32\udefrag.exe
[2012/06/20 12:31:10 | 000,006,144 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\System32\hibernate4win.exe
[2012/06/20 12:31:06 | 000,009,728 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\System32\bootexctrl.exe
[2012/06/20 12:31:04 | 000,022,016 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\System32\wgx.dll
[2012/06/20 12:30:40 | 000,047,616 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\System32\udefrag.dll
[2012/06/20 12:30:38 | 000,065,024 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\System32\zenwinx.dll
[2012/06/20 12:30:36 | 000,115,712 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\System32\defrag_native.exe
[2012/06/19 07:36:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Lenses
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Dave\Application Data\*.tmp files -> C:\Documents and Settings\Dave\Application Data\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/17 08:40:22 | 000,008,094 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\OTL Error.jpg
[2012/07/17 08:28:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/17 08:21:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/17 06:09:46 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Gimp Chat.url
[2012/07/16 21:19:25 | 000,000,184 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2012/07/16 16:21:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/16 10:58:13 | 000,000,837 | ---- | M] () -- C:\fraglist.luar
[2012/07/16 10:34:12 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\UltraDefrag.lnk
[2012/07/16 09:27:58 | 000,003,038 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\fix_svchost.bat
[2012/07/16 08:48:33 | 000,438,208 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/16 08:48:33 | 000,070,138 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/16 08:44:57 | 000,012,688 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/16 08:44:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/16 07:34:23 | 000,849,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/15 07:07:12 | 000,239,538 | ---- | M] () -- C:\Documents and Settings\Dave\.recently-used.xbel
[2012/07/15 02:19:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Driver Fetch.job
[2012/07/14 17:52:40 | 007,680,054 | ---- | M] () -- C:\WINDOWS\Dark Hex.bmp
[2012/07/14 15:35:28 | 000,014,583 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Outlook error.jpg
[2012/07/14 08:00:27 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/07/13 16:22:36 | 000,048,468 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\SysInfo.jpg
[2012/07/11 03:08:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/09 17:44:15 | 000,000,041 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2012/07/09 16:36:21 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/07 15:35:14 | 000,806,190 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Sector Nine Font.xcf
[2012/07/06 08:39:20 | 000,032,888 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\iain_fergusson.gmic
[2012/07/06 08:39:20 | 000,010,257 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\garagecoder.gmic
[2012/07/06 08:39:19 | 000,048,436 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\naggobot.gmic
[2012/07/06 08:39:18 | 000,006,831 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\gentlemanbeggar_gmic.gmic
[2012/07/06 08:39:17 | 000,047,450 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\photocomix.gmic
[2012/07/06 08:39:16 | 000,101,917 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\tomkeil.gmic
[2012/07/06 08:39:15 | 000,014,955 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\karos.gmic
[2012/07/06 08:39:15 | 000,001,415 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\ronounours.gmic
[2012/07/06 08:39:13 | 000,671,666 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\gmic_def.1516
[2012/07/06 08:38:34 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\gmic_sources.cimgz
[2012/07/03 16:15:01 | 000,008,005 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\gat_tools_0.zip
[2012/06/29 08:44:05 | 000,135,328 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Gimp_SpareParts_Default_Brush_by_photocomix_resources.jpg
[2012/06/28 13:52:31 | 000,472,896 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Andrew Filmstrip.jpg
[2012/06/27 14:01:20 | 000,003,038 | ---- | M] () -- C:\fix_svchost.bat
[2012/06/27 09:47:14 | 000,290,680 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\cc_20120627_094544.reg
[2012/06/26 17:42:08 | 000,006,211 | ---- | M] () -- C:\WINDOWS\mgxoschk.ini
[2012/06/26 15:23:16 | 000,000,158 | ---- | M] () -- C:\Documents and Settings\Dave\.gtkrc-2.0
[2012/06/26 15:18:12 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Gimp themes.lnk
[2012/06/26 08:27:25 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/06/24 06:38:05 | 000,353,675 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\recently-used.xbel
[2012/06/21 07:09:12 | 000,032,888 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\.iain_fergusson.gmic
[2012/06/21 07:09:10 | 000,048,436 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\.naggobot.gmic
[2012/06/21 07:09:09 | 000,006,831 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\.gentlemanbeggar_gmic.gmic
[2012/06/21 07:09:07 | 000,100,488 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\.tomkeil.gmic
[2012/06/21 07:09:06 | 000,001,415 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\.ronounours.gmic
[2012/06/21 07:09:05 | 000,014,955 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\.karos.gmic
[2012/06/21 07:09:03 | 000,604,277 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\.gmic_def.1500
[2012/06/20 16:13:35 | 000,659,130 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\gmic_def.1510
[2012/06/20 12:31:12 | 000,031,232 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\System32\udefrag.exe
[2012/06/20 12:31:10 | 000,006,144 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\System32\hibernate4win.exe
[2012/06/20 12:31:06 | 000,009,728 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\System32\bootexctrl.exe
[2012/06/20 12:31:04 | 000,022,016 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\System32\wgx.dll
[2012/06/20 12:30:48 | 000,093,696 | ---- | M] () -- C:\WINDOWS\System32\lua5.1a.dll
[2012/06/20 12:30:40 | 000,047,616 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\System32\udefrag.dll
[2012/06/20 12:30:38 | 000,065,024 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\System32\zenwinx.dll
[2012/06/20 12:30:36 | 000,115,712 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\System32\defrag_native.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Dave\Application Data\*.tmp files -> C:\Documents and Settings\Dave\Application Data\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/17 08:40:22 | 000,008,094 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\OTL Error.jpg
[2012/07/16 10:58:13 | 000,000,837 | ---- | C] () -- C:\fraglist.luar
[2012/07/16 10:34:12 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\UltraDefrag.lnk
[2012/07/16 10:34:12 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\UltraDefrag.lnk
[2012/07/16 09:28:04 | 000,003,038 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\fix_svchost.bat
[2012/07/15 07:07:12 | 000,239,538 | ---- | C] () -- C:\Documents and Settings\Dave\.recently-used.xbel
[2012/07/14 17:44:55 | 007,680,054 | ---- | C] () -- C:\WINDOWS\Dark Hex.bmp
[2012/07/14 15:35:28 | 000,014,583 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Outlook error.jpg
[2012/07/13 16:22:36 | 000,048,468 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\SysInfo.jpg
[2012/07/11 03:02:26 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/07/04 15:34:21 | 000,806,190 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Sector Nine Font.xcf
[2012/07/03 16:15:08 | 000,008,005 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\gat_tools_0.zip
[2012/06/29 13:56:55 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2012/06/29 08:45:53 | 000,135,328 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Gimp_SpareParts_Default_Brush_by_photocomix_resources.jpg
[2012/06/28 13:52:27 | 000,472,896 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Andrew Filmstrip.jpg
[2012/06/27 14:01:25 | 000,003,038 | ---- | C] () -- C:\fix_svchost.bat
[2012/06/27 09:46:09 | 000,290,680 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\cc_20120627_094544.reg
[2012/06/26 17:42:05 | 000,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2012/06/26 15:18:12 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Gimp themes.lnk
[2012/06/24 06:38:05 | 000,353,675 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\recently-used.xbel
[2012/06/21 14:14:19 | 000,671,666 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\gmic_def.1516
[2012/06/21 07:09:03 | 000,604,277 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.gmic_def.1500
[2012/06/20 12:30:48 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a.dll
[2012/03/31 11:16:31 | 000,010,257 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\garagecoder.gmic
[2012/03/08 14:32:22 | 000,659,130 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\gmic_def.1510
[2012/02/14 17:48:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/27 09:02:40 | 000,000,405 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\gmic_faves
[2012/01/20 12:18:45 | 000,667,109 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\gmic_def.1509
[2011/12/31 13:06:33 | 000,032,888 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\iain_fergusson.gmic
[2011/12/31 13:06:32 | 000,048,436 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\naggobot.gmic
[2011/12/31 13:06:31 | 000,047,450 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\photocomix.gmic
[2011/12/31 13:06:31 | 000,006,831 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\gentlemanbeggar_gmic.gmic
[2011/12/31 13:06:30 | 000,101,917 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\tomkeil.gmic
[2011/12/31 13:06:29 | 000,014,955 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\karos.gmic
[2011/12/31 13:06:29 | 000,001,415 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\ronounours.gmic
[2011/12/31 13:06:10 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\gmic_sources.cimgz
[2011/12/31 13:05:36 | 000,656,734 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\gmic_def.1508
[2011/12/16 13:41:06 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/12/16 13:41:06 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/12/16 13:41:06 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/12/16 13:40:55 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/12/11 09:22:22 | 000,000,101 | ---- | C] () -- C:\WINDOWS\System32\ud-boot-time.ini
[2011/11/06 23:47:05 | 000,651,432 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.gmic_def.1506
[2011/10/26 12:35:47 | 000,032,888 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.iain_fergusson.gmic
[2011/10/26 12:35:21 | 000,639,002 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.gmic_def.1505
[2011/10/21 07:58:05 | 000,160,467 | ---- | C] () -- C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
[2011/10/13 11:04:08 | 000,048,436 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.naggobot.gmic
[2011/09/27 14:07:24 | 000,635,693 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.gmic_def.1503
[2011/09/19 11:59:32 | 000,006,831 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.gentlemanbeggar_gmic.gmic
[2011/09/08 16:36:47 | 000,100,488 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.tomkeil.gmic
[2011/09/08 16:36:47 | 000,040,636 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.photocomix.gmic
[2011/09/08 16:36:46 | 000,014,955 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.karos.gmic
[2011/09/08 16:36:46 | 000,001,415 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.ronounours.gmic
[2011/09/08 16:36:24 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.gmic_faves
[2011/08/29 17:01:21 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.gmic_sources.cimgz
[2011/08/10 13:34:07 | 000,000,158 | ---- | C] () -- C:\Documents and Settings\Dave\.gtkrc-2.0
[2011/06/27 10:40:31 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/06/27 10:40:30 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/06/27 10:40:24 | 000,644,608 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/06/27 10:40:23 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/06/27 10:40:22 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/06/16 08:02:24 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2011/06/16 08:02:24 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2011/06/07 07:41:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/01 06:50:42 | 000,000,742 | R--- | C] () -- C:\WINDOWS\MSPPWSV.ini
[2011/02/21 17:35:01 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2011/02/18 15:12:45 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2011/01/07 12:09:41 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Blip.ini
[2010/10/06 12:28:35 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/09/20 09:03:35 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/03/11 07:54:13 | 000,000,041 | ---- | C] () -- C:\Documents and Settings\Dave\.gtk-bookmarks
[2009/10/31 15:10:26 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\setup_ldm.iss
[2009/10/22 08:21:18 | 000,001,753 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\QuickZip45.ini
[2009/05/01 12:06:36 | 000,000,094 | ---- | C] () -- C:\Documents and Settings\Dave\couponmanager.properties
[2008/12/10 20:18:50 | 000,060,744 | ---- | C] () -- C:\Documents and Settings\Dave\g2mdlhlpx.exe
[2007/01/20 13:18:54 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/01/06 16:59:19 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/06/26 07:21:50 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\fusioncache.dat
[2005/03/23 19:20:37 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/01/01 04:42:51 | 000,009,872 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2002/01/01 00:12:13 | 000,004,981 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe

========== LOP Check ==========

[2010/07/08 07:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/06/18 12:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/05/13 19:12:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/02/17 15:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAZ 3D
[2009/10/29 08:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/07/07 20:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FRISK Software
[2011/03/08 17:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2012/03/17 03:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2011/06/27 16:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motorola
[2005/07/07 15:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
[2011/02/21 17:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/09/07 09:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/03/08 16:56:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/07/10 13:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF reDirect
[2009/12/29 11:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2007/02/03 18:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011/02/03 13:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/05/13 19:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/07/12 14:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2009/10/31 15:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Summitsoft
[2011/06/22 15:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/08 06:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2012/05/09 11:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
[2010/04/19 15:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/06 20:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/09/14 07:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Astro Gemini Software
[2010/06/18 12:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Autodesk
[2011/10/03 13:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Blender Foundation
[2010/08/12 07:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Bytescout SWF To Video Scout
[2009/05/27 06:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Canon
[2009/10/06 14:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/18 14:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\com.zipeg
[2010/07/10 19:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\DarkWave Studio
[2012/02/17 15:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\DAZ 3D
[2009/10/29 08:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\DriverCure
[2011/06/22 15:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\ElementalsTheMagicKey
[2011/06/27 09:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\ElevatedDiagnostics
[2011/02/18 15:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\EnchantedCavern
[2011/05/20 09:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\FileZilla
[2012/02/01 13:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Filter Forge Freepack 1 - Metals
[2012/06/27 12:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\FixCleaner
[2009/09/25 09:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\FrmMain
[2012/02/06 22:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\GlarySoft
[2012/07/15 07:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\gtk-2.0
[2010/07/26 12:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\inkscape
[2006/04/16 11:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\InterVideo
[2005/06/26 07:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\IsolatedStorage
[2002/01/12 23:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\iSpring Solutions
[2010/10/07 14:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\kompozer.net
[2009/09/25 14:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Leadertech
[2011/12/08 15:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\MAGIX
[2011/06/27 16:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\motorola
[2005/05/16 18:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\MSN Search Toolbar
[2010/07/08 11:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\NCH Swift Sound
[2009/05/14 08:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\NewSoft
[2011/11/12 16:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Notepad++
[2011/02/21 13:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Oberon Media
[2010/07/10 13:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\PDF reDirect
[2012/02/20 17:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\pdfforge
[2010/12/29 16:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Sahmon Games
[2009/05/13 19:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\ScanSoft
[2008/09/19 17:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Softplicity
[2005/02/07 11:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\spweng
[2010/10/01 14:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Stellarium
[2009/10/29 19:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Summitsoft
[2004/02/10 19:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Vantage Software
[2012/03/22 16:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Wings3D
[2002/01/04 01:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\XnView
[2002/01/11 21:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\YouSendIt
[2009/10/22 17:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Zipeg
[2012/07/15 02:19:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Fetch.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33A7CC67
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F662888F
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:815D61C4
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FCAE5408
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:83DE71AA
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD

< End of report >


Sytem info attached.

EDIT: I failed to include this error message when the OTL scan completed. Not sure what it's about. "Win32 Eror. Code:1500 The event log file is corrupted."

Attached Thumbnails

  • SysInfo.jpg

Edited by Draconian, 17 July 2012 - 12:56 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi and sorry for the delay , could I have a fresh look at the system

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
Draconian

Draconian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Here's the recent OTL scan:

OTL logfile created on: 7/22/2012 4:43:49 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Dave\Desktop\Malware Removal Resources
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 73.82% Memory free
2.60 Gb Paging File | 2.28 Gb Available in Paging File | 87.49% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 436.77 Gb Free Space | 93.78% Space Free | Partition Type: NTFS
Drive F: | 149.05 Gb Total Space | 134.60 Gb Free Space | 90.31% Space Free | Partition Type: NTFS

Computer Name: DAVID | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/13 15:37:21 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\Malware Removal Resources\OTL.exe
PRC - [2012/07/03 11:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/05/15 05:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/30 16:59:34 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/22 04:50:27 | 001,787,392 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12072200\algo.dll
MOD - [2012/05/15 05:18:00 | 000,357,184 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2011/07/18 16:04:08 | 000,296,448 | ---- | M] () -- F:\Notepad++\NppShell_04.dll
MOD - [2010/08/15 17:08:44 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009/07/20 13:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2006/10/30 16:59:34 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
MOD - [2006/10/20 20:56:48 | 000,098,304 | ---- | M] () -- C:\Program Files\Photo Toolkit\IvBar\ivbshlext.dll
MOD - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/12 10:28:25 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/05/15 05:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (usbcm)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (motmodem)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (GenericMount)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (GEARAspiWDM)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/03 11:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 11:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 11:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 11:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/07/03 11:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/07/03 11:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 11:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/04/18 12:08:05 | 000,123,840 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/06/17 11:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 11:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/04/11 15:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 15:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2005/11/25 18:43:48 | 000,031,896 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2005/11/10 18:00:48 | 000,102,400 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SI3112r.sys -- (SI3112r)
DRV - [2005/09/19 09:41:00 | 000,241,280 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/11/01 12:21:32 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2004/10/22 10:41:46 | 000,413,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2004/10/22 10:38:28 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2004/08/03 23:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/06/06 17:53:16 | 000,070,656 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2003/05/14 14:42:56 | 000,021,216 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2003/05/14 14:42:50 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2003/05/14 14:42:48 | 000,005,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2003/05/14 14:42:44 | 000,044,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2002/08/28 21:59:12 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://rd.yahoo.com/...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-329068152-746137067-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-329068152-746137067-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-329068152-746137067-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-329068152-746137067-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-329068152-746137067-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=MIE8HMPG
IE - HKU\S-1-5-21-329068152-746137067-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-329068152-746137067-839522115-1004\..\SearchScopes,DefaultScope = {2960D57E-094E-47A5-8F3B-A7BBDE375EAB}
IE - HKU\S-1-5-21-329068152-746137067-839522115-1004\..\SearchScopes\{2960D57E-094E-47A5-8F3B-A7BBDE375EAB}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-329068152-746137067-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-329068152-746137067-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;192.168.*.*

IE - HKU\S-1-5-21-329068152-746137067-839522115-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: F:\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2010/08/12 05:38:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions
[2009/09/06 08:07:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/03/26 12:06:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2006/10/12 18:18:00 | 001,245,184 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npRACtrl.dll
[2006/10/12 18:17:00 | 000,003,072 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
[2006/02/13 13:07:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\unicows.dll
[2007/07/26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2009/11/22 17:01:09 | 000,001,216 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-329068152-746137067-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-329068152-746137067-839522115-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-329068152-746137067-839522115-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-329068152-746137067-839522115-1004\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-329068152-746137067-839522115-1004\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-329068152-746137067-839522115-1004\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-329068152-746137067-839522115-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-329068152-746137067-839522115-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKU\.DEFAULT..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz File not found
O4 - HKU\S-1-5-18..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz File not found
O4 - HKU\S-1-5-21-329068152-746137067-839522115-1004..\Run: [] File not found
O4 - HKU\S-1-5-21-329068152-746137067-839522115-1004..\Run: [ATI Launchpad] File not found
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-746137067-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-746137067-839522115-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKU\S-1-5-21-329068152-746137067-839522115-1004\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-329068152-746137067-839522115-1004\..Trusted Domains: secureserver.net ([email02] http in Trusted sites)
O15 - HKU\S-1-5-21-329068152-746137067-839522115-1004\..Trusted Domains: secureserver.net ([www.email] * in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1005.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files\AutoCAD LT 2000i\AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} http://download.zone...ctor/WebAAS.cab (Anonymizer Anti-Spyware Scanner)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file://C:\Program Files\AutoCAD LT 2000i\InstFred.ocx (NOXLATE)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...672/mcfscan.cab (McFreeScan Class)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files\AutoCAD LT 2000i\AcPreview.ocx (AcPreview Control)
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} http://zone.msn.com/...rp.cab56961.cab (ChessControl Class)
O16 - DPF: ppctlcab http://www.pestscan....er/ppctlcab.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30FCCDDE-040C-4283-9638-C9C10CDA4B34}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5E385A1-391A-4D1F-BA3E-CFB3B6AD1F99}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 () - http://cdn.fastclick.../media46462.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: F:\Photos & Images\Desktop Wallpaper\Gimp 2.8_Red-orange.bmp
O24 - Desktop BackupWallPaper: F:\Photos & Images\Desktop Wallpaper\Gimp 2.8_Red-orange.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/20 14:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\icons
[2012/07/17 16:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Autoruns
[2012/07/17 16:18:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\JkDefrag
[2012/07/17 14:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\PC Maintenance
[2012/07/17 14:45:10 | 029,588,048 | ---- | C] (Emsi Software GmbH ) -- C:\Documents and Settings\Dave\Desktop\OnlineArmorSetup.exe
[2012/07/17 14:16:03 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Dave\Desktop\ATF-Cleaner.exe
[2012/07/17 11:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\SUPERAntiSpyware.com
[2012/07/17 11:04:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/07/17 11:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/17 11:04:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/07/16 10:23:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dave\Recent
[2012/07/14 11:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Quarantine items
[2012/07/14 09:03:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/07/13 15:37:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Malware Removal Resources
[2012/07/12 11:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Tiles from Images
[2012/07/09 16:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Keepers
[2012/07/04 08:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Music Downloads
[2012/07/02 06:49:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Theme Making
[2012/06/30 17:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\New Patterns
[2012/06/29 14:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2012/06/29 13:56:56 | 000,032,768 | ---- | C] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\PLUGIN.DLL
[2012/06/29 13:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\PS Workaround
[2012/06/27 16:56:05 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/27 16:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/27 14:02:01 | 001,266,056 | ---- | C] (Microsoft Corporation) -- C:\WindowsXP-KB927891-v3-x86-ENU.exe
[2012/06/27 14:01:00 | 006,216,032 | ---- | C] (Microsoft Corporation) -- C:\windowsupdateagent30-x86.exe
[2012/06/27 12:07:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\FixCleaner
[2012/06/27 12:07:17 | 000,000,000 | ---D | C] -- C:\Program Files\FixCleaner
[2012/06/27 12:07:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloaded Installers
[2012/06/26 17:42:05 | 000,700,416 | ---- | C] (MAGIX AG) -- C:\WINDOWS\System32\mgxoschk.dll
[2012/06/26 17:42:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MAGIX
[2012/06/26 17:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\MM
[2012/06/26 15:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Gimp Themes v1.0
[2012/06/26 10:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2012/06/26 08:59:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/06/24 06:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\fontconfig
[2012/06/24 06:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\gegl-0.2
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Dave\Application Data\*.tmp files -> C:\Documents and Settings\Dave\Application Data\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/22 16:28:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/22 16:21:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/22 16:21:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/22 12:22:02 | 000,000,187 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2012/07/22 05:59:05 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/07/22 02:19:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Driver Fetch.job
[2012/07/21 07:46:51 | 000,045,069 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\TransGimpToolGBR_RD.zip
[2012/07/21 07:18:52 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Gimp Chat.url
[2012/07/20 16:54:05 | 001,037,940 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Gimp Header.xcf
[2012/07/20 16:54:05 | 000,268,451 | ---- | M] () -- C:\Documents and Settings\Dave\.recently-used.xbel
[2012/07/20 16:47:11 | 000,186,479 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Banner.jpg
[2012/07/20 15:25:19 | 003,884,488 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Operating-Systems-by-tatice.zip
[2012/07/20 08:10:07 | 000,000,038 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Favorites.xml
[2012/07/20 06:11:20 | 000,012,688 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/19 18:08:44 | 000,438,208 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/19 18:08:44 | 000,070,138 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/19 18:04:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/19 17:59:12 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/07/19 09:32:50 | 007,680,054 | ---- | M] () -- C:\WINDOWS\Red Hex.bmp
[2012/07/17 14:45:09 | 029,588,048 | ---- | M] (Emsi Software GmbH ) -- C:\Documents and Settings\Dave\Desktop\OnlineArmorSetup.exe
[2012/07/17 14:16:04 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Dave\Desktop\ATF-Cleaner.exe
[2012/07/17 10:16:48 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/07/17 10:16:48 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/07/17 08:40:22 | 000,008,094 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\OTL Error.jpg
[2012/07/16 10:58:13 | 000,000,837 | ---- | M] () -- C:\fraglist.luar
[2012/07/16 07:34:23 | 000,849,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/14 17:52:40 | 007,680,054 | ---- | M] () -- C:\WINDOWS\Dark Hex.bmp
[2012/07/14 15:35:28 | 000,014,583 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Outlook error.jpg
[2012/07/14 08:00:27 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/07/13 16:22:36 | 000,048,468 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\SysInfo.jpg
[2012/07/12 10:28:21 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/07/12 10:28:21 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/07/11 03:08:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/09 17:44:15 | 000,000,041 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2012/07/09 16:36:21 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/07 15:35:14 | 000,806,190 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Sector Nine Font.xcf
[2012/07/06 08:39:20 | 000,032,888 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\iain_fergusson.gmic
[2012/07/06 08:39:20 | 000,010,257 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\garagecoder.gmic
[2012/07/06 08:39:19 | 000,048,436 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\naggobot.gmic
[2012/07/06 08:39:18 | 000,006,831 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\gentlemanbeggar_gmic.gmic
[2012/07/06 08:39:17 | 000,047,450 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\photocomix.gmic
[2012/07/06 08:39:16 | 000,101,917 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\tomkeil.gmic
[2012/07/06 08:39:15 | 000,014,955 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\karos.gmic
[2012/07/06 08:39:15 | 000,001,415 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\ronounours.gmic
[2012/07/06 08:39:13 | 000,671,666 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\gmic_def.1516
[2012/07/06 08:38:34 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\gmic_sources.cimgz
[2012/07/03 11:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/07/03 11:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/07/03 11:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/07/03 11:21:53 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/07/03 11:21:53 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/07/03 11:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/07/03 11:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/07/03 11:21:52 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/07/03 11:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/07/03 11:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/06/29 08:44:05 | 000,135,328 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Gimp_SpareParts_Default_Brush_by_photocomix_resources.jpg
[2012/06/28 13:52:31 | 000,472,896 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Andrew Filmstrip.jpg
[2012/06/27 14:02:02 | 001,266,056 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB927891-v3-x86-ENU.exe
[2012/06/27 14:01:20 | 000,003,038 | ---- | M] () -- C:\fix_svchost.bat
[2012/06/27 14:01:13 | 006,216,032 | ---- | M] (Microsoft Corporation) -- C:\windowsupdateagent30-x86.exe
[2012/06/27 09:47:14 | 000,290,680 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\cc_20120627_094544.reg
[2012/06/26 17:42:08 | 000,006,211 | ---- | M] () -- C:\WINDOWS\mgxoschk.ini
[2012/06/26 15:23:16 | 000,000,158 | ---- | M] () -- C:\Documents and Settings\Dave\.gtkrc-2.0
[2012/06/26 15:18:12 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Gimp themes.lnk
[2012/06/24 06:38:05 | 000,353,675 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\recently-used.xbel
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Dave\Application Data\*.tmp files -> C:\Documents and Settings\Dave\Application Data\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/21 07:46:59 | 000,045,069 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\TransGimpToolGBR_RD.zip
[2012/07/20 16:54:05 | 000,268,451 | ---- | C] () -- C:\Documents and Settings\Dave\.recently-used.xbel
[2012/07/20 16:47:11 | 000,186,479 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Banner.jpg
[2012/07/20 15:25:19 | 003,884,488 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Operating-Systems-by-tatice.zip
[2012/07/20 14:28:08 | 001,037,940 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Gimp Header.xcf
[2012/07/20 08:10:07 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Favorites.xml
[2012/07/19 17:58:08 | 000,000,318 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/07/19 09:32:45 | 007,680,054 | ---- | C] () -- C:\WINDOWS\Red Hex.bmp
[2012/07/17 08:40:22 | 000,008,094 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\OTL Error.jpg
[2012/07/16 10:58:13 | 000,000,837 | ---- | C] () -- C:\fraglist.luar
[2012/07/14 17:44:55 | 007,680,054 | ---- | C] () -- C:\WINDOWS\Dark Hex.bmp
[2012/07/14 15:35:28 | 000,014,583 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Outlook error.jpg
[2012/07/13 16:22:36 | 000,048,468 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\SysInfo.jpg
[2012/07/11 03:02:26 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/07/04 15:34:21 | 000,806,190 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Sector Nine Font.xcf
[2012/06/29 13:56:55 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2012/06/29 08:45:53 | 000,135,328 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Gimp_SpareParts_Default_Brush_by_photocomix_resources.jpg
[2012/06/28 13:52:27 | 000,472,896 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Andrew Filmstrip.jpg
[2012/06/27 14:01:25 | 000,003,038 | ---- | C] () -- C:\fix_svchost.bat
[2012/06/27 09:46:09 | 000,290,680 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\cc_20120627_094544.reg
[2012/06/26 17:42:05 | 000,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2012/06/26 15:18:12 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Gimp themes.lnk
[2012/06/24 06:38:05 | 000,353,675 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\recently-used.xbel
[2012/06/21 14:14:19 | 000,671,666 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\gmic_def.1516
[2012/06/21 07:09:03 | 000,604,277 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.gmic_def.1500
[2012/03/31 11:16:31 | 000,010,257 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\garagecoder.gmic
[2012/03/08 14:32:22 | 000,659,130 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\gmic_def.1510
[2012/02/14 17:48:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/27 09:02:40 | 000,000,405 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\gmic_faves
[2012/01/20 12:18:45 | 000,667,109 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\gmic_def.1509
[2011/12/31 13:06:33 | 000,032,888 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\iain_fergusson.gmic
[2011/12/31 13:06:32 | 000,048,436 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\naggobot.gmic
[2011/12/31 13:06:31 | 000,047,450 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\photocomix.gmic
[2011/12/31 13:06:31 | 000,006,831 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\gentlemanbeggar_gmic.gmic
[2011/12/31 13:06:30 | 000,101,917 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\tomkeil.gmic
[2011/12/31 13:06:29 | 000,014,955 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\karos.gmic
[2011/12/31 13:06:29 | 000,001,415 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\ronounours.gmic
[2011/12/31 13:06:10 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\gmic_sources.cimgz
[2011/12/31 13:05:36 | 000,656,734 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\gmic_def.1508
[2011/12/16 13:41:06 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/12/16 13:41:06 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/12/16 13:41:06 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/12/16 13:40:55 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/11/06 23:47:05 | 000,651,432 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.gmic_def.1506
[2011/10/26 12:35:47 | 000,032,888 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.iain_fergusson.gmic
[2011/10/26 12:35:21 | 000,639,002 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.gmic_def.1505
[2011/10/21 07:58:05 | 000,160,467 | ---- | C] () -- C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
[2011/10/13 11:04:08 | 000,048,436 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.naggobot.gmic
[2011/09/27 14:07:24 | 000,635,693 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.gmic_def.1503
[2011/09/19 11:59:32 | 000,006,831 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.gentlemanbeggar_gmic.gmic
[2011/09/08 16:36:47 | 000,100,488 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.tomkeil.gmic
[2011/09/08 16:36:47 | 000,040,636 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.photocomix.gmic
[2011/09/08 16:36:46 | 000,014,955 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.karos.gmic
[2011/09/08 16:36:46 | 000,001,415 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.ronounours.gmic
[2011/09/08 16:36:24 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.gmic_faves
[2011/08/29 17:01:21 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.gmic_sources.cimgz
[2011/08/10 13:34:07 | 000,000,158 | ---- | C] () -- C:\Documents and Settings\Dave\.gtkrc-2.0
[2011/06/27 10:40:31 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/06/27 10:40:30 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/06/27 10:40:24 | 000,644,608 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/06/27 10:40:23 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/06/27 10:40:22 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/06/16 08:02:24 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2011/06/16 08:02:24 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2011/06/07 07:41:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/01 06:50:42 | 000,000,742 | R--- | C] () -- C:\WINDOWS\MSPPWSV.ini
[2011/02/21 17:35:01 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2011/02/18 15:12:45 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2011/01/07 12:09:41 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Blip.ini
[2010/10/06 12:28:35 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/09/20 09:03:35 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/03/11 07:54:13 | 000,000,041 | ---- | C] () -- C:\Documents and Settings\Dave\.gtk-bookmarks
[2009/10/31 15:10:26 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\setup_ldm.iss
[2009/10/22 08:21:18 | 000,001,753 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\QuickZip45.ini
[2009/05/01 12:06:36 | 000,000,094 | ---- | C] () -- C:\Documents and Settings\Dave\couponmanager.properties
[2008/12/10 20:18:50 | 000,060,744 | ---- | C] () -- C:\Documents and Settings\Dave\g2mdlhlpx.exe
[2007/01/20 13:18:54 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/01/06 16:59:19 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/06/26 07:21:50 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\fusioncache.dat
[2005/03/23 19:20:37 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/01/01 04:42:51 | 000,009,872 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2002/01/01 00:12:13 | 000,004,981 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2012/06/27 14:01:13 | 006,216,032 | ---- | M] (Microsoft Corporation) -- C:\windowsupdateagent30-x86.exe
[2012/06/27 14:02:02 | 001,266,056 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB927891-v3-x86-ENU.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2003/03/31 07:00:00 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=A82B28BFC2E4455FE43022A498C0EF0A -- C:\WINDOWS\$NtUninstallKB820291$\explorer.exe

< MD5 for: SERVICES >
[2003/03/31 07:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CNF >
[2006/06/19 08:26:32 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Documents and Settings\Dave\My Documents\My Webs\_vti_pvt\services.cnf

< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 02:56:55 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SERVICES.LNK >
[2002/01/09 02:29:50 | 000,001,602 | ---- | M] () MD5=FD1602AD5C71157303BC28A8DBD5E8FB -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012/07/21 07:28:14 | 000,000,351 | ---- | M] () MD5=F9C047719A8255AFEA979547B1B31FB3 -- C:\Documents and Settings\Dave\Application Data\Macromedia\Flash Player\#SharedObjects\7NYTLA7M\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MSC >
[2003/03/31 07:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 02:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 02:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 02:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >
[HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache\LAN]
"AutodiscoveryFlags" = -2147483648
"DetectedInterfaceIpCount" = 1
"LastDetectHighDateTime" = 0
"LastDetectLowDateTime" = 0
"LastDetectTime" = 01/01/1601, 00:00:00 UTC
"DetectedInterfaceIps" = 192.168.2.63;
"LastDetectUrl" =

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33A7CC67
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F662888F
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:815D61C4
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FCAE5408
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:83DE71AA
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD

< End of report >


...and here's the aswMBR report.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-22 17:02:59
-----------------------------
17:02:59.390 OS Version: Windows 5.1.2600 Service Pack 3
17:02:59.390 Number of processors: 1 586 0xA00
17:02:59.390 ComputerName: DAVID UserName: Dave
17:03:01.781 Initialize success
17:03:04.750 AVAST engine defs: 12072200
17:03:20.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
17:03:20.703 Disk 0 Vendor: ST3500630A 3.AAF Size: 476940MB BusType: 3
17:03:20.703 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
17:03:20.703 Disk 1 Vendor: WDC_WD1600JB-00REA0 20.00K20 Size: 152627MB BusType: 3
17:03:20.734 Disk 0 MBR read successfully
17:03:20.734 Disk 0 MBR scan
17:03:20.750 Disk 0 Windows XP default MBR code
17:03:20.750 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 2048
17:03:20.765 Disk 0 scanning sectors +976769024
17:03:20.875 Disk 0 scanning C:\WINDOWS\system32\drivers
17:03:34.671 Service scanning
17:03:39.734 Service GMSIPCI E:\INSTALL\GMSIPCI.SYS **LOCKED** 21
17:03:52.625 Modules scanning
17:04:00.968 Disk 0 trace - called modules:
17:04:01.234 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:04:01.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a68cab8]
17:04:01.265 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000061[0x8a780cd0]
17:04:01.265 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a71c4d0]
17:04:02.687 AVAST engine scan C:\WINDOWS
17:04:14.000 AVAST engine scan C:\WINDOWS\system32
17:08:09.937 AVAST engine scan C:\WINDOWS\system32\drivers
17:08:59.406 AVAST engine scan C:\Documents and Settings\Dave
17:15:30.218 AVAST engine scan C:\Documents and Settings\All Users
17:17:59.625 Scan finished successfully
17:19:59.078 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dave\Desktop\MBR.dat"
17:19:59.093 The log file has been saved successfully to "C:\Documents and Settings\Dave\Desktop\aswMBR.txt"


As a side note, everytime I run the OTL, I get an error message that says "Win32 Error. Code 1500. The event log file is corrupted". Why am I getting this error message?

Edited by Draconian, 22 July 2012 - 05:24 PM.

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Basically all the event logs are corrupt and need to be reset.. We will do that using OTL to delete the files. But you will need to stop and start the service

1.Go Start > Run
2.Type in Services.msc press OK.
3.Select the EventLog service, double click. Change the Startup Type to Disabled, and then click OK.
4.Restart Windows.

NOTE: When the system starts up, several services may fail; a message informing the user to use Event Viewer to review errors may appear.

RUN OTL

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-329068152-746137067-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-329068152-746137067-839522115-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-329068152-746137067-839522115-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-329068152-746137067-839522115-1004\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-329068152-746137067-839522115-1004\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
    O3 - HKU\S-1-5-21-329068152-746137067-839522115-1004\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\S-1-5-21-329068152-746137067-839522115-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-329068152-746137067-839522115-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\.DEFAULT..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz File not found
    O4 - HKU\S-1-5-18..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz File not found
    O4 - HKU\S-1-5-21-329068152-746137067-839522115-1004..\Run: [] File not found
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)


    :Files
    %SystemRoot%\System32\Config\*.evt

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

RESET EVENTLOG

5.In Services.msc tool, re-enable the EventLog service by setting it back to the default of Automatic startup.

On completion of all that could you let me know what the current problems are
  • 0

#5
Draconian

Draconian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
I did everything per your instruction, however, on the first OTL run I noticed some errors towards the bottom of the log file. Not sure if this is important but wanted to make sure you had all relevant info available for your analysis.

System Restore Service not available.

OTL by OldTimer - Version 3.2.54.0 log created on 07232012_140057

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2012/07/23 14:03:11 | 000,000,000 | ---- | M] () C:\WINDOWS\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...


Here is the second OTL log file:

OTL logfile created on: 7/23/2012 2:08:58 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Dave\Desktop\Malware Removal Resources
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.61% Memory free
2.60 Gb Paging File | 2.22 Gb Available in Paging File | 85.44% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 437.00 Gb Free Space | 93.83% Space Free | Partition Type: NTFS
Drive F: | 149.05 Gb Total Space | 134.60 Gb Free Space | 90.30% Space Free | Partition Type: NTFS

Computer Name: DAVID | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/13 15:37:21 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\Malware Removal Resources\OTL.exe
PRC - [2012/07/03 11:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/05/15 05:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/30 16:59:34 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/23 05:44:42 | 001,785,856 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12072301\algo.dll
MOD - [2009/07/20 13:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2006/10/30 16:59:34 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
MOD - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/12 10:28:25 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/05/15 05:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (usbcm)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (motmodem)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (GenericMount)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (GEARAspiWDM)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/03 11:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 11:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 11:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 11:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/07/03 11:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/07/03 11:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 11:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/04/18 12:08:05 | 000,123,840 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2011/09/21 10:25:34 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/06/17 11:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 11:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/04/11 15:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 15:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2005/11/25 18:43:48 | 000,031,896 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2005/11/10 18:00:48 | 000,102,400 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SI3112r.sys -- (SI3112r)
DRV - [2005/09/19 09:41:00 | 000,241,280 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/11/01 12:21:32 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2004/10/22 10:41:46 | 000,413,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2004/10/22 10:38:28 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2004/08/03 23:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/06/06 17:53:16 | 000,070,656 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2003/05/14 14:42:56 | 000,021,216 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2003/05/14 14:42:50 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2003/05/14 14:42:48 | 000,005,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2003/05/14 14:42:44 | 000,044,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2002/08/28 21:59:12 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://rd.yahoo.com/...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-329068152-746137067-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-329068152-746137067-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-329068152-746137067-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-329068152-746137067-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-329068152-746137067-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=MIE8HMPG
IE - HKU\S-1-5-21-329068152-746137067-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-329068152-746137067-839522115-1004\..\SearchScopes,DefaultScope = {2960D57E-094E-47A5-8F3B-A7BBDE375EAB}
IE - HKU\S-1-5-21-329068152-746137067-839522115-1004\..\SearchScopes\{2960D57E-094E-47A5-8F3B-A7BBDE375EAB}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-329068152-746137067-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-329068152-746137067-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;192.168.*.*

IE - HKU\S-1-5-21-329068152-746137067-839522115-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: F:\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2010/08/12 05:38:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions
[2009/09/06 08:07:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/03/26 12:06:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2006/10/12 18:18:00 | 001,245,184 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npRACtrl.dll
[2006/10/12 18:17:00 | 000,003,072 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
[2006/02/13 13:07:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\unicows.dll
[2007/07/26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2012/07/23 14:01:04 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKU\S-1-5-21-329068152-746137067-839522115-1004..\Run: [ATI Launchpad] File not found
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-746137067-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-746137067-839522115-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKU\S-1-5-21-329068152-746137067-839522115-1004\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-329068152-746137067-839522115-1004\..Trusted Domains: secureserver.net ([email02] http in Trusted sites)
O15 - HKU\S-1-5-21-329068152-746137067-839522115-1004\..Trusted Domains: secureserver.net ([www.email] * in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1005.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files\AutoCAD LT 2000i\AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} http://download.zone...ctor/WebAAS.cab (Anonymizer Anti-Spyware Scanner)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file://C:\Program Files\AutoCAD LT 2000i\InstFred.ocx (NOXLATE)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...672/mcfscan.cab (McFreeScan Class)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files\AutoCAD LT 2000i\AcPreview.ocx (AcPreview Control)
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} http://zone.msn.com/...rp.cab56961.cab (ChessControl Class)
O16 - DPF: ppctlcab http://www.pestscan....er/ppctlcab.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30FCCDDE-040C-4283-9638-C9C10CDA4B34}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5E385A1-391A-4D1F-BA3E-CFB3B6AD1F99}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 () - http://cdn.fastclick.../media46462.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: F:\Photos & Images\Desktop Wallpaper\Gimp 2.8_Red-orange.bmp
O24 - Desktop BackupWallPaper: F:\Photos & Images\Desktop Wallpaper\Gimp 2.8_Red-orange.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/23 14:00:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/23 12:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\2.6 temp
[2012/07/23 10:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\New Themes
[2012/07/23 06:58:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Theme Images
[2012/07/23 05:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\OS Icons
[2012/07/22 18:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CPUID
[2012/07/22 18:16:56 | 000,021,992 | ---- | C] (CPUID) -- C:\WINDOWS\System32\drivers\cpuz135_x32.sys
[2012/07/22 18:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2012/07/22 17:01:43 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dave\Desktop\aswMBR.exe
[2012/07/20 14:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\icons
[2012/07/17 16:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Autoruns
[2012/07/17 16:18:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\JkDefrag
[2012/07/17 14:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\PC Maintenance
[2012/07/17 14:45:10 | 029,588,048 | ---- | C] (Emsi Software GmbH ) -- C:\Documents and Settings\Dave\Desktop\OnlineArmorSetup.exe
[2012/07/17 11:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\SUPERAntiSpyware.com
[2012/07/17 11:04:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/07/17 11:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/17 11:04:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/07/16 10:23:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dave\Recent
[2012/07/14 11:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Quarantine items
[2012/07/14 09:03:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/07/13 15:37:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Malware Removal Resources
[2012/07/12 11:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Tiles from Images
[2012/07/09 16:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Keepers
[2012/07/04 08:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Music Downloads
[2012/07/02 06:49:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Theme Making
[2012/06/30 17:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\New Patterns
[2012/06/29 14:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2012/06/29 13:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\PS Workaround
[2012/06/27 16:56:05 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/27 16:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/27 12:07:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\FixCleaner
[2012/06/27 12:07:17 | 000,000,000 | ---D | C] -- C:\Program Files\FixCleaner
[2012/06/27 12:07:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloaded Installers
[2012/06/26 17:42:05 | 000,700,416 | ---- | C] (MAGIX AG) -- C:\WINDOWS\System32\mgxoschk.dll
[2012/06/26 17:42:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MAGIX
[2012/06/26 17:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\MM
[2012/06/26 15:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Gimp Themes v1.0
[2012/06/26 10:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2012/06/26 08:59:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/06/24 06:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\fontconfig
[2012/06/24 06:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\gegl-0.2
[2 C:\Documents and Settings\Dave\Application Data\*.tmp files -> C:\Documents and Settings\Dave\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/23 14:04:03 | 000,012,688 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/23 14:03:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/23 14:01:04 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/07/23 13:28:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/23 13:21:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/23 12:39:48 | 000,114,932 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Bubbles.jpg
[2012/07/23 12:33:09 | 000,296,265 | ---- | M] () -- C:\Documents and Settings\Dave\.recently-used.xbel
[2012/07/23 12:03:03 | 000,004,378 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\hex bg_sm.png
[2012/07/23 11:10:54 | 000,046,786 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\table.png
[2012/07/23 10:54:06 | 000,027,406 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Dark Wood Theme.jpg
[2012/07/23 06:12:04 | 000,001,139 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\kp24_text_art.scm.gz
[2012/07/23 05:59:06 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/07/22 18:16:57 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CPUID HWMonitor.lnk
[2012/07/22 18:15:20 | 004,084,576 | ---- | M] ( ) -- C:\Documents and Settings\Dave\Desktop\hwmonitor_1.19-setup.exe
[2012/07/22 17:19:59 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\MBR.dat
[2012/07/22 17:01:42 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dave\Desktop\aswMBR.exe
[2012/07/22 16:21:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/22 12:22:02 | 000,000,187 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2012/07/22 02:19:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Driver Fetch.job
[2012/07/21 07:46:51 | 000,045,069 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\TransGimpToolGBR_RD.zip
[2012/07/21 07:18:52 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Gimp Chat.url
[2012/07/20 16:54:05 | 001,037,940 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Gimp Header.xcf
[2012/07/20 16:47:11 | 000,186,479 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Banner.jpg
[2012/07/19 18:08:44 | 000,438,208 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/19 18:08:44 | 000,070,138 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/19 18:04:50 | 000,000,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/07/19 17:59:12 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/07/19 09:32:50 | 007,680,054 | ---- | M] () -- C:\WINDOWS\Red Hex.bmp
[2012/07/18 16:59:42 | 000,082,098 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\old table.png
[2012/07/17 14:45:09 | 029,588,048 | ---- | M] (Emsi Software GmbH ) -- C:\Documents and Settings\Dave\Desktop\OnlineArmorSetup.exe
[2012/07/17 10:16:48 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/07/17 10:16:48 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/07/16 10:58:13 | 000,000,837 | ---- | M] () -- C:\fraglist.luar
[2012/07/16 07:34:23 | 000,849,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/14 17:52:40 | 007,680,054 | ---- | M] () -- C:\WINDOWS\Dark Hex.bmp
[2012/07/14 15:35:28 | 000,014,583 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Outlook error.jpg
[2012/07/14 08:00:27 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/07/13 16:22:36 | 000,048,468 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\SysInfo.jpg
[2012/07/11 03:08:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/09 17:44:15 | 000,000,041 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2012/07/09 16:36:21 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/07 15:35:14 | 000,806,190 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Sector Nine Font.xcf
[2012/07/06 08:39:20 | 000,032,888 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\iain_fergusson.gmic
[2012/07/06 08:39:20 | 000,010,257 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\garagecoder.gmic
[2012/07/06 08:39:19 | 000,048,436 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\naggobot.gmic
[2012/07/06 08:39:18 | 000,006,831 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\gentlemanbeggar_gmic.gmic
[2012/07/06 08:39:17 | 000,047,450 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\photocomix.gmic
[2012/07/06 08:39:16 | 000,101,917 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\tomkeil.gmic
[2012/07/06 08:39:15 | 000,014,955 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\karos.gmic
[2012/07/06 08:39:15 | 000,001,415 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\ronounours.gmic
[2012/07/06 08:39:13 | 000,671,666 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\gmic_def.1516
[2012/07/06 08:38:34 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\gmic_sources.cimgz
[2012/07/03 11:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/07/03 11:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/07/03 11:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/07/03 11:21:53 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/07/03 11:21:53 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/07/03 11:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/07/03 11:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/07/03 11:21:52 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/07/03 11:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/07/03 11:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/06/29 08:44:05 | 000,135,328 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Gimp_SpareParts_Default_Brush_by_photocomix_resources.jpg
[2012/06/28 13:52:31 | 000,472,896 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Andrew Filmstrip.jpg
[2012/06/27 14:01:20 | 000,003,038 | ---- | M] () -- C:\fix_svchost.bat
[2012/06/27 09:47:14 | 000,290,680 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\cc_20120627_094544.reg
[2012/06/26 17:42:08 | 000,006,211 | ---- | M] () -- C:\WINDOWS\mgxoschk.ini
[2012/06/26 15:23:16 | 000,000,158 | ---- | M] () -- C:\Documents and Settings\Dave\.gtkrc-2.0
[2012/06/26 15:18:12 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Gimp themes.lnk
[2012/06/24 06:38:05 | 000,353,675 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\recently-used.xbel
[2 C:\Documents and Settings\Dave\Application Data\*.tmp files -> C:\Documents and Settings\Dave\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/23 12:39:48 | 000,114,932 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Bubbles.jpg
[2012/07/23 12:33:09 | 000,296,265 | ---- | C] () -- C:\Documents and Settings\Dave\.recently-used.xbel
[2012/07/23 11:56:24 | 000,004,378 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\hex bg_sm.png
[2012/07/23 11:10:53 | 000,046,786 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\table.png
[2012/07/23 10:54:06 | 000,027,406 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Dark Wood Theme.jpg
[2012/07/23 09:45:38 | 000,082,098 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\old table.png
[2012/07/23 06:12:10 | 000,001,139 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\kp24_text_art.scm.gz
[2012/07/22 18:16:57 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CPUID HWMonitor.lnk
[2012/07/22 18:15:09 | 004,084,576 | ---- | C] ( ) -- C:\Documents and Settings\Dave\Desktop\hwmonitor_1.19-setup.exe
[2012/07/22 17:19:59 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\MBR.dat
[2012/07/21 07:46:59 | 000,045,069 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\TransGimpToolGBR_RD.zip
[2012/07/20 16:47:11 | 000,186,479 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Banner.jpg
[2012/07/20 14:28:08 | 001,037,940 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Gimp Header.xcf
[2012/07/19 17:58:08 | 000,000,318 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/07/19 09:32:45 | 007,680,054 | ---- | C] () -- C:\WINDOWS\Red Hex.bmp
[2012/07/16 10:58:13 | 000,000,837 | ---- | C] () -- C:\fraglist.luar
[2012/07/14 17:44:55 | 007,680,054 | ---- | C] () -- C:\WINDOWS\Dark Hex.bmp
[2012/07/14 15:35:28 | 000,014,583 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Outlook error.jpg
[2012/07/13 16:22:36 | 000,048,468 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\SysInfo.jpg
[2012/07/11 03:02:26 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/07/04 15:34:21 | 000,806,190 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Sector Nine Font.xcf
[2012/06/29 13:56:55 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2012/06/29 08:45:53 | 000,135,328 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Gimp_SpareParts_Default_Brush_by_photocomix_resources.jpg
[2012/06/28 13:52:27 | 000,472,896 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Andrew Filmstrip.jpg
[2012/06/27 14:01:25 | 000,003,038 | ---- | C] () -- C:\fix_svchost.bat
[2012/06/27 09:46:09 | 000,290,680 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\cc_20120627_094544.reg
[2012/06/26 17:42:05 | 000,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2012/06/26 15:18:12 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Gimp themes.lnk
[2012/06/24 06:38:05 | 000,353,675 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\recently-used.xbel
[2012/06/21 14:14:19 | 000,671,666 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\gmic_def.1516
[2012/06/21 07:09:03 | 000,604,277 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.gmic_def.1500
[2012/03/31 11:16:31 | 000,010,257 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\garagecoder.gmic
[2012/03/08 14:32:22 | 000,659,130 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\gmic_def.1510
[2012/02/14 17:48:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/27 09:02:40 | 000,000,405 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\gmic_faves
[2012/01/20 12:18:45 | 000,667,109 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\gmic_def.1509
[2011/12/31 13:06:33 | 000,032,888 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\iain_fergusson.gmic
[2011/12/31 13:06:32 | 000,048,436 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\naggobot.gmic
[2011/12/31 13:06:31 | 000,047,450 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\photocomix.gmic
[2011/12/31 13:06:31 | 000,006,831 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\gentlemanbeggar_gmic.gmic
[2011/12/31 13:06:30 | 000,101,917 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\tomkeil.gmic
[2011/12/31 13:06:29 | 000,014,955 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\karos.gmic
[2011/12/31 13:06:29 | 000,001,415 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\ronounours.gmic
[2011/12/31 13:06:10 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\gmic_sources.cimgz
[2011/12/31 13:05:36 | 000,656,734 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\gmic_def.1508
[2011/12/16 13:41:06 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/12/16 13:41:06 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/12/16 13:41:06 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/12/16 13:40:55 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/11/06 23:47:05 | 000,651,432 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.gmic_def.1506
[2011/10/26 12:35:47 | 000,032,888 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.iain_fergusson.gmic
[2011/10/26 12:35:21 | 000,639,002 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.gmic_def.1505
[2011/10/21 07:58:05 | 000,160,467 | ---- | C] () -- C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
[2011/10/13 11:04:08 | 000,048,436 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.naggobot.gmic
[2011/09/27 14:07:24 | 000,635,693 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.gmic_def.1503
[2011/09/19 11:59:32 | 000,006,831 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.gentlemanbeggar_gmic.gmic
[2011/09/08 16:36:47 | 000,100,488 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.tomkeil.gmic
[2011/09/08 16:36:47 | 000,040,636 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.photocomix.gmic
[2011/09/08 16:36:46 | 000,014,955 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.karos.gmic
[2011/09/08 16:36:46 | 000,001,415 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.ronounours.gmic
[2011/09/08 16:36:24 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.gmic_faves
[2011/08/29 17:01:21 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.gmic_sources.cimgz
[2011/08/10 13:34:07 | 000,000,158 | ---- | C] () -- C:\Documents and Settings\Dave\.gtkrc-2.0
[2011/06/27 10:40:31 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/06/27 10:40:30 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/06/27 10:40:24 | 000,644,608 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/06/27 10:40:23 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/06/27 10:40:22 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/06/16 08:02:24 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2011/06/16 08:02:24 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2011/06/07 07:41:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/01 06:50:42 | 000,000,742 | R--- | C] () -- C:\WINDOWS\MSPPWSV.ini
[2011/02/21 17:35:01 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2011/02/18 15:12:45 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2011/01/07 12:09:41 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Blip.ini
[2010/10/06 12:28:35 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/09/20 09:03:35 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/03/11 07:54:13 | 000,000,041 | ---- | C] () -- C:\Documents and Settings\Dave\.gtk-bookmarks
[2009/10/31 15:10:26 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\setup_ldm.iss
[2009/10/22 08:21:18 | 000,001,753 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\QuickZip45.ini
[2009/05/01 12:06:36 | 000,000,094 | ---- | C] () -- C:\Documents and Settings\Dave\couponmanager.properties
[2008/12/10 20:18:50 | 000,060,744 | ---- | C] () -- C:\Documents and Settings\Dave\g2mdlhlpx.exe
[2007/01/20 13:18:54 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/01/06 16:59:19 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/06/26 07:21:50 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\fusioncache.dat
[2005/03/23 19:20:37 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/01/01 04:42:51 | 000,009,872 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2002/01/01 00:12:13 | 000,004,981 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe

========== LOP Check ==========

[2010/07/08 07:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/06/18 12:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/05/13 19:12:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/02/17 15:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAZ 3D
[2009/10/29 08:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/07/07 20:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FRISK Software
[2011/03/08 17:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2012/03/17 03:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2011/06/27 16:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motorola
[2005/07/07 15:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
[2011/02/21 17:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/09/07 09:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/03/08 16:56:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/07/10 13:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF reDirect
[2009/12/29 11:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2007/02/03 18:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011/02/03 13:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/05/13 19:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/07/12 14:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2009/10/31 15:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Summitsoft
[2011/06/22 15:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/08 06:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2012/05/09 11:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
[2010/04/19 15:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/06 20:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/09/14 07:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Astro Gemini Software
[2010/06/18 12:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Autodesk
[2011/10/03 13:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Blender Foundation
[2010/08/12 07:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Bytescout SWF To Video Scout
[2009/05/27 06:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Canon
[2009/10/06 14:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/18 14:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\com.zipeg
[2010/07/10 19:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\DarkWave Studio
[2012/02/17 15:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\DAZ 3D
[2009/10/29 08:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\DriverCure
[2011/06/22 15:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\ElementalsTheMagicKey
[2011/06/27 09:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\ElevatedDiagnostics
[2011/02/18 15:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\EnchantedCavern
[2011/05/20 09:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\FileZilla
[2012/02/01 13:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Filter Forge Freepack 1 - Metals
[2012/06/27 12:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\FixCleaner
[2009/09/25 09:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\FrmMain
[2012/02/06 22:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\GlarySoft
[2012/07/23 12:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\gtk-2.0
[2010/07/26 12:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\inkscape
[2006/04/16 11:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\InterVideo
[2005/06/26 07:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\IsolatedStorage
[2002/01/12 23:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\iSpring Solutions
[2010/10/07 14:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\kompozer.net
[2009/09/25 14:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Leadertech
[2011/12/08 15:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\MAGIX
[2011/06/27 16:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\motorola
[2005/05/16 18:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\MSN Search Toolbar
[2010/07/08 11:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\NCH Swift Sound
[2009/05/14 08:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\NewSoft
[2011/11/12 16:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Notepad++
[2011/02/21 13:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Oberon Media
[2010/07/10 13:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\PDF reDirect
[2012/02/20 17:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\pdfforge
[2010/12/29 16:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Sahmon Games
[2009/05/13 19:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\ScanSoft
[2008/09/19 17:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Softplicity
[2005/02/07 11:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\spweng
[2010/10/01 14:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Stellarium
[2009/10/29 19:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Summitsoft
[2004/02/10 19:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Vantage Software
[2012/03/22 16:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Wings3D
[2002/01/04 01:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\XnView
[2002/01/11 21:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\YouSendIt
[2009/10/22 17:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Zipeg
[2012/07/23 05:59:06 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2012/07/22 02:19:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Fetch.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33A7CC67
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F662888F
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:815D61C4
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FCAE5408
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:83DE71AA
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD

< End of report >

BTW the Event Log was already set back to Automatic. You didn't mention anything about the "Extras" log file but here it is just in case you need to eyeball it.

OTL Extras logfile created on: 7/23/2012 2:08:58 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Dave\Desktop\Malware Removal Resources
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.61% Memory free
2.60 Gb Paging File | 2.22 Gb Available in Paging File | 85.44% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 437.00 Gb Free Space | 93.83% Space Free | Partition Type: NTFS
Drive F: | 149.05 Gb Total Space | 134.60 Gb Free Space | 90.30% Space Free | Partition Type: NTFS

Computer Name: DAVID | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-329068152-746137067-839522115-1004\SOFTWARE\Classes\<extension>]
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
.js [@ = jsfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"c:\windows\system32\ossproxy.exe" = c:\windows\system32\ossproxy.exe:*:Enabled:ossproxy.exe
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Yahoo! Games\Zuma Deluxe\Zuma.exe" = C:\Program Files\Yahoo! Games\Zuma Deluxe\Zuma.exe:*:Disabled:Zuma
"C:\Program Files\Yahoo! Games\Alien Shooter\AlienShooter.exe" = C:\Program Files\Yahoo! Games\Alien Shooter\AlienShooter.exe:*:Disabled:AlienShooter Application
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
"C:\My Games\Pearl Harbor - Zero Hour\phz.exe" = C:\My Games\Pearl Harbor - Zero Hour\phz.exe:*:Disabled:phz
"C:\GAMES\Alien Shooter\AlienShooter.exe" = C:\GAMES\Alien Shooter\AlienShooter.exe:*:Disabled:AlienShooter Application
"C:\Program Files\StarportGE\GEClient.exe" = C:\Program Files\StarportGE\GEClient.exe:*:Enabled:GEClient
"C:\Documents and Settings\Dave\Desktop\Games\Blackhawk Striker 2\Blackhawk2.exe" = C:\Documents and Settings\Dave\Desktop\Games\Blackhawk Striker 2\Blackhawk2.exe:*:Disabled:Black Hawk Striker 2
"C:\My Games\Q3Ademo\quake3.exe" = C:\My Games\Q3Ademo\quake3.exe:*:Disabled:quake3
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Dave\Desktop\Temp Dnloads\3gp_converter_setup.exe" = C:\Documents and Settings\Dave\Desktop\Temp Dnloads\3gp_converter_setup.exe:*:Enabled:3GP Converter
"C:\Program Files\Motorola Media Link\Lite\MML.exe" = C:\Program Files\Motorola Media Link\Lite\MML.exe:*:Enabled:MML
"F:\My Games\Blackhawk Striker 2\Blackhawk2.exe" = F:\My Games\Blackhawk Striker 2\Blackhawk2.exe:*:Disabled:Black Hawk Striker 2 -- (WanakoGames)
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1B399A41-C1D0-40A2-9E4F-095868EFAF01}" = DVD5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 29
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38040B3C-D2AF-4BCB-B612-502701A67C9B}" = Pando
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6779E366-ED0F-49AB-A4D3-24CFADC43341}" = Photofont Start
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{833D97B9-AC16-45C1-AD44-0A32198956F8}" = Gimp Themes v1.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{839CA7E5-5956-487D-8138-682907C5D576}_is1" = The Works version 3.2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{93EC14D5-7AAA-4EAD-BB75-013817A96598}" = Logitech Gaming Software
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B6DC0CAF-0D27-4ACE-8E34-8594C8D7C1DA}" = MMC85
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{D3661269-10B6-495F-B4EE-539ABE3F9AA9}" = DVDDec
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"3D Asteroids_is1" = 3D Asteroids v1.3
"3D UltraPong1.3" = 3D UltraPong
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe InDesign 2.0" = Adobe InDesign 2.0
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"BroadJump Client Foundation" = BroadJump Client Foundation
"Canon MX310 series User Registration" = Canon MX310 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.19
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"DreamSuite Bonus" = Uninstall DreamSuite Bonus
"DS4 Default Content 4.0.0.19" = DS4 Default Content
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"Fireworks screensaver 1.0" = Fireworks screensaver 1.0
"G'MIC for GIMP_is1" = G'MIC for GIMP version 1.5.1.6
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Inkscape" = Inkscape 0.47
"InstallShield_{B6DC0CAF-0D27-4ACE-8E34-8594C8D7C1DA}" = ATI Multimedia Center 8.5.0.0
"InstallShield_{D3661269-10B6-495F-B4EE-539ABE3F9AA9}" = ATI DVD Decoder 2.2.0.0
"IrfanView" = IrfanView (remove only)
"isfree_is1" = iSpring Free 4.2
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mirage Driver_is1" = Mirage Driver 1.1
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Audio Driver" = NVIDIA Audio Driver
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA Ethernet Driver" = NVIDIA Ethernet Driver
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"OrganicArtMS" = Organic Art, Microsoft Edition
"Play Guitar" = Play Guitar Uninstall
"pycairo-py2.6" = Python 2.6 pycairo-1.8.6
"pygobject-py2.6" = Python 2.6 pygobject-2.20.0
"pygtk-py2.6" = Python 2.6 pygtk-2.16.0
"Quake 3 Arena Demo" = Quake 3 Arena Demo
"ReallySlickScreensavers" = Really Slick Screensavers 0.2
"SereneScreen Marine Aquarium 2_is1" = SereneScreen Marine Aquarium 2
"ShapeCollage" = Shape Collage
"Sqirlz Water Reflections" = Sqirlz Water Reflections
"ST5UNST #1" = CLOX 2000
"Tranquillity 1.0_is1" = Tranquillity 1.0
"Valley Of The Gods" = Valley Of The Gods
"VLC media player" = VLC media player 2.0.1
"Wavelet Denoise Gimp Plugin_is1" = Wavelet Denoise Gimp Plugin version 0.3.1
"Wavelet Sharpen Gimp Plugin_is1" = Wavelet Sharpen Gimp Plugin version 0.1.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"Wings 3D 1.4.1" = Wings 3D 1.4.1
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnView_is1" = XnView 1.97.6
"Zuma Deluxe 1.0.0.0" = Zuma Deluxe 1.0.0.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-329068152-746137067-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"Wings 3D 1.4.1" = Wings 3D 1.4.1

< End of report >


Not sure which/what you mean by "current problems". I want to know if the Win Antivirus 2004 is legit or not and why do I have so many alternate data streams shown at the bottom of the log above. I can make a list of other issues but didn't want to muddy the waters on my original question. At the moment I guess the main issues besides my original question are

1. High CPU usage while on hthe internet (just typing this is taking forever)
2. Stuttering audio and video (wmp files and on line)
3. Need to know how to determine what AV and spyware servces are running so I don't have too many at the same time
4. Need to know if there is any kind of exsiting firewall on my system now and how to terminate it and install Online Armor if that is in fact better than what I have(or don't have)now.

From the log files you can see that I am using the free version of Avast and I regularly use Spybot and Malwarebytes. I ran the Superantispyware about a week ago and it found a couple of things the others did not catch. Just for grins I ran that Pitstop online checkup thingy and it said I had quite a few other keyloggers and whatnot. If I was rich and famous I might just have to break down and buy a Mac! LOL Don't get me wrong, I appreciate all the work you are doing here and I'm determined to see this through so what's next?

Edited by Draconian, 23 July 2012 - 01:56 PM.

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The ADS lines are legitimate and probably a part of the AV checks

System restore will probably need fixing

Win2004 is not running anywhere on your system so it is probably a remnant

Avira is the only other AV showing traces

I can see no indication of a firewall

Lets now investigate the High CPU usage

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#7
Draconian

Draconian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Can't run Combofix until I figure out how to legitimately disable Avast (not Avira). I went to the icon in the systray and selected "disable until reboot". I started to run Combofix and it told me Avast was still running and might interfere with normal operation of Combofix. I double checked the settings in the Avast User interface and it showed everything was turned off and the usual warnings of not being protected. Just for grins I looked in Task Manager and there were two processes still running - Avast UI.exe and Avast Svc.exe. I tried to end the process and was given an "Access Denied" message. I then did a quick search and posted on the Avast message board and have yet to receive a reply. I did see a similar thread on their site but the replies were mostly sarcastic Avast evangelist user idiots telling the guy how stupid he was to want to turn it off. Who needs that crap? I need a straight technical answer to get this sucker turned off for real so I can run Combofix? Can you help? I don't think I'll be going back to the Avast message board for anything else, ever.

Edited by Draconian, 24 July 2012 - 05:14 AM.

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Avast has a self protection mode, hence you are unable to disable those two services. However, as long as you do not let Avast sandbox or quarantine anything during the run you will be OK.. If you wish to close those two processes then do the following

Open the Avast GUI got to settings (top right)
Select troubleshooting
Deselect Enable Avast self protection (don't forget to re-enable after you have finished )
Accept the warning
You can now stop the processes



  • 0

#9
Draconian

Draconian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Thanks. Now Combo fix is saying that Avira is detected. I did a search and all I found was the old setup file. I deleted it, emptied the recycle bin, rebooted and Combofix is still detecting some remnant of Avira left over from several years ago. Search did not find anything. I looked in both my app data and the All users app data folder and still nothing. I don't know where else to look. How do I remove all traces of Avira?

BTW I love your Dragons. I've been a collector for many years.

Edited by Draconian, 24 July 2012 - 09:41 AM.

  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets remove the last Avira driver

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

    :Commands
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

Advertisements


#11
Draconian

Draconian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
OK, ran the fix and here is the subsequent OTL log file:

OTL logfile created on: 7/24/2012 12:38:42 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Dave\Desktop\Malware Removal Resources
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.54% Memory free
2.60 Gb Paging File | 2.24 Gb Available in Paging File | 85.86% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 436.63 Gb Free Space | 93.75% Space Free | Partition Type: NTFS
Drive F: | 149.05 Gb Total Space | 134.68 Gb Free Space | 90.36% Space Free | Partition Type: NTFS

Computer Name: DAVID | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/13 15:37:21 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\Malware Removal Resources\OTL.exe
PRC - [2012/07/03 11:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/05/15 05:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/30 16:59:34 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/24 02:59:32 | 001,787,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12072400\algo.dll
MOD - [2010/08/15 17:08:44 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009/07/20 13:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2006/10/30 16:59:34 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
MOD - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/12 10:28:25 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/05/15 05:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (usbcm)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (motmodem)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (GenericMount)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (GEARAspiWDM)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/03 11:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 11:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 11:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 11:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/07/03 11:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/07/03 11:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 11:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/04/18 12:08:05 | 000,123,840 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2011/09/21 10:25:34 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/06/17 11:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 11:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/04/11 15:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 15:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2005/11/25 18:43:48 | 000,031,896 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2005/11/10 18:00:48 | 000,102,400 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SI3112r.sys -- (SI3112r)
DRV - [2005/09/19 09:41:00 | 000,241,280 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/11/01 12:21:32 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2004/10/22 10:41:46 | 000,413,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2004/10/22 10:38:28 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2004/08/03 23:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/06/06 17:53:16 | 000,070,656 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2003/05/14 14:42:56 | 000,021,216 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2003/05/14 14:42:50 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2003/05/14 14:42:48 | 000,005,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2003/05/14 14:42:44 | 000,044,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2002/08/28 21:59:12 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://rd.yahoo.com/...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-329068152-746137067-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-329068152-746137067-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-329068152-746137067-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-329068152-746137067-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-329068152-746137067-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=MIE8HMPG
IE - HKU\S-1-5-21-329068152-746137067-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-329068152-746137067-839522115-1004\..\SearchScopes,DefaultScope = {2960D57E-094E-47A5-8F3B-A7BBDE375EAB}
IE - HKU\S-1-5-21-329068152-746137067-839522115-1004\..\SearchScopes\{2960D57E-094E-47A5-8F3B-A7BBDE375EAB}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-329068152-746137067-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-329068152-746137067-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;192.168.*.*

IE - HKU\S-1-5-21-329068152-746137067-839522115-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2010/08/12 05:38:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions
[2009/09/06 08:07:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/03/26 12:06:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2006/10/12 18:18:00 | 001,245,184 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npRACtrl.dll
[2006/10/12 18:17:00 | 000,003,072 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
[2006/02/13 13:07:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\unicows.dll
[2007/07/26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2012/07/23 14:01:04 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKU\S-1-5-21-329068152-746137067-839522115-1004..\Run: [ATI Launchpad] File not found
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-746137067-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-329068152-746137067-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-329068152-746137067-839522115-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKU\S-1-5-21-329068152-746137067-839522115-1004\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-329068152-746137067-839522115-1004\..Trusted Domains: secureserver.net ([email02] http in Trusted sites)
O15 - HKU\S-1-5-21-329068152-746137067-839522115-1004\..Trusted Domains: secureserver.net ([www.email] * in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1005.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files\AutoCAD LT 2000i\AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} http://download.zone...ctor/WebAAS.cab (Anonymizer Anti-Spyware Scanner)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file://C:\Program Files\AutoCAD LT 2000i\InstFred.ocx (NOXLATE)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...672/mcfscan.cab (McFreeScan Class)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files\AutoCAD LT 2000i\AcPreview.ocx (AcPreview Control)
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} http://zone.msn.com/...rp.cab56961.cab (ChessControl Class)
O16 - DPF: ppctlcab http://www.pestscan....er/ppctlcab.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30FCCDDE-040C-4283-9638-C9C10CDA4B34}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5E385A1-391A-4D1F-BA3E-CFB3B6AD1F99}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 () - http://cdn.fastclick.../media46462.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: F:\Photos & Images\Desktop Wallpaper\Gimp 2.8_Red-orange.bmp
O24 - Desktop BackupWallPaper: F:\Photos & Images\Desktop Wallpaper\Gimp 2.8_Red-orange.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-329068152-746137067-839522115-1004\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-329068152-746137067-839522115-1004\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/24 10:29:23 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/07/24 10:24:40 | 000,353,688 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/07/24 10:24:40 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/07/24 10:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/07/24 10:24:38 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/07/24 10:24:37 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/07/24 10:24:36 | 000,721,000 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/07/24 10:24:36 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/07/24 10:24:36 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/07/24 10:24:35 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/07/24 10:24:06 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/07/24 10:24:05 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/07/24 10:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/07/24 10:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/07/23 16:14:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/23 16:13:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/07/23 16:13:41 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/07/23 16:05:50 | 004,583,914 | R--- | C] (Swearware) -- C:\Documents and Settings\Dave\Desktop\ComboFix.exe
[2012/07/23 15:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Firewall
[2012/07/23 14:00:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/23 12:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\2.6 temp
[2012/07/23 10:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\New Themes
[2012/07/22 18:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CPUID
[2012/07/22 18:16:56 | 000,021,992 | ---- | C] (CPUID) -- C:\WINDOWS\System32\drivers\cpuz135_x32.sys
[2012/07/22 18:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2012/07/22 17:01:43 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dave\Desktop\aswMBR.exe
[2012/07/17 16:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Autoruns
[2012/07/17 16:18:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\JkDefrag
[2012/07/17 14:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\PC Maintenance
[2012/07/17 11:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\SUPERAntiSpyware.com
[2012/07/17 11:04:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/07/17 11:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/17 11:04:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/07/16 10:23:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dave\Recent
[2012/07/14 11:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Quarantine items
[2012/07/14 09:03:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/07/13 15:37:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Malware Removal Resources
[2012/07/12 11:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Tiles from Images
[2012/07/04 08:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Music Downloads
[2012/06/30 17:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\New Patterns
[2012/06/29 14:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2012/06/29 13:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\PS Workaround
[2012/06/27 16:56:05 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/27 16:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/27 12:07:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloaded Installers
[2012/06/26 17:42:05 | 000,700,416 | ---- | C] (MAGIX AG) -- C:\WINDOWS\System32\mgxoschk.dll
[2012/06/26 17:42:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MAGIX
[2012/06/26 17:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\MM
[2012/06/26 15:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Gimp Themes v1.0
[2012/06/26 10:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2012/06/26 08:59:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2 C:\Documents and Settings\Dave\Application Data\*.tmp files -> C:\Documents and Settings\Dave\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/24 12:37:39 | 000,078,332 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\weird files.jpg
[2012/07/24 12:37:21 | 000,438,208 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/24 12:37:21 | 000,070,138 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/24 12:33:52 | 000,000,312 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/07/24 12:33:45 | 000,012,688 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/24 12:33:41 | 000,000,432 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/07/24 12:33:15 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/24 12:32:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/24 12:28:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/24 12:21:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/24 11:26:33 | 000,000,184 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2012/07/24 10:24:40 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/07/24 10:24:36 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/07/24 08:23:55 | 000,061,025 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\presets.jpg
[2012/07/24 08:11:28 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/23 16:05:49 | 004,583,914 | R--- | M] (Swearware) -- C:\Documents and Settings\Dave\Desktop\ComboFix.exe
[2012/07/23 14:01:04 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/07/23 12:33:09 | 000,296,265 | ---- | M] () -- C:\Documents and Settings\Dave\.recently-used.xbel
[2012/07/22 18:16:57 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CPUID HWMonitor.lnk
[2012/07/22 17:19:59 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\MBR.dat
[2012/07/22 17:01:42 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dave\Desktop\aswMBR.exe
[2012/07/22 02:19:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Driver Fetch.job
[2012/07/21 07:18:52 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Gimp Chat.url
[2012/07/19 09:32:50 | 007,680,054 | ---- | M] () -- C:\WINDOWS\Red Hex.bmp
[2012/07/17 10:16:48 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/07/17 10:16:48 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/07/16 10:58:13 | 000,000,837 | ---- | M] () -- C:\fraglist.luar
[2012/07/16 07:34:23 | 000,849,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/14 17:52:40 | 007,680,054 | ---- | M] () -- C:\WINDOWS\Dark Hex.bmp
[2012/07/14 15:35:28 | 000,014,583 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Outlook error.jpg
[2012/07/14 08:00:27 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/07/13 16:22:36 | 000,048,468 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\SysInfo.jpg
[2012/07/11 03:08:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/09 17:44:15 | 000,000,041 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2012/07/06 08:39:20 | 000,032,888 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\iain_fergusson.gmic
[2012/07/06 08:39:20 | 000,010,257 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\garagecoder.gmic
[2012/07/06 08:39:19 | 000,048,436 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\naggobot.gmic
[2012/07/06 08:39:18 | 000,006,831 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\gentlemanbeggar_gmic.gmic
[2012/07/06 08:39:17 | 000,047,450 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\photocomix.gmic
[2012/07/06 08:39:16 | 000,101,917 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\tomkeil.gmic
[2012/07/06 08:39:15 | 000,014,955 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\karos.gmic
[2012/07/06 08:39:15 | 000,001,415 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\ronounours.gmic
[2012/07/06 08:39:13 | 000,671,666 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\gmic_def.1516
[2012/07/06 08:38:34 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\gmic_sources.cimgz
[2012/07/03 11:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/07/03 11:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/07/03 11:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/07/03 11:21:53 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/07/03 11:21:53 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/07/03 11:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/07/03 11:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/07/03 11:21:52 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/07/03 11:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/07/03 11:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/06/29 08:44:05 | 000,135,328 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Gimp_SpareParts_Default_Brush_by_photocomix_resources.jpg
[2012/06/27 14:01:20 | 000,003,038 | ---- | M] () -- C:\fix_svchost.bat
[2012/06/27 09:47:14 | 000,290,680 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\cc_20120627_094544.reg
[2012/06/26 17:42:08 | 000,006,211 | ---- | M] () -- C:\WINDOWS\mgxoschk.ini
[2012/06/26 15:23:16 | 000,000,158 | ---- | M] () -- C:\Documents and Settings\Dave\.gtkrc-2.0
[2012/06/26 15:18:12 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Gimp themes.lnk
[2 C:\Documents and Settings\Dave\Application Data\*.tmp files -> C:\Documents and Settings\Dave\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/24 12:37:39 | 000,078,332 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\weird files.jpg
[2012/07/24 10:24:40 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/07/24 10:24:36 | 000,000,312 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/07/24 08:23:55 | 000,061,025 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\presets.jpg
[2012/07/23 12:33:09 | 000,296,265 | ---- | C] () -- C:\Documents and Settings\Dave\.recently-used.xbel
[2012/07/22 18:16:57 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CPUID HWMonitor.lnk
[2012/07/22 17:19:59 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\MBR.dat
[2012/07/19 09:32:45 | 007,680,054 | ---- | C] () -- C:\WINDOWS\Red Hex.bmp
[2012/07/16 10:58:13 | 000,000,837 | ---- | C] () -- C:\fraglist.luar
[2012/07/14 17:44:55 | 007,680,054 | ---- | C] () -- C:\WINDOWS\Dark Hex.bmp
[2012/07/14 15:35:28 | 000,014,583 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Outlook error.jpg
[2012/07/13 16:22:36 | 000,048,468 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\SysInfo.jpg
[2012/07/11 03:02:26 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/06/29 13:56:55 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2012/06/29 08:45:53 | 000,135,328 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Gimp_SpareParts_Default_Brush_by_photocomix_resources.jpg
[2012/06/27 14:01:25 | 000,003,038 | ---- | C] () -- C:\fix_svchost.bat
[2012/06/27 09:46:09 | 000,290,680 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\cc_20120627_094544.reg
[2012/06/26 17:42:05 | 000,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2012/06/26 15:18:12 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Gimp themes.lnk
[2012/06/24 06:38:05 | 000,353,675 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\recently-used.xbel
[2012/06/21 14:14:19 | 000,671,666 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\gmic_def.1516
[2012/06/21 07:09:03 | 000,604,277 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.gmic_def.1500
[2012/03/31 11:16:31 | 000,010,257 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\garagecoder.gmic
[2012/03/08 14:32:22 | 000,659,130 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\gmic_def.1510
[2012/02/14 17:48:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/27 09:02:40 | 000,000,405 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\gmic_faves
[2012/01/20 12:18:45 | 000,667,109 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\gmic_def.1509
[2011/12/31 13:06:33 | 000,032,888 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\iain_fergusson.gmic
[2011/12/31 13:06:32 | 000,048,436 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\naggobot.gmic
[2011/12/31 13:06:31 | 000,047,450 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\photocomix.gmic
[2011/12/31 13:06:31 | 000,006,831 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\gentlemanbeggar_gmic.gmic
[2011/12/31 13:06:30 | 000,101,917 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\tomkeil.gmic
[2011/12/31 13:06:29 | 000,014,955 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\karos.gmic
[2011/12/31 13:06:29 | 000,001,415 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\ronounours.gmic
[2011/12/31 13:06:10 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\gmic_sources.cimgz
[2011/12/31 13:05:36 | 000,656,734 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\gmic_def.1508
[2011/12/16 13:41:06 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/12/16 13:41:06 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/12/16 13:41:06 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/12/16 13:40:55 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/11/06 23:47:05 | 000,651,432 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.gmic_def.1506
[2011/10/26 12:35:47 | 000,032,888 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.iain_fergusson.gmic
[2011/10/26 12:35:21 | 000,639,002 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.gmic_def.1505
[2011/10/21 07:58:05 | 000,160,467 | ---- | C] () -- C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
[2011/10/13 11:04:08 | 000,048,436 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.naggobot.gmic
[2011/09/27 14:07:24 | 000,635,693 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.gmic_def.1503
[2011/09/19 11:59:32 | 000,006,831 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.gentlemanbeggar_gmic.gmic
[2011/09/08 16:36:47 | 000,100,488 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.tomkeil.gmic
[2011/09/08 16:36:47 | 000,040,636 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.photocomix.gmic
[2011/09/08 16:36:46 | 000,014,955 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.karos.gmic
[2011/09/08 16:36:46 | 000,001,415 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.ronounours.gmic
[2011/09/08 16:36:24 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.gmic_faves
[2011/08/29 17:01:21 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\.gmic_sources.cimgz
[2011/08/10 13:34:07 | 000,000,158 | ---- | C] () -- C:\Documents and Settings\Dave\.gtkrc-2.0
[2011/06/27 10:40:31 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/06/27 10:40:30 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/06/27 10:40:24 | 000,644,608 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/06/27 10:40:23 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/06/27 10:40:22 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/06/16 08:02:24 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2011/06/16 08:02:24 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2011/06/07 07:41:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/01 06:50:42 | 000,000,742 | R--- | C] () -- C:\WINDOWS\MSPPWSV.ini
[2011/02/21 17:35:01 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2011/02/18 15:12:45 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2011/01/07 12:09:41 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Blip.ini
[2010/10/06 12:28:35 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/09/20 09:03:35 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/03/11 07:54:13 | 000,000,041 | ---- | C] () -- C:\Documents and Settings\Dave\.gtk-bookmarks
[2009/10/31 15:10:26 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\setup_ldm.iss
[2009/10/22 08:21:18 | 000,001,753 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\QuickZip45.ini
[2009/05/01 12:06:36 | 000,000,094 | ---- | C] () -- C:\Documents and Settings\Dave\couponmanager.properties
[2008/12/10 20:18:50 | 000,060,744 | ---- | C] () -- C:\Documents and Settings\Dave\g2mdlhlpx.exe
[2007/01/20 13:18:54 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/01/06 16:59:19 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/06/26 07:21:50 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\fusioncache.dat
[2005/03/23 19:20:37 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/01/01 04:42:51 | 000,009,872 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2002/01/01 00:12:13 | 000,004,981 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe

========== LOP Check ==========

[2012/07/24 10:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/05/13 19:12:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/07/07 20:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FRISK Software
[2011/03/08 17:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2011/06/27 16:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motorola
[2005/07/07 15:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
[2011/02/21 17:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/09/07 09:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/03/08 16:56:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/07/10 13:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF reDirect
[2009/12/29 11:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2007/02/03 18:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011/02/03 13:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/05/13 19:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/07/12 14:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2009/10/31 15:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Summitsoft
[2011/06/22 15:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/08 06:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2012/05/09 11:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
[2010/04/19 15:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/06 20:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/09/14 07:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Astro Gemini Software
[2010/06/18 12:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Autodesk
[2010/08/12 07:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Bytescout SWF To Video Scout
[2009/05/27 06:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Canon
[2009/10/06 14:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/18 14:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\com.zipeg
[2010/07/10 19:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\DarkWave Studio
[2011/06/22 15:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\ElementalsTheMagicKey
[2011/06/27 09:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\ElevatedDiagnostics
[2011/02/18 15:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\EnchantedCavern
[2011/05/20 09:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\FileZilla
[2012/02/01 13:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Filter Forge Freepack 1 - Metals
[2009/09/25 09:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\FrmMain
[2012/02/06 22:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\GlarySoft
[2012/07/23 12:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\gtk-2.0
[2010/07/26 12:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\inkscape
[2006/04/16 11:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\InterVideo
[2005/06/26 07:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\IsolatedStorage
[2002/01/12 23:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\iSpring Solutions
[2010/10/07 14:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\kompozer.net
[2009/09/25 14:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Leadertech
[2011/06/27 16:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\motorola
[2005/05/16 18:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\MSN Search Toolbar
[2010/07/08 11:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\NCH Swift Sound
[2009/05/14 08:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\NewSoft
[2011/11/12 16:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Notepad++
[2011/02/21 13:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Oberon Media
[2010/07/10 13:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\PDF reDirect
[2012/02/20 17:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\pdfforge
[2010/12/29 16:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Sahmon Games
[2009/05/13 19:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\ScanSoft
[2008/09/19 17:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Softplicity
[2005/02/07 11:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\spweng
[2010/10/01 14:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Stellarium
[2009/10/29 19:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Summitsoft
[2004/02/10 19:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Vantage Software
[2002/01/04 01:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\XnView
[2002/01/11 21:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\YouSendIt
[2009/10/22 17:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Zipeg
[2012/07/24 12:33:52 | 000,000,312 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2012/07/22 02:19:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Fetch.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33A7CC67
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F662888F
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:815D61C4
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FCAE5408
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:83DE71AA
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD

< End of report >

Are we ready to try Combofix now or do you have additional measures to implement first?
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nope run it now :)
  • 0

#13
Draconian

Draconian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Well I'm still getting the Avira message so there must still be some component still lurking about in the background somewhere, the darn thing just wont die. What else do you have up your sleeve that we can try next kind sir?

Edited by Draconian, 24 July 2012 - 03:17 PM.

  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You can run combofix now as all it is detecting is the windows security centre stating that avira is active
  • 0

#15
Draconian

Draconian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Cool...be right back.

Sorry, my turn to cook dinner. Here's the Combo fix log results.

ComboFix 12-07-25.04 - Dave 07/24/2012 16:59:11.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1530 [GMT -5:00]
Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00FC-0D24-347CA8A3377C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\Dave\Application Data\isfree4_0.tmp
c:\documents and settings\Dave\Application Data\isfree4_1.tmp
c:\documents and settings\Dave\g2mdlhlpx.exe
c:\documents and settings\Dave\WINDOWS
c:\program files\filesubmit
c:\program files\filesubmit\Valley Of The Gods\fsi_install.ico
c:\program files\filesubmit\Valley Of The Gods\fsi_uninstall.ico
c:\program files\filesubmit\Valley Of The Gods\INSTALL.LOG
c:\program files\filesubmit\Valley Of The Gods\UNWISE.EXE
c:\program files\filesubmit\Valley Of The Gods\UNWISE.INI
c:\program files\filesubmit\Valley Of The Gods\valleyofthegodsss.zip
c:\program files\mm
c:\program files\mm\libfftw3-3.dll
c:\program files\mm\libgsl.dll
c:\program files\mm\libgslcblas.dll
c:\program files\mm\libgtksourceview-2.0-0.dll
c:\program files\mm\mathmap.exe
c:\program files\mm\share\gtksourceview-2.0\language-specs\mathmap.lang
c:\program files\mm\share\gtksourceview-2.0\styles\classic.xml
c:\program files\mm\share\gtksourceview-2.0\styles\cobalt.xml
c:\program files\mm\share\gtksourceview-2.0\styles\kate.xml
c:\program files\mm\share\gtksourceview-2.0\styles\oblivion.xml
c:\program files\mm\share\gtksourceview-2.0\styles\styles.rng
c:\program files\mm\share\gtksourceview-2.0\styles\tango.xml
.
.
((((((((((((((((((((((((( Files Created from 2012-06-24 to 2012-07-24 )))))))))))))))))))))))))))))))
.
.
2012-07-24 15:24 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-24 15:24 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-24 15:24 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-24 15:24 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-24 15:24 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-07-24 15:24 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-07-24 15:24 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-24 15:24 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-07-24 15:24 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-24 15:24 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-24 15:23 . 2012-07-24 15:23 -------- d-----w- c:\program files\AVAST Software
2012-07-24 15:23 . 2012-07-24 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-07-23 19:00 . 2012-07-23 19:00 -------- d-----w- C:\_OTL
2012-07-22 23:16 . 2011-09-21 15:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2012-07-22 23:16 . 2012-07-22 23:16 -------- d-----w- c:\program files\CPUID
2012-07-17 16:04 . 2012-07-17 16:04 -------- d-----w- c:\documents and settings\Dave\Application Data\SUPERAntiSpyware.com
2012-07-17 16:04 . 2012-07-17 16:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-17 16:04 . 2012-07-17 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-07-14 14:03 . 2012-07-14 14:03 -------- d-----w- c:\program files\ESET
2012-06-29 19:49 . 2012-06-29 20:07 -------- d-----w- c:\program files\IrfanView
2012-06-29 18:56 . 1996-10-30 14:35 32768 ----a-w- c:\windows\system32\PLUGIN.DLL
2012-06-29 18:56 . 1994-11-18 06:00 210944 ----a-w- c:\windows\system32\MSVCRT10.DLL
2012-06-27 21:56 . 2012-06-27 21:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-27 21:56 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-27 19:02 . 2012-06-27 19:02 1266056 ----a-w- C:\WindowsXP-KB927891-v3-x86-ENU.exe
2012-06-27 19:01 . 2012-06-27 19:01 3038 ----a-w- C:\fix_svchost.bat
2012-06-27 19:01 . 2012-06-27 19:01 6216032 ----a-w- C:\windowsupdateagent30-x86.exe
2012-06-26 22:42 . 2012-06-26 22:42 -------- d-----w- c:\windows\system32\MAGIX
2012-06-26 22:42 . 2008-04-15 20:14 700416 ----a-w- c:\windows\system32\mgxoschk.dll
2012-06-26 20:18 . 2012-06-26 20:18 -------- d-----w- c:\program files\Gimp Themes v1.0
2012-06-26 15:56 . 2012-06-26 15:56 -------- d-----w- c:\program files\GIMP-2.0
2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 15:28 . 2012-04-11 09:32 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 15:28 . 2011-05-24 15:39 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2003-03-31 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2007-05-15 21:43 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2003-03-31 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2003-03-31 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19 . 2002-01-29 00:54 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2004-08-12 02:21 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2004-08-12 02:21 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2004-08-12 02:21 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2002-01-29 00:54 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2005-05-26 09:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2004-08-12 02:21 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2004-01-19 01:28 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2003-03-31 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2002-01-29 00:54 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2002-01-29 00:54 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2004-08-12 02:21 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2004-01-19 01:28 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2007-01-21 23:44 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18 . 2007-01-21 23:44 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18 . 2002-01-29 05:56 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:19 . 2002-09-23 21:10 599552 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-02-06 23:05 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 10:18 . 2012-03-14 14:13 17543168 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:18 . 2012-02-22 13:16 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:18 . 2012-02-22 13:16 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 10:18 . 2011-12-16 18:40 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:18 . 2011-12-16 18:40 6012928 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:18 . 2011-12-16 18:40 2530624 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:18 . 2011-12-16 18:40 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:18 . 2006-11-17 23:29 2359808 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:18 . 2006-11-17 23:29 18771968 ----a-w- c:\windows\system32\nvoglnt.dll
2012-05-15 10:18 . 2004-08-04 07:56 4373248 ----a-w- c:\windows\system32\nv4_disp.dll
2012-05-15 10:18 . 2004-08-04 05:29 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-05-15 09:40 . 2006-11-17 23:29 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-05-15 09:40 . 2006-11-17 23:29 15504192 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:40 . 2006-11-17 23:29 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-05-15 09:40 . 2006-11-17 23:29 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-05-15 09:40 . 2006-11-17 23:29 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-11 14:42 . 2003-03-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2003-03-31 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:12 . 2003-03-31 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2002-08-29 01:04 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-01-19 01:28 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2006-10-12 23:17 . 2002-01-04 06:47 3072 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2006-02-13 18:07 . 2002-01-04 06:47 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-31 813584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 18:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 16:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- f:\reader\reader_sl.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"f:\\My Games\\Blackhawk Striker 2\\Blackhawk2.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [9/22/2003 2:46 PM 102400]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/24/2012 10:24 AM 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/24/2012 10:24 AM 353688]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/24/2012 10:24 AM 21256]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [7/22/2012 6:16 PM 21992]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2/22/2012 8:35 AM 1262400]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [11/25/2005 6:43 PM 31896]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12/16/2011 1:42 PM 123840]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 8:38 AM 135664]
S3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/11/2012 4:32 AM 250056]
S3 GenericMount;Generic Mount Driver; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 8:38 AM 135664]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 15:28]
.
2012-07-24 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-24 16:21]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 13:38]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 13:38]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;192.168.*.*
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: secureserver.net\email02
Trusted Zone: secureserver.net\www.email
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-ATI Launchpad - (no file)
Notify-AtiExtEvent - (no file)
MSConfigStartUp-ClocX - f:\program files\ClocX\ClocX.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-Norton Ghost 15 - c:\program files\Norton Ghost\Agent\VProTray.exe
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
AddRemove-DS4 Default Content 4.0.0.19 - f:\graphix\DAZ Library\Uninstallers\Remove-DS4 Default Content.exe
AddRemove-Valley Of The Gods - c:\program files\Screensavers\Valley Of The Gods\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-24 17:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-329068152-746137067-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(484)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2012-07-24 17:12:18
ComboFix-quarantined-files.txt 2012-07-24 22:12
.
Pre-Run: 468,600,832,000 bytes free
Post-Run: 468,576,329,728 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 3B2F69B8FDF7D317DBA9B65B7AC86B7B

As a side note, I noticed a couple of things that suddenly showed up on my desktop before I ran Combofix. A Thumbs.db file and another folder called %USERPROFILE%. Inside the folder were three other folders.

IETldCache
Local Settings
PrivacIE

Where did these come from?

Edited by Draconian, 24 July 2012 - 04:39 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP