Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Hijacked crazy computer

Started by halleyscomet , Dec 01 2010 12:09 AM

This topic is locked

#1
halleyscomet

Posted 01 December 2010 - 12:09 AM

Member

Member
71 posts

I've tried everything and had quite a miserable night, so I am here begging for help, I can't even get the computer to work well in safe mode. It boots up and when the main desktop looks like it is ready to go, you can't get anything to work and then the screen goes blue and it restarts page. It just keeps restarting, even in safe mode. It does this about every 30 seconds or so. I was able to launch spybot via the task manager prompt to start a program and did get it updated, that is running now. As it is running, the desktop behind it keeps restarting. Also, Malwarebytes is not working at all on the thing. Help!!!!!!!! Thanks in advance.

#2
maliprog

Posted 01 December 2010 - 06:52 AM

Trusted Helper

Malware Removal
6,172 posts

Hello halleyscomet and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start cleaning your PC you must print or save to Desktop (in .txt file) this instructions so you can access it in Safe Mode with no internet connection.

NOTE:

Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
Absence of symptoms does not always mean the computer is clean
Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
Please DO NOT run any scans or fix on your own without my direction.
Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

Step 1

Please download OTH to your desktop
Please download OTL to your Desktop
Please download the attached Scan.txt to your desktop (located at the end of this post)

Double click the OTH file and select Kill All Processes, your desktop will go blank

Posted Image

Then select Start OTL
OTL will now run

double-click on the Custom Scans box and a message box will popup asking if you want to load a custom scan from a file
Select Scan.txt that you downloaded
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Copy and paste them to me.

Step 2

Please don't forget to include these items in your reply:

OTL log

It would be helpful if you could post each log in separate post

Attached Files

Scan.txt 998bytes 226 downloads

#3
halleyscomet

Posted 01 December 2010 - 11:54 AM

Member

Topic Starter
Member
71 posts

Great. I work until 6:30 EST in USA, so I will do this as soon as I get home tonight. I meant to try to get an OTS and OTL log last night. I really appreciate your help, look forward to working with you. This site helped me a year ago and I have recommended it many times! Talk to you in a few hours! Also, I am able to get onto the internet at home via my laptop, the infection is on my desktop.

#4
maliprog

Posted 01 December 2010 - 12:22 PM

Trusted Helper

Malware Removal
6,172 posts

Hi halleyscomet

I didn't know you are using your laptop to get on internet. If this is the case and you plan to transfer files on USB memory stick than we must protect your USB memory from getting infected.

Do this on the clean computer (your laptop):

1 - Flash Drive Disinfector
Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

After this you can use your USB memory to transfer tools from your laptop to desktop PC.

#5
halleyscomet

Posted 01 December 2010 - 08:11 PM

Member

Topic Starter
Member
71 posts

I am afraid it could be a hard drive failure....a virus seemed most likely, but now I am getting a message to such extent when computer starts up, says F1 to continue, Del for set up. OK, problem is rampant under my User account, but when I go in under Administrator, there is no issue with the desktop resetting..... Can I do work from the administrator account???? Also, the resolution is very large in safe mode and I cannot see most of the page, as it is off the screen.

#6
halleyscomet

Posted 01 December 2010 - 08:56 PM

Member

Topic Starter
Member
71 posts

It works o.k. in the administrator profile....hope this helps get somewhere:

OTL logfile created on: 12/1/2010 9:45:34 PM - Run 4
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 760.00 Mb Available Physical Memory | 79.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 32.56 Gb Free Space | 21.85% Space Free | Partition Type: NTFS

Computer Name: HALLEYSCOMET | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/01 21:20:27 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/12/01 21:20:27 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/12/01 21:17:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/12/01 21:17:11 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr

========== Modules (SafeList) ==========

MOD - [2010/12/01 21:17:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2004/08/04 02:57:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe WMP54Gv4.exe -- (WMP54Gv4SVC)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/12/01 21:20:27 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/05/21 16:25:30 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2008/05/16 05:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2005/07/19 12:37:52 | 000,163,904 | ---- | M] (ewido networks) [Disabled | Stopped] -- C:\Program Files\ewido\security suite\ewidoguard.exe -- (ewido security suite guard)
SRV - [2004/11/11 18:53:03 | 000,016,448 | ---- | M] (ewido networks) [Auto | Stopped] -- C:\Program Files\ewido\security suite\ewidoctrl.exe -- (ewido security suite control)
SRV - [2003/01/17 04:02:00 | 000,045,056 | ---- | M] ( ) [Auto | Stopped] -- C:\WINDOWS\System32\slserv.exe -- (SLService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\rt2870.sys -- (rt2870)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rootrepeal.sys -- (rootrepeal)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\Fxdrv.sys -- (FXDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\GEORGE~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2009/12/01 15:49:54 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009/07/03 09:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/12/26 12:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008/12/04 12:50:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\S.AntSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/12/04 12:50:04 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\S.AntSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/12/04 12:50:02 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\S.AntSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/05/16 05:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 05:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2007/04/21 09:15:42 | 000,009,344 | ---- | M] (Hajo Krabbenhöft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tenCapture.sys -- (tenCapture)
DRV - [2007/03/14 15:10:16 | 000,513,152 | ---- | M] (Windows ® 2000/XP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmaCDriverV32.sys -- (WmaCDriverV32)
DRV - [2007/02/08 18:10:13 | 000,021,120 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2007/02/06 09:19:14 | 000,013,184 | ---- | M] (NoteBurn Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ntcdrdrv.sys -- (ntcdrdrv)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (winusb)
DRV - [2006/09/18 11:54:48 | 000,016,640 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2005/10/27 15:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/11/22 09:15:15 | 000,003,072 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files\ewido\security suite\guard.sys -- (ewido security suite driver)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 02:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/04 00:41:39 | 000,013,776 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\recagent.sys -- (RecAgent)
DRV - [2004/01/09 19:01:58 | 000,146,560 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2004/01/09 19:01:58 | 000,066,992 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/01/09 19:01:56 | 000,259,200 | ---- | M] (Roxio) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2004/01/09 19:01:56 | 000,213,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp)
DRV - [2004/01/09 19:01:56 | 000,118,409 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2004/01/09 19:01:56 | 000,024,698 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/01/09 19:01:56 | 000,022,745 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2004/01/09 19:01:56 | 000,021,993 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2003/11/10 14:24:24 | 000,039,532 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2003/10/06 16:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/09/02 18:51:00 | 000,312,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2003/09/02 18:51:00 | 000,036,864 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2003/08/15 21:22:16 | 000,072,771 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2003/03/19 17:51:00 | 000,018,688 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/02/16 19:33:00 | 001,293,192 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2003/02/16 18:12:00 | 000,085,520 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2003/02/16 18:11:00 | 000,516,616 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2003/02/16 18:08:00 | 000,210,128 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2003/02/05 19:25:00 | 000,162,136 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2003/01/17 03:19:00 | 000,039,348 | ---- | M] (Vireo Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2002/07/01 00:00:02 | 000,024,059 | ---- | M] (CASIO COMPUTER CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CW50.sys -- (CW50)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\:
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Components: C:\Program Files\Common Files\csshare\plugins0942 [2010/08/05 18:49:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Plugins: C:\Program Files\Common Files\csshare\plugins0942 [2010/08/05 18:49:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/01 21:22:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/05 18:49:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Components: C:\Program Files\Netscape\Netscape 6\Components [2001/12/13 22:31:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape 6\Plugins [2010/08/05 18:49:30 | 000,000,000 | ---D | M]

[2009/07/22 22:39:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/01/02 14:42:40 | 000,110,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

Hosts file not found
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O2 - BHO: (no name) - {E15EB2D0-9302-44F6-A17A-9B4DB5939B9A} - C:\WINDOWS\System32\CDDBContro.dll File not found
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe File not found
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [nForce Tray Options] C:\WINDOWS\System32\sstray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe (NoteBurner.COM)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [RegistryMechanic] File not found
O4 - HKLM..\Run: [RoxioEngineUtility] C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe (Roxio)
O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\RunServices: [ITUNES] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Media Card Companion Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe (Arcsoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Ranges: Range1 ([*] in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1178918987203 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by112fd.bay11...ex/HMAtchmt.ocx (Hotmail Attachments Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\S.AntSpyware\SASWINLO.dll - C:\Program Files\S.AntSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O28 - HKLM ShellExecuteHooks: {54D9498B-CF93-414F-8984-8CE7FDE0D391} - C:\Program Files\ewido\security suite\shellhook.dll ()
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\S.AntSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010/12/01 21:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/12/01 21:22:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2010/12/01 21:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2010/12/01 21:17:28 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/12/01 21:17:11 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr
[2010/11/28 13:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\vShare
[2004/02/05 04:36:29 | 000,516,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2004/02/05 04:36:29 | 000,085,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2004/02/05 04:36:28 | 001,293,192 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2004/02/05 04:36:28 | 000,210,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2004/02/05 04:36:28 | 000,162,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2004/02/04 21:41:17 | 000,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys

========== Files - Modified Within 30 Days ==========

[2010/12/01 21:39:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/01 21:38:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/01 21:35:54 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/12/01 21:35:54 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/12/01 21:27:35 | 000,000,241 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2010/12/01 21:27:18 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/01 21:17:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/12/01 21:17:11 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr
[2010/12/01 20:20:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/30 14:13:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/29 01:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/17 23:41:39 | 000,000,028 | ---- | M] () -- C:\WINDOWS\album.ini
[2010/11/17 21:37:52 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/17 21:37:52 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/04 10:54:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#deskjet5100#MY3A44M27X7A.job

========== Files Created - No Company Name ==========

[2009/07/20 19:15:32 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/02/19 17:24:13 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2009/02/19 17:24:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/02/19 17:24:00 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2009/02/19 17:23:59 | 000,009,853 | ---- | C] () -- C:\WINDOWS\HL-2140.INI
[2009/02/19 17:23:41 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/02/19 17:22:12 | 000,000,241 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/01/27 22:09:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/01/27 22:08:33 | 000,000,920 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2007/05/01 13:44:28 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameJ.txt
[2006/10/21 12:59:59 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2006/09/24 13:53:54 | 000,268,242 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-parse.dll
[2006/09/24 13:53:42 | 002,518,779 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-enc.dll
[2006/09/24 13:52:04 | 000,030,693 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-int.dll
[2006/04/17 15:28:53 | 000,000,011 | ---- | C] () -- C:\WINDOWS\PCW120.INI
[2006/04/04 15:00:29 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/12 16:14:41 | 000,000,066 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/11/17 12:57:30 | 000,258,560 | ---- | C] () -- C:\WINDOWS\System32\MusicTagsAX.dll
[2005/10/14 22:10:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll
[2004/12/27 20:47:00 | 000,000,179 | -H-- | C] () -- C:\WINDOWS\ipg.dll
[2004/11/18 12:03:50 | 000,000,050 | ---- | C] () -- C:\WINDOWS\StreamRipper32.INI
[2004/11/18 12:03:26 | 000,000,408 | ---- | C] () -- C:\WINDOWS\sripper.ini
[2004/11/01 19:23:46 | 000,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2004/11/01 19:22:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2004/11/01 19:15:49 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2004/11/01 19:15:49 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2004/10/26 15:27:27 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\rsUtil.dll
[2004/07/20 15:35:57 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2004/07/20 15:35:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2004/07/20 15:10:39 | 000,147,506 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2004/07/20 15:10:39 | 000,049,852 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2004/05/07 10:06:05 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll
[2004/05/07 10:06:05 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll
[2004/05/04 10:49:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/05/04 10:38:26 | 000,004,638 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2004/05/04 10:38:00 | 000,000,478 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2004/04/20 09:36:02 | 000,000,397 | ---- | C] () -- C:\WINDOWS\System32\master.dll
[2004/02/05 09:53:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/02/05 08:12:24 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/02/05 08:11:01 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2004/02/05 08:11:01 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2004/02/05 06:04:22 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/02/05 06:03:58 | 000,000,310 | ---- | C] () -- C:\WINDOWS\net2fone.ini
[2004/02/05 04:36:42 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\nvwrsda.dll
[2004/02/05 04:36:36 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2004/02/05 04:36:30 | 000,018,253 | ---- | C] () -- C:\WINDOWS\System32\ssnvfx.ini
[2004/02/05 04:36:29 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2004/02/05 04:36:28 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2004/02/05 04:36:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2004/02/05 04:36:23 | 000,001,094 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/02/05 04:36:23 | 000,000,466 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/02/05 04:36:03 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/02/04 21:41:17 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2004/02/04 21:41:17 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2004/02/04 21:40:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/02/01 14:21:56 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
[2003/08/07 15:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2002/03/21 00:38:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\Recapr.dll
[2001/01/10 21:15:56 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2000/02/08 01:05:36 | 000,110,080 | R--- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL
[2000/02/08 01:05:34 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\NWLOCALE.DLL

========== LOP Check ==========

[2004/02/05 05:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2009/07/20 17:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2004/09/08 10:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HServices
[2009/07/30 22:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/08/14 19:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/08/17 18:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/11/30 23:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/06 18:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/05 18:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2007/02/16 18:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
[2009/07/31 00:10:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2010/11/29 01:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%*.* >
[2010/12/01 21:37:55 | 000,033,148 | ---- | M] () -- C:\aaw7boot.log
[2005/03/25 15:39:17 | 001,080,044 | ---- | M] () -- C:\ApRec.wav
[2009/08/25 21:07:42 | 000,001,110 | ---- | M] () -- C:\avenger.txt
[2008/12/21 23:25:17 | 016,022,694 | RHS- | M] () -- C:\AVG7DB_F.DAT
[2005/07/28 13:57:38 | 011,859,569 | ---- | M] () -- C:\AVG7QT.DAT
[2009/08/12 21:00:17 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/04/20 13:08:26 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 22:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2004/02/05 05:43:35 | 000,000,000 | RHS- | M] () -- C:\CONFIG.SYS
[2008/12/16 00:41:38 | 002,187,264 | ---- | M] () -- C:\crash.txt
[2009/01/05 21:55:01 | 000,017,048 | ---- | M] () -- C:\drwtsn32.log
[2005/08/08 01:00:18 | 000,000,137 | ---- | M] () -- C:\errors.log
[2004/07/22 17:34:42 | 000,019,968 | ---- | M] () -- C:\Fee Application.doc
[2009/07/30 22:36:48 | 000,008,402 | ---- | M] () -- C:\hpcmerr.log
[2009/02/19 13:59:14 | 001,909,016 | ---- | M] () -- C:\hpfr5100.log
[2004/02/05 05:43:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/04/23 23:06:49 | 000,000,409 | -H-- | M] () -- C:\IPH.PH
[2007/02/08 17:18:22 | 000,035,788 | ---- | M] () -- C:\log.txt
[2009/08/12 23:09:58 | 000,086,728 | ---- | M] () -- C:\MGlogs.zip
[2009/08/12 21:22:54 | 001,343,651 | ---- | M] () -- C:\MGtools.exe
[2004/02/05 05:43:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/05/11 18:27:22 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2007/05/11 18:27:21 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/12/01 21:37:57 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys
[2009/01/01 16:48:50 | 000,001,402 | ---- | M] () -- C:\plaxo.log
[2001/04/03 13:20:06 | 000,011,565 | ---- | M] () -- C:\Rescued document.txt
[2005/08/18 16:01:32 | 000,000,706 | ---- | M] () -- C:\smitfiles.txt
[2004/09/10 15:40:45 | 000,000,448 | ---- | M] () -- C:\staff.html
[2005/10/31 10:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2004/12/29 04:28:49 | 000,000,404 | ---- | M] () -- C:\tmp.txt
[2009/01/17 17:26:08 | 000,000,153 | ---- | M] () -- C:\xcrashdump.dat
[2005/07/01 15:57:19 | 000,000,000 | ---- | M] () -- C:\z.t

< %systemroot%system32*.wt >

< %systemroot%system32*.ruy >

< %systemroot%Fonts*.com >

< %systemroot%Fonts*.dll >

< %systemroot%Fonts*.ini >

< %systemroot%Fonts*.ini2 >

< %systemroot%Fonts*.exe >

< %systemroot%system32spoolprtprocsw32x86*.* >

< %systemroot%REPAIR*.bak1 >

< %systemroot%REPAIR*.ini >

< %systemroot%system32*.jpg >

< %systemroot%*.jpg >

< %systemroot%*.png >

< %systemroot%*.scr >

< %systemroot%*._sy >

< %APPDATA%AdobeUpdate*.* >

< %ALLUSERSPROFILE%Favorites*.* >

< %APPDATA%Microsoft*.* >

< %PROGRAMFILES%*.* >

< %APPDATA%Update*.* >

< %systemroot%*. /mp /s >

< %systemroot%System32config*.sav >

< %PROGRAMFILES%|bak;true;false;false /fp >

< %systemroot%system32|bak;true;false;false /fp >
[2009/06/22 21:58:06 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\CatRoot_bak

< %ALLUSERSPROFILE%Start Menu*.lnk /x >
[2004/05/03 11:47:18 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/12/01 18:25:44 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG

< %systemroot%system32configsystemprofile*.dat /x >
[2010/12/01 21:38:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\0.log
[2009/12/01 00:25:43 | 000,000,002 | ---- | M] () -- C:\WINDOWS\010112010146101105.rx
[2003/09/02 19:00:50 | 000,509,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\50comupd.exe
[2004/10/26 15:24:12 | 000,000,766 | ---- | M] () -- C:\WINDOWS\ACTGPR2.ICO
[2004/10/26 15:24:11 | 000,005,222 | ---- | M] () -- C:\WINDOWS\ADOBE.ICO
[2010/11/17 23:41:39 | 000,000,028 | ---- | M] () -- C:\WINDOWS\album.ini
[2006/04/04 15:00:29 | 000,000,028 | ---- | M] () -- C:\WINDOWS\atid.ini
[2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\bcm42rly.sys
[2001/11/02 13:31:46 | 000,018,000 | ---- | M] (BigFix, Inc.) -- C:\WINDOWS\BigFixClientOverride.dll
[2003/03/31 07:00:00 | 000,001,272 | ---- | M] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/12/01 21:38:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/02/19 17:24:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\brmx2001.ini
[2010/12/01 21:27:35 | 000,000,241 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2009/02/19 17:24:13 | 000,000,145 | ---- | M] () -- C:\WINDOWS\BRVIDEO.INI
[2010/10/19 22:31:37 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2006/03/12 16:23:25 | 000,000,066 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2003/03/31 07:00:00 | 000,082,944 | ---- | M] () -- C:\WINDOWS\clock.avi
[2003/03/31 07:00:00 | 000,017,062 | ---- | M] () -- C:\WINDOWS\Coffee Bean.bmp
[2004/02/05 05:43:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2001/10/17 16:13:09 | 000,003,126 | ---- | M] () -- C:\WINDOWS\emachines_32.bmp
[2006/01/26 12:57:05 | 000,999,506 | ---- | M] (RealLegal) -- C:\WINDOWS\etrnview.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2003/03/31 07:00:00 | 000,000,080 | ---- | M] () -- C:\WINDOWS\explorer.scf
[2003/03/31 07:00:00 | 000,016,730 | ---- | M] () -- C:\WINDOWS\FeatherTexture.bmp
[2004/10/26 15:24:11 | 000,007,358 | ---- | M] () -- C:\WINDOWS\forms.ICO
[2003/03/31 07:00:00 | 000,017,336 | ---- | M] () -- C:\WINDOWS\Gone Fishing.bmp
[2003/03/31 07:00:00 | 000,026,582 | ---- | M] () -- C:\WINDOWS\Greenstone.bmp
[2000/08/31 07:00:00 | 000,080,412 | ---- | M] () -- C:\WINDOWS\grep.exe
[2005/05/26 18:22:01 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\hh.exe
[2001/07/02 23:36:30 | 000,024,576 | ---- | M] () -- C:\WINDOWS\HKNTDLL.dll
[2009/02/19 17:24:13 | 000,009,853 | ---- | M] () -- C:\WINDOWS\HL-2140.INI
[2000/08/07 14:57:26 | 000,005,280 | ---- | M] () -- C:\WINDOWS\hotbtnv.vxd
[2004/05/04 10:38:15 | 000,002,408 | ---- | M] () -- C:\WINDOWS\hpbvspst.his
[2004/05/04 10:38:16 | 000,000,478 | ---- | M] () -- C:\WINDOWS\hpbvspst.ini
[2004/05/04 10:42:07 | 000,007,588 | ---- | M] () -- C:\WINDOWS\hpdj5100.bu1
[2004/05/04 10:42:07 | 000,160,521 | ---- | M] () -- C:\WINDOWS\hpdj5100.hi1
[2009/07/30 22:37:57 | 000,028,780 | ---- | M] () -- C:\WINDOWS\hpdj5100.his
[2009/07/30 22:37:57 | 000,004,638 | ---- | M] () -- C:\WINDOWS\hpdj5100.ini
[2003/03/03 08:24:32 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ieuninst.exe
[2004/12/29 14:48:04 | 000,000,339 | -H-- | M] () -- C:\WINDOWS\ipg
[2004/12/29 14:48:04 | 000,000,179 | -H-- | M] () -- C:\WINDOWS\ipg.dll
[1998/10/29 16:45:06 | 000,306,688 | ---- | M] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2004/11/01 19:23:48 | 000,000,572 | ---- | M] () -- C:\WINDOWS\maxlink.ini
[2003/05/29 21:56:44 | 000,003,927 | ---- | M] () -- C:\WINDOWS\mHotkey.reg
[2009/12/01 00:26:48 | 000,000,001 | -H-- | M] () -- C:\WINDOWS\mmsmark3.dat
[2009/03/20 16:34:49 | 000,010,566 | ---- | M] () -- C:\WINDOWS\ModemLog_56Kbps Internal Modem.txt
[2006/01/02 14:42:44 | 000,015,329 | ---- | M] () -- C:\WINDOWS\mozver.dat
[2003/03/31 07:00:00 | 000,001,405 | ---- | M] () -- C:\WINDOWS\msdfmap.ini
[2009/07/20 19:15:32 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2004/06/18 13:40:50 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\muninst.exe
[2004/02/05 06:03:59 | 000,074,896 | ---- | M] () -- C:\WINDOWS\N6Uninst.exe
[2004/02/05 06:04:02 | 000,000,310 | ---- | M] () -- C:\WINDOWS\net2fone.ini
[2009/04/20 11:56:28 | 000,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2004/08/04 02:56:54 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2006/03/12 15:36:19 | 000,001,760 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/12/01 21:38:27 | 000,800,500 | ---- | M] () -- C:\WINDOWS\ntbtlog.txt
[2001/12/10 19:50:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2004/02/05 05:43:29 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2003/07/07 12:41:08 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\oeuninst.exe
[2004/11/01 19:22:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\OP70.INI
[2001/04/18 16:08:18 | 000,086,016 | ---- | M] () -- C:\WINDOWS\OPDIRDEL.exe
[1995/07/31 13:44:46 | 000,212,480 | ---- | M] (Eastman Kodak) -- C:\WINDOWS\PCDLIB32.DLL
[2006/04/17 15:28:53 | 000,000,011 | ---- | M] () -- C:\WINDOWS\PCW120.INI
[2004/07/20 15:35:45 | 000,000,028 | ---- | M] () -- C:\WINDOWS\pdf995.ini
[2003/05/26 22:19:18 | 000,532,544 | ---- | M] () -- C:\WINDOWS\PIC.dll
[2003/03/31 07:00:00 | 000,065,954 | ---- | M] () -- C:\WINDOWS\Prairie Wind.bmp
[2004/07/20 13:54:02 | 000,078,960 | ---- | M] () -- C:\WINDOWS\preprocess.data
[1998/07/21 20:29:06 | 000,000,021 | ---- | M] () -- C:\WINDOWS\Ps_setup.ini
[2003/03/03 12:24:32 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Q330994.exe
[2010/08/05 10:34:25 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/08/05 10:34:25 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2004/12/27 20:48:00 | 000,001,635 | ---- | M] () -- C:\WINDOWS\readme2.txt
[2004/08/04 02:56:55 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\regedit.exe
[2004/02/05 06:15:19 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2003/03/31 07:00:00 | 000,017,362 | ---- | M] () -- C:\WINDOWS\Rhododendron.bmp
[2003/03/31 07:00:00 | 000,026,680 | ---- | M] () -- C:\WINDOWS\River Sumida.bmp
[2003/03/31 07:00:00 | 000,065,832 | ---- | M] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/12/01 21:33:40 | 000,004,672 | ---- | M] () -- C:\WINDOWS\SchedLgU.Txt
[2000/08/31 07:00:00 | 000,098,816 | ---- | M] () -- C:\WINDOWS\sed.exe
[2004/12/28 15:10:34 | 000,000,627 | ---- | M] () -- C:\WINDOWS\sepsd.bin
[2010/12/01 21:28:50 | 000,001,612 | ---- | M] () -- C:\WINDOWS\setupapi.log
[2007/05/11 16:33:39 | 001,253,235 | ---- | M] () -- C:\WINDOWS\setupapi.log.0.old
[2009/05/07 19:38:47 | 001,024,957 | ---- | M] () -- C:\WINDOWS\setupapi.log.1.old
[2004/02/05 08:23:51 | 000,653,720 | ---- | M] () -- C:\WINDOWS\SIGVERIF.TXT
[2003/01/17 03:45:46 | 000,128,327 | ---- | M] () -- C:\WINDOWS\sl.lng
[2003/01/17 03:47:00 | 000,024,576 | ---- | M] () -- C:\WINDOWS\slrundll.exe
[2003/01/17 05:04:12 | 000,061,440 | ---- | M] () -- C:\WINDOWS\SmCfg.exe
[2004/02/05 09:53:17 | 000,000,061 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2003/03/31 07:00:00 | 000,065,978 | ---- | M] () -- C:\WINDOWS\Soap Bubbles.bmp
[2008/12/16 12:15:20 | 000,000,408 | ---- | M] () -- C:\WINDOWS\sripper.ini
[2010/11/30 23:51:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Sti_Trace.log
[2008/12/16 12:15:24 | 000,000,050 | ---- | M] () -- C:\WINDOWS\StreamRipper32.INI
[2004/10/26 15:24:10 | 000,007,358 | ---- | M] () -- C:\WINDOWS\support.ICO
[2000/08/31 07:00:00 | 000,161,792 | ---- | M] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2000/08/31 07:00:00 | 000,136,704 | ---- | M] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2000/08/31 07:00:00 | 000,212,480 | ---- | M] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/20 13:08:26 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2003/03/31 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2004/05/07 10:03:13 | 000,009,728 | -HS- | M] () -- C:\WINDOWS\Thumbs.db
[2003/03/31 07:00:00 | 000,094,784 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twain.dll
[2004/08/04 02:56:46 | 000,050,688 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twain_32.dll
[2003/03/31 07:00:00 | 000,049,680 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_16.exe
[2003/03/31 07:00:00 | 000,025,600 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_32.exe
[1997/04/08 20:08:10 | 000,299,520 | ---- | M] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2006/01/02 14:41:15 | 000,107,132 | ---- | M] () -- C:\WINDOWS\UninstallFirefox.exe
[2004/08/05 17:54:00 | 000,023,936 | ---- | M] () -- C:\WINDOWS\UNNeroBurnRights.cfg
[2004/08/04 13:19:36 | 002,031,616 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\UNNeroBurnRights.exe
[2003/03/16 00:15:04 | 000,090,112 | ---- | M] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2004/08/30 19:52:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\usbwin.exe
[2004/02/05 05:42:22 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2004/02/05 05:42:22 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2003/03/31 07:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vmmreg32.dll
[2010/12/01 21:33:39 | 000,000,215 | ---- | M] () -- C:\WINDOWS\wiadebug.log
[2010/12/01 21:27:18 | 000,000,049 | ---- | M] () -- C:\WINDOWS\wiaservc.log
[2010/04/20 13:08:26 | 000,000,755 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/19 01:54:22 | 000,001,065 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2004/02/05 05:42:51 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/12/01 21:36:58 | 000,008,008 | ---- | M] () -- C:\WINDOWS\WindowsUpdate.log
[2003/03/31 07:00:00 | 000,256,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhelp.exe
[2004/08/04 02:56:57 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhlp32.exe
[2003/03/31 07:00:00 | 000,048,680 | -HS- | M] () -- C:\WINDOWS\winnt.bmp
[2003/03/31 07:00:00 | 000,048,680 | -HS- | M] () -- C:\WINDOWS\winnt256.bmp
[2004/08/16 19:34:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\wis.exe
[2007/05/11 19:52:51 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2004/02/05 05:43:32 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2010/08/15 21:18:22 | 000,000,048 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2004/08/11 21:37:23 | 000,000,061 | ---- | M] () -- C:\WINDOWS\x.bat
[2003/03/31 07:00:00 | 000,009,522 | ---- | M] () -- C:\WINDOWS\Zapotec.bmp
[2003/06/03 14:01:32 | 000,496,640 | ---- | M] (Chicony) -- C:\WINDOWS\zHotkey.exe
[2000/08/31 07:00:00 | 000,068,096 | ---- | M] () -- C:\WINDOWS\zip.exe
[2003/03/31 07:00:00 | 000,000,707 | ---- | M] () -- C:\WINDOWS\_default.pif

< %systemroot%*.config >

< %systemroot%system32*.db >

< HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU >

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 2628 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF

< End of report >

#7
maliprog

Posted 02 December 2010 - 01:26 AM

Trusted Helper

Malware Removal
6,172 posts

Hi halleyscomet,

This error on boot is related to your BIOS setting. Enter your BIOS and exit it without changing anything. It will ask you if you want save changes before exit and you choose YES. This should fix error at boot.

Let's try to fix you account...

Step 1

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [RegistryMechanic] File not found
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\RunServices: [ITUNES] File not found
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()

:Commands
[purity]
[emptytemp]
[emptyflash]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the fix log it produces in your next reply.

Step 2

Download ComboFix here :

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Step 3

Run OTL.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 4

Please don't forget to include these items in your reply:

OTL fix log
Combofix log
New OTL scan log

It would be helpful if you could post each log in separate post

#8
maliprog

Posted 02 December 2010 - 01:33 AM

Trusted Helper

Malware Removal
6,172 posts

I forget one thing. In Step 3 please check Scan all Users checkbox located near Quick Scan button before running scan.

#9
halleyscomet

Posted 02 December 2010 - 10:41 AM

Member

Topic Starter
Member
71 posts

ok, I will do this tonight....BUT!!! One question, how do I enter BIOS? I can google to try to figure out if I get home before you read this, thanks.

#10
maliprog

Posted 02 December 2010 - 11:22 AM

Trusted Helper

Malware Removal
6,172 posts

Hi halleyscomet,

When your computer starts up, it should say "Press xxx to Enter Setup" It may also say to enter BIOS. Press the key to enter CMOS Setup. For desktop computers it is usually DEL key. After that use your arrow keys to find something like Save & Exit Setup . It is important not to change anything in BIOS.

#11
halleyscomet

Posted 02 December 2010 - 08:26 PM

Member

Topic Starter
Member
71 posts

I don't have anything that showsup on reboot to enter bios. I ran the fix in safe mode under administrator. It then rebooted, but I did not hit F8 in time and then went in to normal mode. Well there was a log, but as the screen freezes and keeps resetting, I can't do anything! So, apologies, but I do not have that log you needed after the OTL fix.

Am I able to do repairs in the administrator mode from safe with networking? That is where I am now and the only way I can do anytghing on this computer.

#12
halleyscomet

Posted 02 December 2010 - 09:06 PM

Member

Topic Starter
Member
71 posts

Also, I was able to run ComboFix in the ADMINISTRATOR account with no problem, BUT it did not give me a log!!!! I re-rean OTL, again in Administrator, NOT the user account is always use that is giving me the problems.....I am unclear if this is helping, I hope so. Herer is that log:

OTL logfile created on: 12/2/2010 9:51:18 PM - Run 5
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 745.00 Mb Available Physical Memory | 78.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 32.55 Gb Free Space | 21.84% Space Free | Partition Type: NTFS

Computer Name: HALLEYSCOMET | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/01 21:17:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/12/01 21:17:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2004/08/04 02:57:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe WMP54Gv4.exe -- (WMP54Gv4SVC)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/12/01 21:20:27 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/05/21 16:25:30 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2008/05/16 05:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2005/07/19 12:37:52 | 000,163,904 | ---- | M] (ewido networks) [Disabled | Stopped] -- C:\Program Files\ewido\security suite\ewidoguard.exe -- (ewido security suite guard)
SRV - [2004/11/11 18:53:03 | 000,016,448 | ---- | M] (ewido networks) [Auto | Stopped] -- C:\Program Files\ewido\security suite\ewidoctrl.exe -- (ewido security suite control)
SRV - [2003/01/17 04:02:00 | 000,045,056 | ---- | M] ( ) [Auto | Stopped] -- C:\WINDOWS\System32\slserv.exe -- (SLService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\rt2870.sys -- (rt2870)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\Fxdrv.sys -- (FXDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2009/12/01 15:49:54 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009/07/03 09:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/12/26 12:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008/12/04 12:50:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\S.AntSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/12/04 12:50:04 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\S.AntSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/12/04 12:50:02 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\S.AntSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/05/16 05:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 05:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2007/04/21 09:15:42 | 000,009,344 | ---- | M] (Hajo Krabbenhöft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tenCapture.sys -- (tenCapture)
DRV - [2007/03/14 15:10:16 | 000,513,152 | ---- | M] (Windows ® 2000/XP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmaCDriverV32.sys -- (WmaCDriverV32)
DRV - [2007/02/08 18:10:13 | 000,021,120 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2007/02/06 09:19:14 | 000,013,184 | ---- | M] (NoteBurn Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ntcdrdrv.sys -- (ntcdrdrv)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (winusb)
DRV - [2006/09/18 11:54:48 | 000,016,640 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2005/10/27 15:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/11/22 09:15:15 | 000,003,072 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files\ewido\security suite\guard.sys -- (ewido security suite driver)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 02:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/04 00:41:39 | 000,013,776 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\recagent.sys -- (RecAgent)
DRV - [2004/01/09 19:01:58 | 000,146,560 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2004/01/09 19:01:58 | 000,066,992 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/01/09 19:01:56 | 000,259,200 | ---- | M] (Roxio) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2004/01/09 19:01:56 | 000,213,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp)
DRV - [2004/01/09 19:01:56 | 000,118,409 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2004/01/09 19:01:56 | 000,024,698 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/01/09 19:01:56 | 000,022,745 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2004/01/09 19:01:56 | 000,021,993 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2003/11/10 14:24:24 | 000,039,532 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2003/10/06 16:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/09/02 18:51:00 | 000,312,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2003/09/02 18:51:00 | 000,036,864 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2003/08/15 21:22:16 | 000,072,771 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2003/03/19 17:51:00 | 000,018,688 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/02/16 19:33:00 | 001,293,192 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2003/02/16 18:12:00 | 000,085,520 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2003/02/16 18:11:00 | 000,516,616 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2003/02/16 18:08:00 | 000,210,128 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2003/02/05 19:25:00 | 000,162,136 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2003/01/17 03:19:00 | 000,039,348 | ---- | M] (Vireo Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2002/07/01 00:00:02 | 000,024,059 | ---- | M] (CASIO COMPUTER CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CW50.sys -- (CW50)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp...rch/search.html

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4203159875-1523717275-2158606223-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-4203159875-1523717275-2158606223-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\:
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Components: C:\Program Files\Common Files\csshare\plugins0942 [2010/08/05 18:49:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Plugins: C:\Program Files\Common Files\csshare\plugins0942 [2010/08/05 18:49:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/01 21:22:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/05 18:49:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Components: C:\Program Files\Netscape\Netscape 6\Components [2001/12/13 22:31:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape 6\Plugins [2010/08/05 18:49:30 | 000,000,000 | ---D | M]

[2009/07/22 22:39:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/01/02 14:42:40 | 000,110,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

O1 HOSTS File: ([2010/12/02 21:41:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O2 - BHO: (no name) - {E15EB2D0-9302-44F6-A17A-9B4DB5939B9A} - C:\WINDOWS\System32\CDDBContro.dll File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKU\S-1-5-21-4203159875-1523717275-2158606223-500\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe File not found
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF5442.cfx File not found
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [nForce Tray Options] File not found
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe (NoteBurner.COM)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [RoxioEngineUtility] C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe (Roxio)
O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKU\.DEFAULT..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-18..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF5442.cfx File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Media Card Companion Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe (Arcsoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4203159875-1523717275-2158606223-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4203159875-1523717275-2158606223-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4203159875-1523717275-2158606223-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4203159875-1523717275-2158606223-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Ranges: Range1 ([*] in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1178918987203 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by112fd.bay11...ex/HMAtchmt.ocx (Hotmail Attachments Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\S.AntSpyware\SASWINLO.dll - C:\Program Files\S.AntSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O28 - HKLM ShellExecuteHooks: {54D9498B-CF93-414F-8984-8CE7FDE0D391} - C:\Program Files\ewido\security suite\shellhook.dll ()
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\S.AntSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/02 21:41:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/12/02 21:33:32 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/12/02 20:56:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/01 21:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/12/01 21:22:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2010/12/01 21:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2010/12/01 21:17:28 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/12/01 21:17:11 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr
[2010/11/28 13:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\vShare
[2004/02/05 04:36:29 | 000,516,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2004/02/05 04:36:29 | 000,085,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2004/02/05 04:36:28 | 001,293,192 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2004/02/05 04:36:28 | 000,210,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2004/02/05 04:36:28 | 000,162,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2004/02/04 21:41:17 | 000,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys

========== Files - Modified Within 30 Days ==========

[2010/12/02 21:44:49 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/02 21:42:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/02 21:30:52 | 003,983,920 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/12/02 21:12:32 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/12/02 21:12:32 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/12/02 21:07:06 | 000,000,241 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2010/12/02 21:01:47 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/01 21:17:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/12/01 21:17:11 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr
[2010/12/01 20:20:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/30 14:13:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/29 01:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/17 23:41:39 | 000,000,028 | ---- | M] () -- C:\WINDOWS\album.ini
[2010/11/17 21:37:52 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/17 21:37:52 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/04 10:54:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#deskjet5100#MY3A44M27X7A.job

========== Files Created - No Company Name ==========

[2010/12/02 21:31:26 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/02 21:31:26 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/02 21:29:28 | 003,983,920 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2009/07/20 19:15:32 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/02/19 17:24:13 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2009/02/19 17:24:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/02/19 17:24:00 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2009/02/19 17:23:59 | 000,009,853 | ---- | C] () -- C:\WINDOWS\HL-2140.INI
[2009/02/19 17:23:41 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/02/19 17:22:12 | 000,000,241 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/01/27 22:09:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/01/27 22:08:33 | 000,000,920 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2007/05/01 13:44:28 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameJ.txt
[2006/10/21 12:59:59 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2006/09/24 13:53:54 | 000,268,242 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-parse.dll
[2006/09/24 13:53:42 | 002,518,779 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-enc.dll
[2006/09/24 13:52:04 | 000,030,693 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-int.dll
[2006/04/17 15:28:53 | 000,000,011 | ---- | C] () -- C:\WINDOWS\PCW120.INI
[2006/04/04 15:00:29 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/12 16:14:41 | 000,000,066 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/11/17 12:57:30 | 000,258,560 | ---- | C] () -- C:\WINDOWS\System32\MusicTagsAX.dll
[2005/10/14 22:10:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll
[2004/12/27 20:47:00 | 000,000,179 | -H-- | C] () -- C:\WINDOWS\ipg.dll
[2004/11/18 12:03:50 | 000,000,050 | ---- | C] () -- C:\WINDOWS\StreamRipper32.INI
[2004/11/18 12:03:26 | 000,000,408 | ---- | C] () -- C:\WINDOWS\sripper.ini
[2004/11/01 19:23:46 | 000,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2004/11/01 19:22:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2004/11/01 19:15:49 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2004/11/01 19:15:49 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2004/10/26 15:27:27 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\rsUtil.dll
[2004/07/20 15:35:57 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2004/07/20 15:35:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2004/07/20 15:10:39 | 000,147,506 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2004/07/20 15:10:39 | 000,049,852 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2004/05/07 10:06:05 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll
[2004/05/07 10:06:05 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll
[2004/05/04 10:49:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/05/04 10:38:26 | 000,004,638 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2004/05/04 10:38:00 | 000,000,478 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2004/04/20 09:36:02 | 000,000,397 | ---- | C] () -- C:\WINDOWS\System32\master.dll
[2004/02/05 09:53:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/02/05 08:12:24 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/02/05 08:11:01 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2004/02/05 08:11:01 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2004/02/05 06:04:22 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/02/05 06:03:58 | 000,000,310 | ---- | C] () -- C:\WINDOWS\net2fone.ini
[2004/02/05 04:36:42 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\nvwrsda.dll
[2004/02/05 04:36:36 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2004/02/05 04:36:30 | 000,018,253 | ---- | C] () -- C:\WINDOWS\System32\ssnvfx.ini
[2004/02/05 04:36:29 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2004/02/05 04:36:28 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2004/02/05 04:36:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2004/02/05 04:36:23 | 000,001,094 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/02/05 04:36:23 | 000,000,466 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/02/05 04:36:03 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/02/04 21:41:17 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2004/02/04 21:41:17 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2004/02/04 21:40:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/02/01 14:21:56 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
[2003/08/07 15:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2002/03/21 00:38:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\Recapr.dll
[2001/01/10 21:15:56 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2000/02/08 01:05:36 | 000,110,080 | R--- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL
[2000/02/08 01:05:34 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\NWLOCALE.DLL

========== LOP Check ==========

[2004/02/05 05:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2009/07/20 17:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2004/09/08 10:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HServices
[2009/07/30 22:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/08/14 19:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/08/17 18:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/11/30 23:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/06 18:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/05 18:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2007/02/16 18:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
[2009/07/31 00:10:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2004/02/05 05:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2005/10/19 14:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\.BitTornado
[2006/04/04 15:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\acccore
[2008/12/16 12:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Aim
[2005/09/05 19:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\AVG7
[2010/01/30 21:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Avnex
[2005/10/21 10:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Azureus
[2006/03/29 20:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Canon
[2004/05/04 13:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\HBA
[2004/02/05 05:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\InterTrust
[2004/05/04 13:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Leadertech
[2005/02/24 08:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\mtph
[2007/02/09 14:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\NCH Swift Sound
[2004/07/20 15:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\pdf995
[2007/04/19 13:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\RTPlayer
[2010/01/30 20:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Screaming Bee
[2008/12/16 12:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\tunebite
[2008/12/17 23:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Viewpoint
[2010/11/28 13:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\vShare
[2009/07/17 12:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Wal-Mart Digital Photo Viewer
[2008/12/16 12:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Webshots
[2005/07/28 13:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2010/11/29 01:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 2628 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF

< End of report >
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\rt2870.sys -- (rt2870)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\Fxdrv.sys -- (FXDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2009/12/01 15:49:54 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009/07/03 09:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/12/26 12:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008/12/04 12:50:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\S.AntSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/12/04 12:50:04 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\S.AntSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/12/04 12:50:02 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\S.AntSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/05/16 05:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 05:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2007/04/21 09:15:42 | 000,009,344 | ---- | M] (Hajo Krabbenhöft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tenCapture.sys -- (tenCapture)
DRV - [2007/03/14 15:10:16 | 000,513,152 | ---- | M] (Windows ® 2000/XP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmaCDriverV32.sys -- (WmaCDriverV32)
DRV - [2007/02/08 18:10:13 | 000,021,120 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2007/02/06 09:19:14 | 000,013,184 | ---- | M] (NoteBurn Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ntcdrdrv.sys -- (ntcdrdrv)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (winusb)
DRV - [2006/09/18 11:54:48 | 000,016,640 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2005/10/27 15:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/11/22 09:15:15 | 000,003,072 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files\ewido\security suite\guard.sys -- (ewido security suite driver)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 02:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/04 00:41:39 | 000,013,776 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\recagent.sys -- (RecAgent)
DRV - [2004/01/09 19:01:58 | 000,146,560 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2004/01/09 19:01:58 | 000,066,992 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/01/09 19:01:56 | 000,259,200 | ---- | M] (Roxio) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2004/01/09 19:01:56 | 000,213,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp)
DRV - [2004/01/09 19:01:56 | 000,118,409 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2004/01/09 19:01:56 | 000,024,698 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/01/09 19:01:56 | 000,022,745 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2004/01/09 19:01:56 | 000,021,993 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2003/11/10 14:24:24 | 000,039,532 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2003/10/06 16:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/09/02 18:51:00 | 000,312,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2003/09/02 18:51:00 | 000,036,864 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2003/08/15 21:22:16 | 000,072,771 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2003/03/19 17:51:00 | 000,018,688 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/02/16 19:33:00 | 001,293,192 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2003/02/16 18:12:00 | 000,085,520 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2003/02/16 18:11:00 | 000,516,616 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2003/02/16 18:08:00 | 000,210,128 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2003/02/05 19:25:00 | 000,162,136 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2003/01/17 03:19:00 | 000,039,348 | ---- | M] (Vireo Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2002/07/01 00:00:02 | 000,024,059 | ---- | M] (CASIO COMPUTER CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CW50.sys -- (CW50)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp...rch/search.html

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4203159875-1523717275-2158606223-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-4203159875-1523717275-2158606223-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\:
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Components: C:\Program Files\Common Files\csshare\plugins0942 [2010/08/05 18:49:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Plugins: C:\Program Files\Common Files\csshare\plugins0942 [2010/08/05 18:49:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/01 21:22:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/05 18:49:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Components: C:\Program Files\Netscape\Netscape 6\Components [2001/12/13 22:31:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape 6\Plugins [2010/08/05 18:49:30 | 000,000,000 | ---D | M]

[2009/07/22 22:39:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/01/02 14:42:40 | 000,110,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

O1 HOSTS File: ([2010/12/02 21:41:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O2 - BHO: (no name) - {E15EB2D0-9302-44F6-A17A-9B4DB5939B9A} - C:\WINDOWS\System32\CDDBContro.dll File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKU\S-1-5-21-4203159875-1523717275-2158606223-500\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe File not found
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF5442.cfx File not found
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [nForce Tray Options] File not found
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe (NoteBurner.COM)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [RoxioEngineUtility] C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe (Roxio)
O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKU\.DEFAULT..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-18..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF5442.cfx File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Media Card Companion Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe (Arcsoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4203159875-1523717275-2158606223-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4203159875-1523717275-2158606223-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4203159875-1523717275-2158606223-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4203159875-1523717275-2158606223-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Ranges: Range1 ([*] in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1178918987203 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by112fd.bay11...ex/HMAtchmt.ocx (Hotmail Attachments Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\S.AntSpyware\SASWINLO.dll - C:\Program Files\S.AntSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O28 - HKLM ShellExecuteHooks: {54D9498B-CF93-414F-8984-8CE7FDE0D391} - C:\Program Files\ewido\security suite\shellhook.dll ()
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\S.AntSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/02 21:41:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/12/02 21:33:32 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/12/02 20:56:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/01 21:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/12/01 21:22:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2010/12/01 21:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2010/12/01 21:17:28 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/12/01 21:17:11 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr
[2010/11/28 13:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\vShare
[2004/02/05 04:36:29 | 000,516,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2004/02/05 04:36:29 | 000,085,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2004/02/05 04:36:28 | 001,293,192 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2004/02/05 04:36:28 | 000,210,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2004/02/05 04:36:28 | 000,162,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2004/02/04 21:41:17 | 000,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys

========== Files - Modified Within 30 Days ==========

[2010/12/02 21:44:49 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/02 21:42:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/02 21:30:52 | 003,983,920 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/12/02 21:12:32 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/12/02 21:12:32 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/12/02 21:07:06 | 000,000,241 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2010/12/02 21:01:47 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/01 21:17:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/12/01 21:17:11 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr
[2010/12/01 20:20:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/30 14:13:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/29 01:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/17 23:41:39 | 000,000,028 | ---- | M] () -- C:\WINDOWS\album.ini
[2010/11/17 21:37:52 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/17 21:37:52 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/04 10:54:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#deskjet5100#MY3A44M27X7A.job

========== Files Created - No Company Name ==========

[2010/12/02 21:31:26 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/02 21:31:26 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/02 21:29:28 | 003,983,920 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2009/07/20 19:15:32 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/02/19 17:24:13 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2009/02/19 17:24:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/02/19 17:24:00 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2009/02/19 17:23:59 | 000,009,853 | ---- | C] () -- C:\WINDOWS\HL-2140.INI
[2009/02/19 17:23:41 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/02/19 17:22:12 | 000,000,241 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/01/27 22:09:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/01/27 22:08:33 | 000,000,920 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2007/05/01 13:44:28 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameJ.txt
[2006/10/21 12:59:59 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2006/09/24 13:53:54 | 000,268,242 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-parse.dll
[2006/09/24 13:53:42 | 002,518,779 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-enc.dll
[2006/09/24 13:52:04 | 000,030,693 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-int.dll
[2006/04/17 15:28:53 | 000,000,011 | ---- | C] () -- C:\WINDOWS\PCW120.INI
[2006/04/04 15:00:29 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/12 16:14:41 | 000,000,066 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/11/17 12:57:30 | 000,258,560 | ---- | C] () -- C:\WINDOWS\System32\MusicTagsAX.dll
[2005/10/14 22:10:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll
[2004/12/27 20:47:00 | 000,000,179 | -H-- | C] () -- C:\WINDOWS\ipg.dll
[2004/11/18 12:03:50 | 000,000,050 | ---- | C] () -- C:\WINDOWS\StreamRipper32.INI
[2004/11/18 12:03:26 | 000,000,408 | ---- | C] () -- C:\WINDOWS\sripper.ini
[2004/11/01 19:23:46 | 000,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2004/11/01 19:22:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2004/11/01 19:15:49 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2004/11/01 19:15:49 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2004/10/26 15:27:27 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\rsUtil.dll
[2004/07/20 15:35:57 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2004/07/20 15:35:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2004/07/20 15:10:39 | 000,147,506 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2004/07/20 15:10:39 | 000,049,852 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2004/05/07 10:06:05 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll
[2004/05/07 10:06:05 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll
[2004/05/04 10:49:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/05/04 10:38:26 | 000,004,638 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2004/05/04 10:38:00 | 000,000,478 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2004/04/20 09:36:02 | 000,000,397 | ---- | C] () -- C:\WINDOWS\System32\master.dll
[2004/02/05 09:53:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/02/05 08:12:24 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/02/05 08:11:01 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2004/02/05 08:11:01 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2004/02/05 06:04:22 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/02/05 06:03:58 | 000,000,310 | ---- | C] () -- C:\WINDOWS\net2fone.ini
[2004/02/05 04:36:42 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\nvwrsda.dll
[2004/02/05 04:36:36 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2004/02/05 04:36:30 | 000,018,253 | ---- | C] () -- C:\WINDOWS\System32\ssnvfx.ini
[2004/02/05 04:36:29 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2004/02/05 04:36:28 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2004/02/05 04:36:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2004/02/05 04:36:23 | 000,001,094 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/02/05 04:36:23 | 000,000,466 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/02/05 04:36:03 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/02/04 21:41:17 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2004/02/04 21:41:17 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2004/02/04 21:40:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/02/01 14:21:56 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
[2003/08/07 15:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2002/03/21 00:38:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\Recapr.dll
[2001/01/10 21:15:56 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2000/02/08 01:05:36 | 000,110,080 | R--- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL
[2000/02/08 01:05:34 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\NWLOCALE.DLL

========== LOP Check ==========

[2004/02/05 05:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2009/07/20 17:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2004/09/08 10:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HServices
[2009/07/30 22:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/08/14 19:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/08/17 18:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/11/30 23:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/06 18:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/05 18:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2007/02/16 18:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
[2009/07/31 00:10:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2004/02/05 05:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2005/10/19 14:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\.BitTornado
[2006/04/04 15:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\acccore
[2008/12/16 12:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Aim
[2005/09/05 19:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\AVG7
[2010/01/30 21:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Avnex
[2005/10/21 10:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Azureus
[2006/03/29 20:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Canon
[2004/05/04 13:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\HBA
[2004/02/05 05:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\InterTrust
[2004/05/04 13:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Leadertech
[2005/02/24 08:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\mtph
[2007/02/09 14:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\NCH Swift Sound
[2004/07/20 15:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\pdf995
[2007/04/19 13:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\RTPlayer
[2010/01/30 20:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Screaming Bee
[2008/12/16 12:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\tunebite
[2008/12/17 23:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Viewpoint
[2010/11/28 13:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\vShare
[2009/07/17 12:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Wal-Mart Digital Photo Viewer
[2008/12/16 12:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Webshots
[2005/07/28 13:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2010/11/29 01:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 2628 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF

< End of report >
[2010/12/02 21:49:51 | 000,282,624 | -H-- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2010/12/02 21:47:57 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Administrator\Cookies
[2010/12/02 21:44:49 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/02 21:42:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/02 21:41:40 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/12/02 21:41:40 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/12/02 21:41:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Local Settings
[2010/12/02 21:39:21 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/12/02 21:35:34 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2010/12/02 21:30:52 | 003,983,920 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/12/02 21:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Desktop
[2010/12/02 21:12:32 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/12/02 21:12:32 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/12/02 21:10:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/12/02 21:07:06 | 000,000,241 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2010/12/02 21:01:47 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/02 20:56:26 | 000,000,000 | ---D | M] -- C:\Program Files\vShare
[2010/12/01 21:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/12/01 21:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2010/12/01 21:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2010/12/01 21:17:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/12/01 21:17:11 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr
[2010/12/01 21:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2010/12/01 21:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2010/12/01 20:20:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/01 18:25:44 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2010/12/01 00:44:28 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/12/01 00:10:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/11/30 23:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/11/30 23:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/30 21:22:37 | 000,000,000 | ---D | M] -- C:\Program Files\BitComet
[2010/11/30 14:13:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/29 01:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/17 23:41:39 | 000,000,028 | ---- | M] () -- C:\WINDOWS\album.ini
[2010/11/17 21:37:52 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/17 21:37:52 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/17 21:37:50 | 000,458,164 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/04 10:54:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#deskjet5100#MY3A44M27X7A.job
[2009/07/28 12:34:38 | 000,000,013 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2007/05/01 13:44:28 | 000,000,013 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameJ.txt
[2005/08/01 14:28:42 | 000,027,328 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2004/02/19 10:46:51 | 001,961,242 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2004/02/04 21:40:17 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/02/04 21:40:17 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini

========== Files - Modified Within 30 Days ==========

[2010/12/02 21:44:49 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/02 21:42:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/02 21:30:52 | 003,983,920 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/12/02 21:12:32 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/12/02 21:12:32 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/12/02 21:07:06 | 000,000,241 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2010/12/02 21:01:47 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/01 21:17:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/12/01 21:17:11 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr
[2010/12/01 20:20:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/30 14:13:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/29 01:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/17 23:41:39 | 000,000,028 | ---- | M] () -- C:\WINDOWS\album.ini
[2010/11/17 21:37:52 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/17 21:37:52 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/04 10:54:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#deskjet5100#MY3A44M27X7A.job

========== LOP Check ==========

[2004/02/05 05:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2009/07/20 17:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2004/09/08 10:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HServices
[2009/07/30 22:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/08/14 19:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/08/17 18:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/11/30 23:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/06 18:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/05 18:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2007/02/16 18:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
[2009/07/31 00:10:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2004/02/05 05:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2005/10/19 14:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\.BitTornado
[2006/04/04 15:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\acccore
[2008/12/16 12:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Aim
[2005/09/05 19:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\AVG7
[2010/01/30 21:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Avnex
[2005/10/21 10:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Azureus
[2006/03/29 20:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Canon
[2004/05/04 13:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\HBA
[2004/02/05 05:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\InterTrust
[2004/05/04 13:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Leadertech
[2005/02/24 08:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\mtph
[2007/02/09 14:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\NCH Swift Sound
[2004/07/20 15:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\pdf995
[2007/04/19 13:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\RTPlayer
[2010/01/30 20:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Screaming Bee
[2008/12/16 12:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\tunebite
[2008/12/17 23:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Viewpoint
[2010/11/28 13:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\vShare
[2009/07/17 12:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Wal-Mart Digital Photo Viewer
[2008/12/16 12:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Webshots
[2005/07/28 13:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2010/11/29 01:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 2628 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF

< End of report >
[2010/12/02 21:49:51 | 000,282,624 | -H-- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2010/12/02 21:47:57 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Administrator\Cookies
[2010/12/02 21:44:49 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/02 21:42:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/02 21:41:40 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/12/02 21:41:40 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/12/02 21:41:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Local Settings
[2010/12/02 21:39:21 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/12/02 21:35:34 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2010/12/02 21:30:52 | 003,983,920 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/12/02 21:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Desktop
[2010/12/02 21:12:32 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/12/02 21:12:32 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/12/02 21:10:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/12/02 21:07:06 | 000,000,241 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2010/12/02 21:01:47 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/02 20:56:26 | 000,000,000 | ---D | M] -- C:\Program Files\vShare
[2010/12/01 21:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/12/01 21:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2010/12/01 21:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2010/12/01 21:17:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/12/01 21:17:11 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr
[2010/12/01 21:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2010/12/01 21:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2010/12/01 20:20:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/01 18:25:44 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2010/12/01 00:44:28 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/12/01 00:10:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/11/30 23:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/11/30 23:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/30 21:22:37 | 000,000,000 | ---D | M] -- C:\Program Files\BitComet
[2010/11/30 14:13:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/29 01:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/17 23:41:39 | 000,000,028 | ---- | M] () -- C:\WINDOWS\album.ini
[2010/11/17 21:37:52 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/17 21:37:52 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/17 21:37:50 | 000,458,164 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/04 10:54:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#deskjet5100#MY3A44M27X7A.job
[2009/07/28 12:34:38 | 000,000,013 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2007/05/01 13:44:28 | 000,000,013 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameJ.txt
[2005/08/01 14:28:42 | 000,027,328 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2004/02/19 10:46:51 | 001,961,242 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2004/02/04 21:40:17 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/02/04 21:40:17 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini

========== Files - Modified Within 30 Days ==========

[2010/12/02 21:44:49 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/02 21:42:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/02 21:30:52 | 003,983,920 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/12/02 21:12:32 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/12/02 21:12:32 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/12/02 21:07:06 | 000,000,241 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2010/12/02 21:01:47 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/01 21:17:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/12/01 21:17:11 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr
[2010/12/01 20:20:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/30 14:13:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/29 01:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/17 23:41:39 | 000,000,028 | ---- | M] () -- C:\WINDOWS\album.ini
[2010/11/17 21:37:52 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/17 21:37:52 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/04 10:54:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#deskjet5100#MY3A44M27X7A.job

========== LOP Check ==========

[2004/02/05 05:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2009/07/20 17:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2004/09/08 10:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HServices
[2009/07/30 22:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/08/14 19:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/08/17 18:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/11/30 23:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/06 18:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/05 18:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2007/02/16 18:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
[2009/07/31 00:10:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2004/02/05 05:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2005/10/19 14:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\.BitTornado
[2006/04/04 15:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\acccore
[2008/12/16 12:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Aim
[2005/09/05 19:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\AVG7
[2010/01/30 21:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Avnex
[2005/10/21 10:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Azureus
[2006/03/29 20:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Canon
[2004/05/04 13:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\HBA
[2004/02/05 05:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\InterTrust
[2004/05/04 13:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Leadertech
[2005/02/24 08:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\mtph
[2007/02/09 14:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\NCH Swift Sound
[2004/07/20 15:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\pdf995
[2007/04/19 13:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\RTPlayer
[2010/01/30 20:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Screaming Bee
[2008/12/16 12:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\tunebite
[2008/12/17 23:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Viewpoint
[2010/11/28 13:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\vShare
[2009/07/17 12:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Wal-Mart Digital Photo Viewer
[2008/12/16 12:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Swoyer\Application Data\Webshots
[2005/07/28 13:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2010/11/29 01:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 2628 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF

< End of report >

#13
halleyscomet

Posted 02 December 2010 - 10:38 PM

Member

Topic Starter
Member
71 posts

OK, I was able to get combofix to run in my user account, but can't get the log, since the computer freezes then. Here is the ComboFix log from my Administrator account:

ComboFix 10-12-02.04 - Administrator 12/02/2010 23:27:05.10.1 - x86 NETWORK
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-11-03 to 2010-12-03 )))))))))))))))))))))))))))))))
.

2010-12-03 03:35 . 2010-12-03 03:36 -------- dc----w- C:\Combo-Fix
2010-12-03 03:35 . 2010-12-03 03:35 388608 ----a-w- c:\windows\system32\CF17633.exe
2010-12-03 03:12 . 2010-12-03 03:13 -------- d-----w- c:\windows\LastGood
2010-12-03 01:56 . 2010-12-03 01:56 -------- dc----w- C:\_OTL
2010-11-28 18:13 . 2010-12-03 01:56 -------- d-----w- c:\program files\vShare

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((( SnapShot@2010-12-03_03.46.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-23 04:58 . 2010-12-03 03:54 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-07-23 04:58 . 2010-12-03 03:33 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-12-03 03:54 . 2010-12-03 03:54 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-07-23 04:58 . 2010-12-03 03:33 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E15EB2D0-9302-44F6-A17A-9B4DB5939B9A}]
c:\windows\system32\CDDBContro.dll [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-11-20 139264]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-02 65536]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"NoteBurner"="c:\program files\NoteBurner\VTBurnerGUI.exe" [2007-02-08 3371008]
"NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-10-06 49152]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\S.AntSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 18:56 352256 ----a-w- c:\program files\S.AntSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2003-06-03 19:01 496640 ----a-w- c:\windows\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 19:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-09-10 18:53 1312080 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
2003-07-15 20:38 319488 ----a-w- c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2004-01-10 00:01 868352 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2008-12-04 17:50 1809648 ----a-w- c:\program files\S.AntSpyware\SUPERAntiSpyware.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15162:TCP"= 15162:TCP:BitComet 15162 TCP
"15162:UDP"= 15162:UDP:BitComet 15162 UDP
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 ewido security suite driver;ewido security suite driver;c:\program files\ewido\security suite\guard.sys [2004-11-22 3072]
R1 SASDIFSV;SASDIFSV;c:\program files\S.AntSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\S.AntSpyware\SASKUTIL.sys [2008-12-04 55024]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-15 133104]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-12-02 1029456]
R3 CW50;CW50 Device;c:\windows\system32\DRIVERS\CW50.sys [2002-07-01 24059]
R3 FXDRV;FXDRV;E:\Fxdrv.sys [x]
R3 SASENUM;SASENUM;c:\program files\S.AntSpyware\SASENUM.SYS [2008-12-04 7408]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-01 34384]
R3 tenCapture;tenCapture;c:\windows\system32\DRIVERS\tenCapture.sys [2007-04-21 9344]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
S0 ntcdrdrv;ntcdrdrv;c:\windows\System32\DRIVERS\ntcdrdrv.sys [2007-02-06 13184]

.
Contents of the 'Scheduled Tasks' folder

2010-11-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 02:20]

2010-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-15 05:44]

2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-15 05:44]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-02 23:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\ErrorThresholds]
@DACL=(02 0000)
"400"=dword:00000200
"403"=dword:00000100
"404"=dword:00000200
"405"=dword:00000100
"406"=dword:00000200
"408"=dword:00000200
"409"=dword:00000200
"410"=dword:00000100
"500"=dword:00000200
"501"=dword:00000200
"505"=dword:00000200

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\UrlTemplate]
@DACL=(02 0000)
"1"="www.%s.com"
"2"="www.%s.org"
"3"="www.%s.net"
"4"="www.%s.edu"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\program files\S.AntSpyware\SASWINLO.dll
c:\windows\system32\l3codeca.acm

- - - - - - - > 'explorer.exe'(1512)
c:\program files\Microsoft Office\Office10\msohev.dll
.
Completion time: 2010-12-02 23:35:26
ComboFix-quarantined-files.txt 2010-12-03 04:35
ComboFix2.txt 2010-12-03 03:49

Pre-Run: 34,819,170,304 bytes free
Post-Run: 34,805,071,872 bytes free

Current=2 Default=2 Failed=4 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - BAC4AAE57BBEF29FE5F80E061A241958

#14
maliprog

Posted 03 December 2010 - 04:25 AM

Trusted Helper

Malware Removal
6,172 posts

Hi halleyscomet,

I don't see any major infection on your logs. It's probably system malfunction....

Step 1

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O3 - HKU\S-1-5-21-4203159875-1523717275-2158606223-500\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe File not found
O4 - HKLM..\Run: [nForce Tray Options] File not found

:Files
@C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
c:\windows\system32\CF17633.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the fix log it produces in your next reply.

Step 2

Do you have Windows XP SP2 installation disk? Maybe we will need it to repair your system.

#15
halleyscomet

Posted 03 December 2010 - 10:57 AM

Member

Topic Starter
Member
71 posts

Will do this in a few hours when I get home. Question?!?!?! Why does my Administrator account not have any problems, but my user account does? I really do not want to lose all the info on the computer, as it has alot of stuff I need to back up prior to any restart!!!!