Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Attempted to remove virus, symptoms remain. OTL log included.

Started by bdjsb7 , Sep 07 2011 08:44 PM

  • Please log in to reply

#31
bdjsb7
Posted 12 September 2011 - 09:49 PM

bdjsb7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
waited an hour, combofix did its thing
Like the last time I ran it, it encountered an error between Stage_2 and Stage_3. I ended the task and it continued through.
saved log. restarted.

Ran TSDKiller. It wanted to update to a new verson. I told it to, and it seemed to download a .zip, but then everything disappeared.
I manually DL'd the new version and ran it, and it detected no infections.
Here's the combofix log:


ComboFix 11-09-12.05 - Justin 09/12/2011 23:04:01.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.690 [GMT -4:00]
Running from: c:\documents and settings\Justin\Desktop\George.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB62316$
c:\windows\$NtUninstallKB62316$\1578707568
c:\windows\$NtUninstallKB62316$\2928976391\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB62316$\2928976391\L\srlaetav
c:\windows\$NtUninstallKB62316$\2928976391\U\$00000001
c:\windows\$NtUninstallKB62316$\2928976391\U\$000000c0
c:\windows\$NtUninstallKB62316$\2928976391\U\$000000cb
c:\windows\$NtUninstallKB62316$\2928976391\U\$000000cf
c:\windows\$NtUninstallKB62316$\2928976391\U\$80000000
c:\windows\$NtUninstallKB62316$\2928976391\U\$800000c0
c:\windows\$NtUninstallKB62316$\2928976391\U\$800000cb
c:\windows\$NtUninstallKB62316$\2928976391\U\$800000cf
c:\windows\system32\c_65712.nls
.
Infected copy of c:\windows\system32\Drivers\mrxsmb.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Legacy_ZESOFT
-------\Service_.i8042prt
-------\Service_Ias
.
.
((((((((((((((((((((((((( Files Created from 2011-08-13 to 2011-09-13 )))))))))))))))))))))))))))))))
.
.
2011-09-13 05:29 . 2011-07-13 02:55 2237440 ----a-r- C:\OTLPE.exe
2011-09-13 01:38 . 2011-09-08 11:14 454016 -c--a-w- c:\windows\system32\dllcache\mrxsmb.sys
2011-09-13 01:38 . 2011-09-08 11:14 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-09-13 01:32 . 2011-09-13 01:33 -------- d-----w- C:\George
2011-09-12 04:35 . 2011-09-12 04:35 -------- d-----w- C:\_OTL
2011-09-11 16:06 . 2011-09-11 16:11 -------- d-----w- c:\windows\tmp
2011-09-09 01:34 . 2011-09-09 07:05 133208 ----a-w- c:\windows\system32\drivers\57151004.sys
2011-09-09 01:32 . 2011-09-09 07:05 133208 ----a-w- c:\windows\system32\drivers\96000353.sys
2011-09-09 01:32 . 2011-09-09 07:05 475736 ----a-w- c:\windows\system32\drivers\0087190drv.sys
2011-09-06 23:20 . 2011-09-06 23:20 388096 ----a-r- c:\documents and settings\Justin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-06 11:06 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2011-09-01 11:50 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-01 11:50 . 2011-09-01 11:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-01 11:50 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-01 01:12 . 2011-09-01 01:11 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-09-01 01:11 . 2011-09-01 01:11 65808 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2011-08-31 00:30 . 2011-09-13 05:32 50112 --sha-w- c:\windows\system32\c_65712.nl_
2011-08-26 14:48 . 2011-08-26 14:48 -------- d-----w- C:\iPod Photo Cache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 01:18 . 2010-09-05 05:17 41856 ----a-w- c:\windows\system32\drivers\imapi.sys
2011-09-09 01:18 . 2010-09-05 05:17 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-08-31 06:10 . 2010-11-18 23:47 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-08-31 05:49 . 2005-11-07 16:04 98304 ----a-w- c:\windows\DUMP8b96.tmp
2011-06-22 00:08 . 2011-05-16 05:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2005-04-25 18:20 . 2005-06-03 13:21 1456640 -c--a-w- c:\program files\Common Files\Auto Assault.msi
2005-09-15 22:26 . 2005-04-13 23:11 44153 ----a-w- c:\program files\mozilla firefox\components\inspector.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[7] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\svchost.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Vuze_Remote\prxtbVuz2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\SteamApps\\bdjsb7\\rag doll kung fu demo\\Rag_Doll_Kung_Fu_Steam.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [8/26/2003 6:43 PM 12160]
S2 McAfeeEngineService;McAfee Engine Service;"c:\program files\McAfee\VirusScan\engineserver.exe" --> c:\program files\McAfee\VirusScan\engineserver.exe [?]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe --> c:\windows\system32\mfevtps.exe [?]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe --> c:\program files\TomTom HOME 2\TomTomHOMEService.exe [?]
S3 DCamUSBLTN;Kodak DVC325 Digital Video Camera;c:\windows\system32\drivers\dvc325.sys [3/9/2006 9:01 AM 112624]
S3 diskchk;diskchk;\??\c:\windows\system32\diskchk.sys --> c:\windows\system32\diskchk.sys [?]
S3 JL2005;JL2005A Camera;c:\windows\system32\drivers\toywdm.sys [10/8/2005 6:22 PM 71512]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [9/1/2011 7:50 AM 41272]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys --> c:\windows\system32\drivers\mferkdet.sys [?]
S3 pnicml;pnicml;\??\c:\docume~1\Justin\LOCALS~1\Temp\pnicml.sys --> c:\docume~1\Justin\LOCALS~1\Temp\pnicml.sys [?]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [5/27/2006 2:09 AM 13225]
S3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [7/30/2004 10:25 AM 136832]
S4 gupdate1c96b3e6afb0570;Google Update Service (gupdate1c96b3e6afb0570);c:\program files\Google\Update\GoogleUpdate.exe [12/31/2008 7:53 AM 133104]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-31 11:53]
.
2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-31 11:53]
.
2011-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003Core.job
- c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-01 00:38]
.
2011-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003UA.job
- c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-01 00:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.comcast.net/
mSearch Bar =
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: frame.crazywinnings.com
TCP: DhcpNameServer = 192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\o26fuz9n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=59083&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Justin\Application Data\Move Networks
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-McAfeeUpdaterUI - c:\program files\McAfee\Common Framework\udaterui.exe
HKLM-Run-ShStatEXE - c:\program files\McAfee\VirusScan\SHSTAT.EXE
AddRemove-McAfee Anti-Spyware Enterprise Module - c:\program files\McAfee\VirusScan\scan32.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-12 23:22
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1757981266-854245398-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:96,0a,2c,f5,36,7c,56,a5,ba,24,8e,66,8f,90,0f,39,a7,bd,7e,18,8e,71,32,
02,9a,cc,e5,a3,43,30,ec,23,de,5b,c3,c2,13,99,57,72,52,64,d8,91,26,59,ec,92,\
"??"=hex:28,06,8e,81,36,da,59,86,31,0d,8d,c4,2c,3d,e1,63
.
[HKEY_USERS\S-1-5-21-1757981266-854245398-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:07,d3,0e,31,1d,b6,7e,ed,58,28,1e,35,ca,5c,0e,a5,24,7c,fd,54,dd,
72,f6,00,b2,de,54,41,de,07,7b,d7,86,ae,5a,e0,2a,2b,41,66,3a,e4,0d,18,70,ea,\
"rkeysecu"=hex:73,84,43,dc,82,74,62,f7,07,9c,00,1b,e4,6a,a6,3c
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3840)
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTJBNS.DLL
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTIntrfc.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\JBNSHK.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\JBNSRES.DLL
c:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXEV.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\ftpxext.dll
c:\program files\SmartFTP Client 2.0\smarthook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\CTsvcCDA.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-09-12 23:28:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-13 03:28
.
Pre-Run: 24,366,120,960 bytes free
Post-Run: 24,536,436,736 bytes free
.
- - End Of File - - F710DDF8B5F6723B4B73A31A38871D0D
  • 0

Advertisements

#32
RKinner
Posted 12 September 2011 - 10:33 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

FCopy::
c:\windows\ServicePackFiles\i386\svchost.exe | c:\windows\system32\svchost.exe

File::
c:\windows\system32\ConduitEngine.tmp
c:\windows\DUMP8b96.tmp
c:\windows\system32\drivers\57151004.sys
c:\windows\system32\drivers\96000353.sys
c:\windows\system32\drivers\0087190drv.sys
c:\windows\system32\c_65712.nl_

Firefox::
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

Driver::
McAfeeEngineService
mfevtp
diskchk
mferkdet
pnicml

Folder::
c:\program files\McAfee
c:\program files\Vuze_Remote
c:\program files\ConduitEngine


Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]



******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Combofix is complaining about:
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
Copy the next line:

reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy" /s > \junk.txt

Start, Run. cmd, OK then right click and Paste or Edit then Paste. Hit Enter.

notepad \junk.txt

Copy and paste the text from notepad.





Are you able to get on line?

Download and Save the free Avast installer.
http://www.avast.com...ivirus-download
Download the McAfee Removal tool
http://download.mcaf...atches/MCPR.exe
Run the McAfee uninstall tool
Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)
Once you have it installed and it has updated:
Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
I think a text version of the report is at C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\aswboot.txt. Copy and paste it into a reply.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot.

OTL has just been improved to show ZA stuff better so download the latest version from
http://www.geekstogo...timers-list-it/
and Save it to your desktop. Overwrite the old version.

Run OTL

select the All option in the Extra Registry group and change the file age to 60 (or at least some number higher than 30 ) then Run Scan.

You should get two logs. Please copy and paste both of them.










Ron
  • 0

#33
bdjsb7
Posted 13 September 2011 - 06:00 PM

bdjsb7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Combofix

This time, no rootkit message!

LOG

ComboFix 11-09-12.05 - Justin 09/13/2011 0:57.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.559 [GMT -4:00]
Running from: c:\documents and settings\Justin\Desktop\George.exe
Command switches used :: c:\documents and settings\Justin\Desktop\CFScript.txt
.
FILE ::
"c:\windows\DUMP8b96.tmp"
"c:\windows\system32\c_65712.nl_"
"c:\windows\system32\ConduitEngine.tmp"
"c:\windows\system32\drivers\0087190drv.sys"
"c:\windows\system32\drivers\57151004.sys"
"c:\windows\system32\drivers\96000353.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ConduitEngine
c:\program files\ConduitEngine\appContextMenu.xml
c:\program files\ConduitEngine\ConduitEngin0.dll
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\ConduitEngine\ConduitEngineHelper.exe
c:\program files\ConduitEngine\engineContextMenu.xml
c:\program files\ConduitEngine\EngineSettings.json
c:\program files\ConduitEngine\prxConduitEngine.dll
c:\program files\ConduitEngine\toolbar.cfg
c:\program files\Vuze_Remote
c:\program files\Vuze_Remote\INSTALL.LOG
c:\program files\Vuze_Remote\prxtbVuz2.dll
c:\program files\Vuze_Remote\tbVuz0.dll
c:\program files\Vuze_Remote\tbVuz1.dll
c:\program files\Vuze_Remote\tbVuz2.dll
c:\program files\Vuze_Remote\tbVuze.dll
c:\program files\Vuze_Remote\toolbar.cfg
c:\program files\Vuze_Remote\uninstall.exe
c:\program files\Vuze_Remote\UNWISE.EXE
c:\program files\Vuze_Remote\Vuze_RemoteToolbarHelper.exe
c:\program files\Vuze_Remote\Vuze_RemoteToolbarHelper1.exe
c:\windows\DUMP8b96.tmp
c:\windows\system32\c_65712.nl_
c:\windows\system32\ConduitEngine.tmp
c:\windows\system32\drivers\0087190drv.sys
c:\windows\system32\drivers\57151004.sys
c:\windows\system32\drivers\96000353.sys
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\svchost.exe --> c:\windows\system32\svchost.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DISKCHK
-------\Legacy_MCAFEEENGINESERVICE
-------\Legacy_MFERKDET
-------\Legacy_MFEVTP
-------\Legacy_PNICML
-------\Service_diskchk
-------\Service_McAfeeEngineService
-------\Service_mferkdet
-------\Service_mfevtp
-------\Service_pnicml
.
.
((((((((((((((((((((((((( Files Created from 2011-08-13 to 2011-09-13 )))))))))))))))))))))))))))))))
.
.
2011-09-13 05:29 . 2011-07-13 02:55 2237440 ----a-r- C:\OTLPE.exe
2011-09-13 01:38 . 2011-09-08 11:14 454016 -c--a-w- c:\windows\system32\dllcache\mrxsmb.sys
2011-09-13 01:38 . 2011-09-08 11:14 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-09-13 01:32 . 2011-09-13 01:33 -------- d-----w- C:\George
2011-09-12 04:35 . 2011-09-12 04:35 -------- d-----w- C:\_OTL
2011-09-11 16:06 . 2011-09-11 16:11 -------- d-----w- c:\windows\tmp
2011-09-06 23:20 . 2011-09-06 23:20 388096 ----a-r- c:\documents and settings\Justin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-06 11:06 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2011-09-01 11:50 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-01 11:50 . 2011-09-01 11:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-01 11:50 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-01 01:12 . 2011-09-01 01:11 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-09-01 01:11 . 2011-09-01 01:11 65808 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2011-08-26 14:48 . 2011-08-26 14:48 -------- d-----w- C:\iPod Photo Cache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 01:18 . 2010-09-05 05:17 41856 ----a-w- c:\windows\system32\drivers\imapi.sys
2011-09-09 01:18 . 2010-09-05 05:17 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-06-22 00:08 . 2011-05-16 05:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2005-04-25 18:20 . 2005-06-03 13:21 1456640 -c--a-w- c:\program files\Common Files\Auto Assault.msi
2005-09-15 22:26 . 2005-04-13 23:11 44153 ----a-w- c:\program files\mozilla firefox\components\inspector.dll
.
<pre>
c:\program files\ESET\ESET NOD32 Antivirus\egui .exe
</pre>
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-13_03.22.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-08-27 13:05 . 2004-08-04 07:56 14336 c:\windows\system32\dllcache\svchost.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[BU]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\SteamApps\\bdjsb7\\rag doll kung fu demo\\Rag_Doll_Kung_Fu_Steam.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [8/26/2003 6:43 PM 12160]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe --> c:\program files\TomTom HOME 2\TomTomHOMEService.exe [?]
S3 DCamUSBLTN;Kodak DVC325 Digital Video Camera;c:\windows\system32\drivers\dvc325.sys [3/9/2006 9:01 AM 112624]
S3 JL2005;JL2005A Camera;c:\windows\system32\drivers\toywdm.sys [10/8/2005 6:22 PM 71512]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [9/1/2011 7:50 AM 41272]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [5/27/2006 2:09 AM 13225]
S3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [7/30/2004 10:25 AM 136832]
S4 gupdate1c96b3e6afb0570;Google Update Service (gupdate1c96b3e6afb0570);c:\program files\Google\Update\GoogleUpdate.exe [12/31/2008 7:53 AM 133104]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-31 11:53]
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-31 11:53]
.
2011-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003Core.job
- c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-01 00:38]
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003UA.job
- c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-01 00:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.comcast.net/
mSearch Bar =
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: frame.crazywinnings.com
TCP: DhcpNameServer = 192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\o26fuz9n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=59083&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Justin\Application Data\Move Networks
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
BHO-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Toolbar-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-Vuze_Remote Toolbar - c:\program files\Vuze_Remote\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-13 01:15
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1757981266-854245398-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:96,0a,2c,f5,36,7c,56,a5,ba,24,8e,66,8f,90,0f,39,a7,bd,7e,18,8e,71,32,
02,9a,cc,e5,a3,43,30,ec,23,de,5b,c3,c2,13,99,57,72,52,64,d8,91,26,59,ec,92,\
"??"=hex:28,06,8e,81,36,da,59,86,31,0d,8d,c4,2c,3d,e1,63
.
[HKEY_USERS\S-1-5-21-1757981266-854245398-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:07,d3,0e,31,1d,b6,7e,ed,58,28,1e,35,ca,5c,0e,a5,24,7c,fd,54,dd,
72,f6,00,b2,de,54,41,de,07,7b,d7,86,ae,5a,e0,2a,2b,41,66,3a,e4,0d,18,70,ea,\
"rkeysecu"=hex:73,84,43,dc,82,74,62,f7,07,9c,00,1b,e4,6a,a6,3c
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2916)
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTJBNS.DLL
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTIntrfc.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\JBNSHK.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\JBNSRES.DLL
c:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXEV.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\ftpxext.dll
c:\program files\SmartFTP Client 2.0\smarthook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\CTsvcCDA.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-09-13 01:20:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-13 05:20
ComboFix2.txt 2011-09-13 03:28
.
Pre-Run: 24,538,255,360 bytes free
Post-Run: 24,499,642,368 bytes free
.
- - End Of File - - 359BA1AF5940677A7A177F12C3B0F54C

Here is the junk log:

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy


Ran McAfee remover, but it failed. It said that Enterprise edition was loaded.
I wonder if the restore point brought it back.
Attempting an uninstall from add/remove programs failed, saying the uninstall file was not there.
I disabled all processes related to McAfee except McShield, which would not disable, but the process was turned off.

Installed Avast
It found a bunch of infected items, including some oooold files on my K drive

09/13/2011 01:45
Scan of all local drives

File C:\Documents and Settings\Justin\Desktop\Current pass\USB Contents\WindowsExplorerReplacement-FreeCommander-fc_setup_.zip|>fc_setup.exe|>{tmp}\eBay_shortcuts2_1021.exe|>$INSTDIR\eBayShortcuts.exe is infected by Win32:Yabector [Adw], Moved to chest
File C:\DOS\mean\BACKDRP1.ACC|>BACK00.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\BACKDRP1.ACC|>BACK01.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\BACKDRP1.ACC|>BACK02.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\BACKDRP1.ACC|>BACK03.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\BACKDRP1.ACC|>MENUBAR.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\BACKDRP1.ACC|>BLOOD.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\BACKDRP1.ACC|>BACK09.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\BACKDRP2.ACC|>BACK04.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\BACKDRP2.ACC|>BACK05.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\BACKDRP2.ACC|>BACK06.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\BACKDRP2.ACC|>BACK07.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\BACKDRP2.ACC|>MENUBAR.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\BACKDRP2.ACC|>BACK08.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\BACKDRP2.ACC|>BACK10.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\FAX.ACC|>FAX.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\FAX.ACC|>FAXDATA.BIN Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\FIGHT.ACC|>HALL.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\FIGHT.ACC|>ALLEY.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\FIGHT.ACC|>DESO.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\FIGHT.ACC|>LAST.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\FIGHT.ACC|>IMAGE.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\FINALE.ACC|>FINALE.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\FINALE.ACC|>FINALE.DTA Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\FINALE.ACC|>SAT2A.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\FINALE.ACC|>SAT2B.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\FINALE.ACC|>TELLALL.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\FINALE.ACC|>SYLVIA1.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\FINALE.ACC|>SYLVIA2.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\FLIGHT.ACC|>DASHFNAL.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\FLIGHT.ACC|>NAVCOMP.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\FLIGHT.ACC|>VIEWMON.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\FLIGHT.ACC|>SF.DB Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\FLIGHT.ACC|>KF.DB Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\FLIGHT.ACC|>LA.DB Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\IMAGE.ACC|>IMAGES.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\INTERR06.ACC|>OBJECTS.BRU Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\INTERR10.ACC|>OBJECTS.BRU Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\INTERR11.ACC|>OBJECTS.BRU Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\INTERR13.ACC|>OBJECTS.BRU Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\INTERR13.ACC|>POSE0.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\INTERR14.ACC|>OBJECTS.BRU Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\INTERR16.ACC|>OBJECTS.BRU Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\INTERR17.ACC|>OBJECTS.BRU Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\INTERR20.ACC|>POSE1.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\INTERR22.ACC|>OBJECTS.BRU Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\INTERR25.ACC|>OBJECTS.BRU Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\INTERR25.ACC|>POSE0.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\INTERR26.ACC|>OBJECTS.BRU Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\JAIL1.ACC|>BARS.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\OPTIONS.ACC|>OPTIONS.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\PASSCARD.ACC|>COMPUTER.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\ROOM0.ACC|>LINAPT.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\ROOM0.ACC|>LINAPT.DTA Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\ROOM1.ACC|>LINWHS.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\ROOM2.ACC|>CALDAV.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\ROOM2.ACC|>CALDAV.DTA Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\ROOM3.ACC|>CAVE.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\ROOM3.ACC|>CAVE.DTA Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\ROOM4.ACC|>CLKLAB.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\ROOM4.ACC|>CLKLAB.DTA Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\ROOM5.ACC|>CABIN.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\ROOM5.ACC|>CABIN.DTA Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\ROOM6.ACC|>BEACH.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\ROOM6.ACC|>BEACH.DTA Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\ROOM7.ACC|>LOVNEST.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\ROOM7.ACC|>LOVNEST.DTA Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\ROOM8.ACC|>LAWORD.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\ROOM8.ACC|>LAWORD.DTA Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\ROOM9.ACC|>BOILER.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\ROOM9.ACC|>BOILER.DTA Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\SPEECH0.ACC|>SET2.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\SPEECH0.ACC|>SET3.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\SPEECH1.ACC|>SET1.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\SPEECH1.ACC|>SET3.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\SPEECH1.ACC|>SET2.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\SUNSET.ACC|>SUN.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\THREAT.ACC|>TGRPH0.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\THREAT.ACC|>TGRPH2.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\THREAT.ACC|>TGRPH3.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\THREAT.ACC|>TGRPH1.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\THREAT.ACC|>PUNCH.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\TITLE.ACC|>TTLSUN.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\TITLE.ACC|>TITLE.MLD Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\TITLE.ACC|>TITLE.BRU Error 42125 {ZIP archive is corrupted.}
File C:\DOS\mean\TITLE.ACC|>TTLSUN.BRU Error 42125 {ZIP archive is corrupted.}
File C:\games\Golden Tee\auto_pch.exe_1315579018.arl is infected by Win32:CIH-G@dam, Moved to chest
File C:\games\Golden Tee\sutility\upload.exe_1315579023.arl is infected by Win32:CIH-G@dam, Moved to chest
File C:\MAME\Arcade@Home\roms\matmania.zip|>KF-00 Error 42125 {ZIP archive is corrupted.}
File C:\MAME\Arcade@Home\roms\snowbros.zip|>ch2 Error 42125 {ZIP archive is corrupted.}
File C:\MAME\roms\matmania.zip|>KF-00 Error 42125 {ZIP archive is corrupted.}
File C:\MAME\roms\snowbros.zip|>ch2 Error 42125 {ZIP archive is corrupted.}
File C:\Program Files\Ahead\InCD\incdsrv.exe_1315579025.arl is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\Program Files\Bonjour\mDNSResponder.exe_1315579031.arl is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe_1315579032.arl is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe_1315579033.arl is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE_1315579044.arl is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\Program Files\Darklands\Patch\dk5_6.zip|>PATCH.RTP Error 42125 {ZIP archive is corrupted.}
File C:\Program Files\Flip Video\FlipShare\FlipShareService.exe_1315579029.arl is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\Program Files\iPod\bin\iPodService.exe_1315579048.arl is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\Program Files\Java\jre6\bin\jqs.exe_1315579050.arl is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\Program Files\Juniper Networks\Common Files\dsNcService.exe_1315579052.arl is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe_1315579055.arl is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\Qoobox\Quarantine\C\WINDOWS\128095406.vir:1365990904.exe is infected by Win32:Tiny-AMB [Rtk], Moved to chest
File C:\Qoobox\Quarantine\C\WINDOWS\system32\c_65712.nl_.vir|>P2P.V2.dll is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\mrxsmb.sys.vir is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\Qoobox\Quarantine\C\WINDOWS\system32\msiexec.exe.vir is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\Qoobox\Quarantine\C\WINDOWS\system32\wuauclt.exe.vir is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{B897ADC3-27AB-45F6-951F-F2E8F644FC6A}\RP385\A0069443.sys is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\System Volume Information\_restore{B897ADC3-27AB-45F6-951F-F2E8F644FC6A}\RP385\A0069444.ini is infected by Win32:Malware-gen, Moved to chest
File C:\System Volume Information\_restore{B897ADC3-27AB-45F6-951F-F2E8F644FC6A}\RP387\A0071456.sys|>[Embedded_I#07c44] is infected by Win32:Tiny-AMB [Rtk], Move to chest: Error 0x80000006 {No More Files}
File C:\System Volume Information\_restore{B897ADC3-27AB-45F6-951F-F2E8F644FC6A}\RP387\A0071456.sys is infected by Win32:Sirefef-F [Drp], Moved to chest
File C:\System Volume Information\_restore{B897ADC3-27AB-45F6-951F-F2E8F644FC6A}\RP389\A0071468.ini is infected by Win32:Malware-gen, Moved to chest
File C:\System Volume Information\_restore{B897ADC3-27AB-45F6-951F-F2E8F644FC6A}\RP389\A0071475.sys|>[Embedded_I#07c44] is infected by Win32:Tiny-AMB [Rtk], Move to chest: Error 0x80000006 {No More Files}
File C:\System Volume Information\_restore{B897ADC3-27AB-45F6-951F-F2E8F644FC6A}\RP389\A0071475.sys is infected by Win32:Sirefef-F [Drp], Moved to chest
File C:\System Volume Information\_restore{B897ADC3-27AB-45F6-951F-F2E8F644FC6A}\RP389\A0071476.ini is infected by Win32:Malware-gen, Moved to chest
File C:\System Volume Information\_restore{B897ADC3-27AB-45F6-951F-F2E8F644FC6A}\RP390\A0073494.sys|>[Embedded_I#07c44] is infected by Win32:Tiny-AMB [Rtk], Move to chest: Error 0x80000006 {No More Files}
File C:\System Volume Information\_restore{B897ADC3-27AB-45F6-951F-F2E8F644FC6A}\RP390\A0073494.sys is infected by Win32:Sirefef-F [Drp], Moved to chest
File C:\System Volume Information\_restore{B897ADC3-27AB-45F6-951F-F2E8F644FC6A}\RP390\A0073502.sys|>[Embedded_I#07c44] is infected by Win32:Tiny-AMB [Rtk], Move to chest: Error 0x80000006 {No More Files}
File C:\System Volume Information\_restore{B897ADC3-27AB-45F6-951F-F2E8F644FC6A}\RP390\A0073502.sys is infected by Win32:Sirefef-F [Drp], Moved to chest
File C:\System Volume Information\_restore{B897ADC3-27AB-45F6-951F-F2E8F644FC6A}\RP391\A0073541.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{B897ADC3-27AB-45F6-951F-F2E8F644FC6A}\RP391\A0073563.rbf is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{B897ADC3-27AB-45F6-951F-F2E8F644FC6A}\RP391\A0073609.rbf is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{B897ADC3-27AB-45F6-951F-F2E8F644FC6A}\RP392\A0073705.rbf is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{B897ADC3-27AB-45F6-951F-F2E8F644FC6A}\RP392\A0073727.rbf is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{B897ADC3-27AB-45F6-951F-F2E8F644FC6A}\RP392\A0074842.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{B897ADC3-27AB-45F6-951F-F2E8F644FC6A}\RP392\A0074843.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{B897ADC3-27AB-45F6-951F-F2E8F644FC6A}\RP392\A0075599.sys is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\System Volume Information\_restore{B897ADC3-27AB-45F6-951F-F2E8F644FC6A}\RP392\A0076599.sys is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\System Volume Information\_restore{B897ADC3-27AB-45F6-951F-F2E8F644FC6A}\RP392\A0077605.sys is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\System Volume Information\_restore{B897ADC3-27AB-45F6-951F-F2E8F644FC6A}\RP392\A0078599.sys is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\System Volume Information\_restore{B897ADC3-27AB-45F6-951F-F2E8F644FC6A}\RP392\A0079599.sys is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\System Volume Information\_restore{B897ADC3-27AB-45F6-951F-F2E8F644FC6A}\RP392\A0080599.sys is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\System Volume Information\_restore{B897ADC3-27AB-45F6-951F-F2E8F644FC6A}\RP392\A0081599.sys is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\System Volume Information\_restore{B897ADC3-27AB-45F6-951F-F2E8F644FC6A}\RP392\A0082599.sys is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\System Volume Information\_restore{B897ADC3-27AB-45F6-951F-F2E8F644FC6A}\RP393\A0084599.sys is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\WINDOWS\PCHealth\ERRORREP\UserDumps\svchost.exe.20100501-234218-00.hdmp is infected by Win32:Alureon-LU [Trj], Moved to chest
File C:\WINDOWS\system32\CTSVCCDA.EXE is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\WINDOWS\system32\MsPMSPSv.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\WINDOWS\system32\nvsvc32.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File K:\Warez-Appz\Golden Tee\auto_pch.exe is infected by Win32:CIH-G@dam, Moved to chest
File K:\Warez-Appz\Golden Tee\sutility\upload.exe is infected by Win32:CIH-G@dam, Moved to chest
File K:\Warez-Appz\sysshock2\Sshock2.exe Error 42110 {The file is a decompression bomb.}
Number of searched folders: 68967
Number of tested files: 1881662
Number of infected files: 52


Here's the OTL stuff:

OTL logfile created on: 9/13/2011 7:40:07 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Justin\My Documents\Downloads\OTL new
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.73 Mb Total Physical Memory | 621.96 Mb Available Physical Memory | 60.81% Memory free
2.41 Gb Paging File | 2.17 Gb Available in Paging File | 90.38% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 22.44 Gb Free Space | 20.07% Space Free | Partition Type: NTFS
Drive E: | 3.76 Gb Total Space | 3.69 Gb Free Space | 98.17% Space Free | Partition Type: FAT32
Drive K: | 232.88 Gb Total Space | 52.71 Gb Free Space | 22.63% Space Free | Partition Type: NTFS

Computer Name: BDJSB7X | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2011/09/13 19:38:09 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Justin\My Documents\Downloads\OTL new\OTL (1).exe
PRC - [2011/09/06 16:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/13 16:37:42 | 001,561,600 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11091302\algo.dll
MOD - [2011/09/13 08:07:24 | 000,208,544 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11091302\aswRep.dll
MOD - [2010/08/15 18:08:44 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2006/10/22 13:22:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2006/05/14 00:23:40 | 000,138,752 | ---- | M] () -- C:\Program Files\7-Zip\7-zip.dll
MOD - [2004/06/20 19:17:22 | 000,121,344 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2000/05/17 15:04:54 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\PRTmate.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (TomTomHOMEService)
SRV - File not found [Auto | Stopped] -- -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - File not found [Auto | Stopped] -- -- (MDM)
SRV - File not found [Disabled | Stopped] -- -- (McTaskManager)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - File not found [Disabled | Stopped] -- -- (McAfeeFramework)
SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Auto | Stopped] -- -- (InCDsrv)
SRV - File not found [Auto | Stopped] -- -- (FlipShare Service)
SRV - File not found [Auto | Stopped] -- -- (dsNcService)
SRV - File not found [Auto | Stopped] -- -- (Bonjour Service)
SRV - File not found [Auto | Stopped] -- -- (Apple Mobile Device)
SRV - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)


========== Driver Services (SafeList) ==========

DRV - [2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 16:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 16:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/12 16:10:02 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2008/07/09 06:05:48 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/07/09 06:05:48 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/04/04 14:49:04 | 000,136,832 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH8000.sys -- (SaiH8000)
DRV - [2007/12/11 14:42:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/01/31 09:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007/01/18 08:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln)
DRV - [2005/10/15 21:15:41 | 000,027,171 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2005/10/08 18:22:38 | 000,071,512 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toywdm.sys -- (JL2005)
DRV - [2005/09/26 01:08:10 | 000,125,568 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avcgbdr.sys -- (avcgbdr)
DRV - [2005/07/28 04:28:10 | 000,019,712 | ---- | M] (Adaptec, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avcgbfl.sys -- (avcgbfl)
DRV - [2005/04/24 22:43:58 | 000,013,225 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Razerlow.sys -- (Razerlow)
DRV - [2004/10/08 07:59:12 | 000,326,656 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2004/10/08 07:57:50 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/08/06 02:26:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3)
DRV - [2004/07/17 05:24:20 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/04/07 15:11:00 | 000,038,860 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2004/04/07 15:11:00 | 000,019,908 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2003/06/30 10:51:24 | 000,028,208 | ---- | M] (Ahead Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass)
DRV - [2003/06/30 10:51:00 | 000,086,496 | ---- | M] () [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\incdfs.sys -- (InCDfs)
DRV - [2003/01/27 16:37:38 | 000,286,512 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/01/21 05:38:12 | 000,139,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HAP16V2K.SYS -- (hap16v2k)
DRV - [2003/01/07 05:03:42 | 000,822,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/01/06 03:24:12 | 000,012,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2003/01/06 03:05:14 | 000,184,656 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/12/19 02:06:02 | 000,116,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/12/19 02:05:52 | 000,135,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2002/12/19 02:05:32 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS -- (ctprxy2k)
DRV - [2002/12/19 02:05:12 | 000,497,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/12/19 02:03:42 | 000,135,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAC32K.SYS -- (ctac32k)
DRV - [2002/11/12 06:38:38 | 000,016,432 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)
DRV - [2001/08/23 15:00:00 | 000,022,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2000/12/12 15:45:52 | 000,008,679 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCI0PL.SYS -- (PLSCSI)
DRV - [2000/12/12 15:41:54 | 000,021,510 | ---- | M] ( ) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SCI1PL.SYS -- (USBAtapi2000)
DRV - [2000/04/18 00:53:50 | 000,112,624 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dvc325.sys -- (DCamUSBLTN)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Justin\Application Data\Move Networks\plugins\npqmp071500000347.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Justin\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Justin\Application Data\Move Networks\plugins\npqmp071500000347.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/04 19:37:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/09/13 01:34:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/08 18:05:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/17 21:24:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Justin\Application Data\Move Networks [2009/05/18 17:27:26 | 000,000,000 | ---D | M]

[2011/01/18 12:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Justin\Application Data\Mozilla\Extensions
[2011/01/18 12:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Justin\Application Data\Mozilla\Extensions\[email protected]
[2011/08/28 23:53:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\o26fuz9n.default\extensions
[2009/08/07 21:25:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\o26fuz9n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/09 19:53:24 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\o26fuz9n.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/08/31 02:31:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/30 20:58:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2005/09/15 18:26:00 | 000,044,153 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\inspector.dll
[2011/03/30 20:57:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/05/28 17:15:00 | 000,110,592 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2006/02/02 15:56:00 | 000,225,280 | ---- | M] (Virtools SA) -- C:\Program Files\mozilla firefox\plugins\npvirtools.dll

O1 HOSTS File: ([2011/09/13 01:15:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PaltalkWebLogin) - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll (AVM Software Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - File not found
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: frame.crazywinnings.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Ranges: Range1 ([*] in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akama...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1159395208484 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://download.game...aploader_v5.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E5FB9FD-EF7B-49B1-BEC9-50AF68A889E3}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/03 16:07:01 | 000,002,247 | ---- | M] () - C:\AutoAssault.log -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 60 Days ==========

[2011/09/13 01:34:50 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/09/13 01:34:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/09/13 01:34:49 | 000,320,856 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/09/13 01:34:47 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/09/13 01:34:46 | 000,442,200 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/09/13 01:34:46 | 000,052,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/09/13 01:34:44 | 000,110,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/09/13 01:34:44 | 000,104,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/09/13 01:34:44 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/09/13 01:34:27 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/09/13 01:34:26 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/09/13 01:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/09/13 01:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/09/13 01:29:50 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011/09/13 01:20:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/09/12 21:38:59 | 000,454,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/09/12 21:32:57 | 000,000,000 | ---D | C] -- C:\George
[2011/09/12 00:35:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/11 12:06:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmp
[2011/09/08 21:15:41 | 001,402,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Justin\Desktop\tdsskiller.exe
[2011/09/08 21:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\logs for post
[2011/09/08 18:18:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/08 18:18:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/08 18:18:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/08 18:18:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/08 18:13:55 | 004,204,602 | R--- | C] (Swearware) -- C:\Documents and Settings\Justin\Desktop\George.exe
[2011/09/08 18:11:06 | 001,832,544 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Justin\Desktop\MCPR.exe
[2011/09/08 18:05:26 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/09/06 19:20:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Start Menu\Programs\HiJackThis
[2011/09/06 07:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG Anti-Rootkit Free
[2011/09/06 07:06:30 | 000,003,968 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgArCln.sys
[2011/09/06 07:06:26 | 000,000,000 | ---D | C] -- C:\Program Files\GRISOFT
[2011/09/01 18:36:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Justin\Recent
[2011/09/01 07:50:32 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/01 07:50:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/01 07:50:25 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/01 07:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/01 07:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\Current pass
[2011/08/31 21:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\TMRBLog
[2011/08/31 21:12:00 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/08/31 21:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\log
[2011/08/31 21:11:59 | 000,065,808 | ---- | C] (trend_company_name) -- C:\WINDOWS\System32\drivers\tmrkb.sys
[2011/08/31 20:56:11 | 002,002,320 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Justin\Desktop\HousecallLauncher.exe
[2011/08/31 20:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Start Menu\Programs\Google Chrome
[2011/08/31 20:37:26 | 000,604,496 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Justin\Desktop\ChromeSetup.exe
[2011/08/31 02:09:01 | 122,890,824 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Justin\Desktop\sdat.exe
[2011/08/27 19:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\Jaggery and Fox
[2011/08/26 10:48:07 | 000,000,000 | ---D | C] -- C:\iPod Photo Cache
[2011/07/21 07:34:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\Hipstamatic
[2003/09/03 18:26:18 | 000,021,510 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\SCI1PL.SYS
[2003/09/03 18:26:18 | 000,008,679 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\SCI0PL.SYS
[2003/08/26 18:43:04 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[56 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[1912 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[18 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2011/09/13 19:43:01 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003UA.job
[2011/09/13 19:42:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/13 19:35:57 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/13 19:35:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/13 19:35:22 | 000,087,446 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/09/13 19:35:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/13 19:35:13 | 1072,484,352 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/13 19:34:16 | 000,030,180 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000002-00001102-00000004-10071102}.rfx
[2011/09/13 19:34:16 | 000,030,180 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000002-00001102-00000004-10071102}.rfx
[2011/09/13 19:34:16 | 000,030,168 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000002-00001102-00000004-10071102}.rfx
[2011/09/13 19:34:16 | 000,030,168 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000002-00001102-00000004-10071102}.rfx
[2011/09/13 19:34:16 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/09/13 19:34:16 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/09/13 19:34:16 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-10071102}.dat
[2011/09/13 19:34:16 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-10071102}.dat
[2011/09/13 01:34:50 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/09/13 01:34:45 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/09/13 01:15:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/13 00:45:52 | 001,832,544 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Justin\Desktop\MCPR.exe
[2011/09/12 21:33:24 | 004,204,602 | R--- | M] (Swearware) -- C:\Documents and Settings\Justin\Desktop\George.exe
[2011/09/11 11:46:01 | 000,000,512 | ---- | M] () -- C:\MBR_backup.dat
[2011/09/10 08:29:52 | 000,000,281 | -H-- | M] () -- C:\boot.ini
[2011/09/08 21:31:23 | 106,040,432 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\setup_11.0.0.1245.x01_2011_09_09_03_05.exe
[2011/09/08 21:22:03 | 001,916,416 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\aswMBR.exe
[2011/09/08 21:15:37 | 001,402,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Justin\Desktop\tdsskiller.exe
[2011/09/08 07:14:25 | 000,454,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/09/08 00:24:39 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/09/08 00:24:32 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/07 22:44:50 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\Google Chrome.lnk
[2011/09/07 22:44:50 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/07 22:13:16 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\Shortcut to OTL.exe.lnk
[2011/09/06 19:20:56 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\HiJackThis.lnk
[2011/09/06 16:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/09/06 16:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/09/06 16:36:23 | 000,110,552 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/09/06 16:36:20 | 000,104,536 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/09/06 16:33:11 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/09/06 10:37:52 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\HijackThis.msi
[2011/09/06 07:06:31 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Rootkit Free.lnk
[2011/09/01 07:50:32 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/31 21:11:59 | 000,065,808 | ---- | M] (trend_company_name) -- C:\WINDOWS\System32\drivers\tmrkb.sys
[2011/08/31 21:11:58 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/08/31 20:57:50 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\housecall.guid.cache
[2011/08/31 20:56:15 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Justin\Desktop\HousecallLauncher.exe
[2011/08/31 20:43:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003Core.job
[2011/08/31 20:37:26 | 000,604,496 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Justin\Desktop\ChromeSetup.exe
[2011/08/31 02:12:51 | 122,890,824 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Justin\Desktop\sdat.exe
[2011/08/31 02:11:46 | 090,266,112 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\vscan87.exe
[2011/08/12 12:32:00 | 008,570,384 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\RootkitBuster.exe
[2011/08/05 18:10:26 | 000,001,110 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2011/07/25 19:24:12 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Justin\.recently-used.xbel
[2011/07/19 07:22:23 | 000,444,286 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/19 07:22:23 | 000,072,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1912 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[18 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/13 01:34:50 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/09/11 11:46:01 | 000,000,512 | ---- | C] () -- C:\MBR_backup.dat
[2011/09/09 07:09:37 | 1072,484,352 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/08 21:27:40 | 106,040,432 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\setup_11.0.0.1245.x01_2011_09_09_03_05.exe
[2011/09/08 21:21:39 | 001,916,416 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\aswMBR.exe
[2011/09/08 18:18:46 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/08 18:18:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/08 18:18:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/08 18:18:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/08 18:18:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/07 22:13:16 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\Shortcut to OTL.exe.lnk
[2011/09/06 19:20:56 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\HiJackThis.lnk
[2011/09/06 07:06:31 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Rootkit Free.lnk
[2011/09/01 07:50:32 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/31 21:11:52 | 008,570,384 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\RootkitBuster.exe
[2011/08/31 20:57:50 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\housecall.guid.cache
[2011/08/31 20:48:38 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\HijackThis.msi
[2011/08/31 20:39:20 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\Google Chrome.lnk
[2011/08/31 20:39:20 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/31 20:38:15 | 000,000,982 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003UA.job
[2011/08/31 20:38:15 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003Core.job
[2011/08/31 02:08:34 | 090,266,112 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\vscan87.exe
[2011/07/25 19:24:12 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Justin\.recently-used.xbel
[2011/02/18 06:54:29 | 000,000,185 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/24 13:12:22 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/31 14:02:57 | 000,063,900 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/18 14:34:50 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\mcs.rma
[2009/08/18 14:34:50 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\D031BF
[2009/08/09 10:58:42 | 000,000,943 | ---- | C] () -- C:\WINDOWS\TATCALL.INI
[2009/08/09 10:58:42 | 000,000,020 | ---- | C] () -- C:\WINDOWS\TATVER.INI
[2009/08/09 10:58:41 | 000,000,260 | ---- | C] () -- C:\WINDOWS\TATUNINS.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/01 20:12:10 | 000,001,697 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\Juniper Network Connect 6.3.0.ini
[2009/05/05 12:08:06 | 000,000,119 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
[2009/05/04 18:49:55 | 000,000,043 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2008/11/16 21:05:00 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/13 20:27:35 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/11/13 20:27:35 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/11/13 20:27:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/11/13 20:27:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/11/13 20:27:35 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/11/13 20:27:35 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/10/19 09:53:40 | 000,000,060 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/07/25 00:39:42 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/07/15 19:29:28 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/04/04 14:49:04 | 001,282,048 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000.Dll
[2008/04/04 14:49:04 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_0C.dll
[2008/04/04 14:49:04 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_10.dll
[2008/04/04 14:49:04 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_0A.dll
[2008/04/04 14:49:04 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_07.dll
[2008/04/04 14:49:04 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_09.dll
[2008/04/04 14:49:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_0402.dll
[2008/04/04 14:49:04 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_11.dll
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/10/15 21:05:47 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
[2007/03/03 07:12:44 | 000,000,473 | ---- | C] () -- C:\WINDOWS\vsp.ini
[2007/02/14 21:46:25 | 000,000,123 | ---- | C] () -- C:\WINDOWS\win96.INI
[2007/02/14 19:17:46 | 000,000,065 | ---- | C] () -- C:\WINDOWS\namedts.INI
[2007/01/30 20:31:46 | 000,002,795 | ---- | C] () -- C:\WINDOWS\EaseAudioConverter.ini
[2007/01/24 19:21:32 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/01/22 21:01:28 | 000,003,885 | ---- | C] () -- C:\WINDOWS\SCWRITER.INI
[2006/09/17 01:37:30 | 000,080,384 | ---- | C] () -- C:\WINDOWS\gamedelete.exe
[2006/07/09 23:36:01 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\UnCasino5.exe
[2006/04/14 11:37:26 | 000,000,032 | ---- | C] () -- C:\WINDOWS\aceg.ini
[2006/03/25 09:05:25 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/03/13 16:19:23 | 000,006,812 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/03/13 16:05:18 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2006/03/09 09:01:20 | 000,001,603 | ---- | C] () -- C:\WINDOWS\kd330lan.ini
[2006/03/09 09:01:20 | 000,001,403 | ---- | C] () -- C:\WINDOWS\Dvc325.ini
[2006/01/14 11:57:56 | 000,002,564 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/27 13:24:31 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/12/18 14:02:27 | 000,090,624 | ---- | C] () -- C:\WINDOWS\VSUNINST.EXE
[2005/10/16 20:23:27 | 000,096,768 | ---- | C] () -- C:\WINDOWS\System32\UnPoker.exe
[2005/07/08 14:26:09 | 000,000,032 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/06/21 23:57:21 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/06/03 09:21:42 | 001,456,640 | ---- | C] () -- C:\Program Files\Common Files\Auto Assault.msi
[2005/05/12 00:34:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/05/12 00:34:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2005/05/12 00:34:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/05/12 00:34:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2005/05/12 00:34:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/05/12 00:34:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/05/12 00:34:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/05/12 00:34:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2005/05/12 00:34:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2005/05/12 00:34:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/04/13 19:11:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/04/13 19:11:23 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/04/13 19:11:11 | 000,006,400 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/03/28 22:13:30 | 000,000,003 | ---- | C] () -- C:\WINDOWS\sw_app.sys
[2005/03/28 22:13:30 | 000,000,003 | ---- | C] () -- C:\WINDOWS\approval.dat
[2005/03/28 22:13:03 | 000,000,003 | ---- | C] () -- C:\WINDOWS\sw_ver.dat
[2005/01/17 08:32:50 | 000,002,840 | ---- | C] () -- C:\WINDOWS\System32\vp.dat
[2005/01/17 08:32:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\vg.dat
[2005/01/17 08:32:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\v.dat
[2005/01/15 17:02:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lqybd.dat
[2005/01/04 22:51:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\apiyi.exe
[2005/01/02 11:19:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sysxq.exe
[2004/12/26 23:26:25 | 000,000,125 | ---- | C] () -- C:\WINDOWS\WinFrotz.INI
[2004/12/20 08:08:04 | 000,001,234 | ---- | C] () -- C:\WINDOWS\ARCHPR.INI
[2004/12/19 09:05:53 | 000,000,021 | ---- | C] () -- C:\WINDOWS\progman.ini
[2004/12/19 09:05:41 | 000,000,082 | ---- | C] () -- C:\WINDOWS\swcmpc.ini
[2004/12/18 10:33:28 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2004/11/19 00:37:34 | 000,000,292 | ---- | C] () -- C:\WINDOWS\vtmb.ini
[2004/11/18 23:12:27 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/09/26 09:19:27 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/24 08:34:26 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\fusioncache.dat
[2004/07/31 16:07:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/07/19 18:14:44 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2004/07/19 18:14:42 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/05/23 19:52:44 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/04/21 23:37:39 | 000,000,167 | ---- | C] () -- C:\WINDOWS\Recorder.dat
[2004/03/13 10:00:02 | 000,087,040 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2004/03/12 18:17:59 | 000,000,103 | ---- | C] () -- C:\WINDOWS\BJ.INI
[2004/02/28 01:20:15 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2004/02/22 21:55:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MOTO.INI
[2004/02/21 10:13:04 | 000,000,017 | ---- | C] () -- C:\WINDOWS\BICYCLE.INI
[2004/02/21 10:11:50 | 000,000,332 | ---- | C] () -- C:\WINDOWS\BP.INI
[2004/02/21 10:05:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BA.INI
[2003/09/25 06:46:39 | 000,000,070 | ---- | C] () -- C:\WINDOWS\nero.INI
[2003/09/13 07:38:51 | 000,220,160 | ---- | C] () -- C:\WINDOWS\PRINTERS.EXE
[2003/09/13 07:38:51 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\PRTmate.dll
[2003/09/07 14:47:41 | 000,115,085 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/09/07 07:29:09 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/09/06 11:47:13 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wa.INI
[2003/09/06 10:38:51 | 000,000,761 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2003/09/06 08:52:49 | 000,001,645 | ---- | C] () -- C:\WINDOWS\yahtzee.ini
[2003/09/04 22:04:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2003/09/04 18:57:53 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2003/09/03 20:33:05 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/09/03 18:31:51 | 000,001,110 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2003/08/28 15:10:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/27 09:17:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/08/27 09:13:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/08/27 09:05:42 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2003/08/27 09:05:42 | 000,002,398 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/08/27 09:05:29 | 000,444,286 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/08/27 09:05:29 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/08/27 09:05:29 | 000,072,440 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/08/27 09:05:29 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/08/27 09:05:28 | 000,004,742 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/08/27 09:05:27 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/08/27 09:05:27 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/08/27 09:05:25 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/08/27 09:05:25 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/08/27 09:05:20 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/08/27 09:05:18 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/08/27 02:09:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/08/27 02:08:39 | 000,278,944 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/08/26 18:49:01 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-10071102}.dat
[2003/08/26 18:49:01 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-10071102}.dat
[2003/08/26 18:43:59 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2003/08/26 18:43:58 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2003/08/26 18:43:17 | 000,066,980 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2003/08/26 18:43:17 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/08/26 18:43:13 | 000,248,091 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2003/08/26 18:43:13 | 000,232,723 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2003/08/26 18:43:13 | 000,224,644 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2003/08/26 18:43:13 | 000,190,720 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2003/08/26 18:43:13 | 000,138,816 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2003/08/26 18:43:13 | 000,110,820 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2003/08/26 18:43:13 | 000,053,674 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2003/08/26 18:43:08 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2003/08/26 18:43:08 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2003/08/26 18:43:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2003/08/26 18:43:08 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2003/08/26 18:43:08 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2003/08/26 18:42:56 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2003/08/26 18:42:45 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2003/08/26 18:41:48 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/08/26 18:24:09 | 000,007,264 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2003/08/26 18:23:50 | 000,086,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\incdfs.sys
[2003/08/19 16:22:19 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.DLL
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/07 00:19:16 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2001/08/23 15:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2000/03/29 22:00:00 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
[1999/10/23 18:29:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\UNRAR.DLL
[1999/08/11 15:28:02 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\LIBBZ2.DLL
[1999/05/21 21:10:00 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1998/01/28 00:06:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
[1997/11/17 18:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93F3E4C9
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:364682BC

< End of report >


OTL Extras logfile created on: 9/13/2011 7:40:07 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Justin\My Documents\Downloads\OTL new
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.73 Mb Total Physical Memory | 621.96 Mb Available Physical Memory | 60.81% Memory free
2.41 Gb Paging File | 2.17 Gb Available in Paging File | 90.38% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 22.44 Gb Free Space | 20.07% Space Free | Partition Type: NTFS
Drive E: | 3.76 Gb Total Space | 3.69 Gb Free Space | 98.17% Space Free | Partition Type: FAT32
Drive K: | 232.88 Gb Total Space | 52.71 Gb Free Space | 22.63% Space Free | Partition Type: NTFS

Computer Name: BDJSB7X | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe ()

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\System32\Mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SmartFTP\SmartFTP.exe" = C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP -- (SmartFTP)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe" = C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0 -- (SmartSoft Ltd.)
"C:\Program Files\Joost\xulrunner\tvprunner.exe" = C:\Program Files\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner -- (Joost Technologies B.V.)
"C:\Program Files\Steam\SteamApps\bdjsb7\rag doll kung fu demo\Rag_Doll_Kung_Fu_Steam.exe" = C:\Program Files\Steam\SteamApps\bdjsb7\rag doll kung fu demo\Rag_Doll_Kung_Fu_Steam.exe:*:Enabled:Rag Doll Kung Fu Demo -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015ED318-48FE-4F7F-A7D5-D9BC77D3263E}" = Visual C++ 2005 Express Edition Beta - English
"{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies™
"{11C762F9-95EA-486A-A8E7-683A50C231C1}" = SmartFTP
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1A91D1FA-B9B3-4556-9878-5C61059A19B2}" = InterVideo DVD
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{204752E3-4202-11D4-8586-0050DA635DCF}" = Carmageddon TDR2000
"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{284CF4B8-4055-4D2E-BC04-5ADD7AA10E3D}" = The Movies™ 1.1 Patch
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C662203-292F-4E9D-AE02-281071C06903}" = Far Cry (Patch 1.33)
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{42095863-98D1-4A49-BDF8-638DE8A5F316}" = Sound Blaster Audigy 2
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{4FFB0B3B-BF82-4248-A275-630AC5F7EFC5}" = Adobe Photoshop Lightroom 2.4
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59AD52AA-2E3A-47B6-A3FA-D4C8C38A7FE5}" = Auto Assault
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = PlayNC Launcher
"{66F324A1-BDC0-11D7-9E5C-00D0B76A8705}" = Creative NOMAD Jukebox Zen Xtra
"{67D15B01-9A6B-0397-002A-D2A015212748}" = FlipShare
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C08753F-2A90-494A-BD09-E3F222B2BDCA}" = USB-IDE Bridge Driver
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{757A7F5D-F9A1-4DC5-8738-C0A31C658BC8}" = McAfee Agent
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{85DC9962-BB64-4C13-B079-1F5566C81BE7}" = Visual C# 2005 Express Edition Beta - English
"{89AD2814-AFA2-46AF-AE53-C27196D9FBE6}" = InterVideo TV
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{97573806-3C00-4CE0-9D31-3925DD845DCE}" = Freedom Force® vs The 3rd Reich
"{98786147-80E3-41A5-A80C-1F3C028558CF}" = Hearts of Iron 2
"{A1D90367-F510-49A7-A06C-03EFEFF6DB0D}" = FTP Explorer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABEB838C-A1A7-4C5D-B7E1-8B4314600203}" = MSN Messenger 6.1
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{C06A7DAC-1708-417C-B694-28C84DFE2DF9}" = The Movies™ Stunts & Effects
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C169D3BB-9A27-43F5-9979-09A0D65FE95C}" = SmartFTP Client 2.0
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D6D5CFB3-7095-4073-B6B7-B7E909838C57}" = Razer Pro|Solutions
"{D792A069-B96B-40BA-BCB4-E5651A6E5926}" = Far Cry (Patch 1)
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{D896FA08-E11B-48BB-BE48-EB0A87AC96FE}" = Hoyle Casino 3D
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EE8592F6-FC2B-4AFD-B527-109D127C039F}" = Far Cry (Patch 1.31)
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F1AB76C0-333F-11D5-BF46-0002B306C443}" = 3D Ultra Pinball Thrillride
"{F7514465-E5F3-48E9-A952-327DAEF33DE6}" = InterVideo Home Theater
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF70923C-8A51-47F4-A7E9-893C6D54EB68}" = TES Construction Set
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"7-Zip" = 7-Zip 4.42
"8461-7759-5462-8226" = Vuze
"Abuse for Windows - Full" = Abuse for Windows - Full
"Addiction Pinball" = Addiction Pinball
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Ambush Pack for Pocket Tanks Deluxe_is1" = Ambush Pack 1.00 for Pocket Tanks Deluxe
"AOL Instant Messenger" = AOL Instant Messenger
"Armagetron Advanced" = Armagetron Advanced 0.2.8.2.1.gcc
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"AVGantiRootkit" = AVG Anti-Rootkit Free
"balldroppings" = balldroppings
"Base Invaders_is1" = Base Invaders Alpha Release
"Battle for Wesnoth_is1" = Battle for Wesnoth 1.1.8
"BFGC" = Big Fish Games Client
"BFG-Fairway Solitaire" = Fairway Solitaire
"Bonus Pack for Super DX-Ball Deluxe_is1" = Bonus Pack v1.0 for Super DX-Ball Deluxe
"Bubble Bobble TNA" = Bubble Bobble TNA
"CDisplay_is1" = CDisplay 1.7
"Chaos Pack for Pocket Tanks Deluxe_is1" = Chaos Pack 1.00 for Pocket Tanks Deluxe
"CHOLO" = CHOLO
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"conduitEngine" = Conduit Engine
"CopyTrans Suite" = CopyTrans Suite (remove only)
"Cpt. Binary_is1" = Cpt. Binary
"Creative Jukebox Driver" = Creative Jukebox Driver
"Dark Oberon" = Dark Oberon
"De_Blob_EN" = De Blob (alleen verwijderen)
"Ease Audio Converter_is1" = Ease Audio Converter 4.10
"Escape Rosecliff Island 1.0.0.2" = Escape Rosecliff Island 1.0.0.2
"Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1" = NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up
"Exif Farm" = Exif Farm
"ExpressBurn" = Express Burn
"ExpressRip" = Express Rip
"Fallout" = Fallout
"FileZilla Client" = FileZilla Client 3.3.4.1
"Flamethrower Pack for Pocket Tanks Deluxe_is1" = Flamethrower Pack 1.00 for Pocket Tanks Deluxe
"Flickr Uploadr" = Flickr Uploadr 2.5.0.15
"Fraps" = Fraps (remove only)
"FriendlyNET" = FriendlyNET
"Future Pinball_is1" = Future Pinball
"Fuzz Pack for Pocket Tanks Deluxe_is1" = Fuzz Pack v1.0 for Pocket Tanks Deluxe
"GameBiz 2_is1" = GameBiz 2 Uninstall
"GameSpy Arcade" = GameSpy Arcade
"GEARDrivers" = GEAR Drivers
"Gish Demo" = Gish Demo
"GoldWave v5.06" = GoldWave v5.06
"Gravity Pack for Pocket Tanks Deluxe_is1" = Gravity Pack v1.1 for Pocket Tanks Deluxe
"Guild Wars" = Guild Wars
"Harmotionv0.21" = Harmotion
"Hoyle Casino 2007" = Hoyle Casino 2007 (remove only)
"InCD!UninstallKey" = Ahead InCD
"InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies™ Stunts & Effects
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{97573806-3C00-4CE0-9D31-3925DD845DCE}" = Freedom Force® vs The 3rd Reich
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 1.6
"JL2005A Camera_is1" = Uninstall JL2005A Camera
"Joost" = Joost ™ Beta 1.0
"Juniper Network Connect 6.4.0" = Juniper Networks Network Connect 6.4.0
"Juniper Network Connect 7.0.0" = Juniper Networks Network Connect 7.0.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"King's Quest 1 VGA" = King's Quest 1 VGA
"King's Quest 1 VGA Music Pack" = King's Quest 1 VGA Music Pack
"King's Quest 1 VGA Speech Pack" = King's Quest 1 VGA Speech Pack
"King's Quest 2 VGA" = King's Quest 2 VGA
"King's Quest 2 VGA Digital Music Pack" = King's Quest 2 VGA Digital Music Pack
"King's Quest 2 VGA Speech Pack" = King's Quest 2 VGA Speech Pack
"Kodak DVC325 Digital Video Camera Software" = Kodak DVC325 Digital Video Camera Software Installation
"Launch of the Screaming Narwhal" = Tales of Monkey Island - Launch of the Screaming Narwhal
"Logitech Print Service" = Logitech Print Service
"Lugaru_is1" = Lugaru v1.03
"Magic ISO Maker v4.2 (build 0091)" = Magic ISO Maker v4.2 (build 0091)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Maniac Mansion Deluxe" = Maniac Mansion Deluxe
"Meteor Pack for Pocket Tanks Deluxe_is1" = Meteor Pack 1.00 for Pocket Tanks Deluxe
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixPad" = MixPad
"Mozilla Firefox (3.6.20)" = Mozilla Firefox (3.6.20)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSwap Tool" = MSwap Tool
"myFairTunes_is1" = myFairTunes v.7.0.2
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = Ahead NeroVision Express
"Nuke Pack for Pocket Tanks Deluxe_is1" = Nuke Pack 1.00 for Pocket Tanks Deluxe
"NVIDIA Drivers" = NVIDIA Drivers
"PalTalk8.2" = Paltalk Messenger
"Phun_is1" = Phun beta 3.0
"Pinball Arcade 1.0" = Microsoft Pinball Arcade
"Plants vs. Zombies" = Plants vs. Zombies
"Pocket Tanks Deluxe_is1" = Pocket Tanks Deluxe v1.2
"Power Pack for Pocket Tanks Deluxe_is1" = Power Pack 1.00 for Pocket Tanks Deluxe
"PowerArchiver" = PowerArchiver
"PowerISO" = PowerISO
"PROSet" = Intel® PRO Network Adapters and Drivers
"Pure Pinball" = Pure Pinball
"QcDrv" = Logitech® Camera Driver
"RealPlayer 6.0" = RealPlayer
"Scrabble" = Scrabble
"SEGA Swirl" = SEGA Swirl
"Shockwave" = Shockwave
"SHOUTcastDSP" = SHOUTcast Source DSP 1.8.2 (remove only)
"Sierra Utilities" = Sierra Utilities
"Slice" = Slice Uninstall
"Slingo" = Slingo
"SmartFTP Client 2.0 Setup Files" = SmartFTP Client 2.0 Setup Files (remove only)
"Snowball Pack for Pocket Tanks Deluxe_is1" = Snowball Pack v1.1 for Pocket Tanks Deluxe
"Soulseek" = SoulSeek Client 156c
"ST6UNST #1" = Arcade@Home v0.37b
"ST6UNST #2" = MAME Classic
"Steam" = Steam
"Super DX-Ball Deluxe_is1" = Super DX-Ball Deluxe v1.1
"Super DX-Ball_is1" = Super DX-Ball v1.00
"Super Mario: Blue Twilight DX (v1.04.1)" = Super Mario: Blue Twilight DX (v1.04.1)
"Super Pack for Pocket Tanks Deluxe_is1" = Super Pack v1.11 for Pocket Tanks Deluxe
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 2 Server_is1" = TeamSpeak 2 Server RC2
"The Silver Lining_is1" = TSL Alpha Demo - Public Demo RC1
"The Ur-Quan Masters" = The Ur-Quan Masters 0.5.0
"TomTom HOME" = TomTom HOME 2.8.0.2146
"Toshiba AutoTask" = Toshiba AutoTask
"Treasure Pack for Super DX-Ball Deluxe_is1" = Treasure Pack v1.0 for Super DX-Ball Deluxe
"TSDisp" = TSDisp
"UFRaw_is1" = UFRaw 0.14.1
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"Visual C# 2005 Express Edition Beta - English" = Visual C# 2005 Express Edition Beta - English
"Visual C++ 2005 Express Edition Beta - English" = Visual C++ 2005 Express Edition Beta - English
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinRAR archiver" = WinRAR archiver
"Within a Deep Forest_is1" = Within a Deep Forest 1.1.1
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"Yahoo! Messenger" = Yahoo! Messenger
"Yahtzeev1" = Yahtzee
"YASA Audio/Data/Video CD Burner v4.2.80" = YASA Audio/Data/Video CD Burner v4.2.80
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 9/13/2011 7:35:53 PM | Computer Name = BDJSB7X | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%2

Error - 9/13/2011 7:35:53 PM | Computer Name = BDJSB7X | Source = Service Control Manager | ID = 7003
Description = The McAfee McShield service depends on the following nonexistent service:
mfevtp

Error - 9/13/2011 7:35:53 PM | Computer Name = BDJSB7X | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 9/13/2011 7:35:53 PM | Computer Name = BDJSB7X | Source = Service Control Manager | ID = 7000
Description = The Machine Debug Manager service failed to start due to the following
error: %%2

Error - 9/13/2011 7:35:53 PM | Computer Name = BDJSB7X | Source = Service Control Manager | ID = 7000
Description = The SupportSoft Sprocket Service (ddoctorv2) service failed to start
due to the following error: %%2

Error - 9/13/2011 7:35:53 PM | Computer Name = BDJSB7X | Source = Service Control Manager | ID = 7000
Description = The TomTomHOMEService service failed to start due to the following
error: %%2

Error - 9/13/2011 7:35:53 PM | Computer Name = BDJSB7X | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 9/13/2011 7:35:56 PM | Computer Name = BDJSB7X | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
mfehidk mfetdik

Error - 9/13/2011 7:35:56 PM | Computer Name = BDJSB7X | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service iPod Service with
arguments "-Service" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 9/13/2011 7:35:56 PM | Computer Name = BDJSB7X | Source = Service Control Manager | ID = 7000
Description = The iPod Service service failed to start due to the following error:
%%2


< End of report >
  • 0

#34
RKinner
Posted 13 September 2011 - 06:28 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
We got another of those with the space before the .exe. Copy the text in the code box:


Killall::

RenV::
c:\program files\ESET\ESET NOD32 Antivirus\egui .exe

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

I've got to walk the dog. When I get back I will look up the registry entry for HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy
on my XP

Ron
  • 0

#35
bdjsb7
Posted 13 September 2011 - 07:30 PM

bdjsb7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
ComboFix 11-09-13.04 - Justin 09/13/2011 20:51:20.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.501 [GMT -4:00]
Running from: c:\documents and settings\Justin\Desktop\George.exe
Command switches used :: c:\documents and settings\Justin\Desktop\CFSCRIPT.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-08-14 to 2011-09-14 )))))))))))))))))))))))))))))))
.
.
2011-09-13 05:34 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-13 05:34 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-13 05:34 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-13 05:34 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-13 05:34 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-13 05:34 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-13 05:34 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-13 05:34 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-13 05:34 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-09-13 05:34 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-13 05:34 . 2011-09-13 05:34 -------- d-----w- c:\program files\AVAST Software
2011-09-13 05:34 . 2011-09-13 05:34 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-09-13 05:29 . 2011-07-13 02:55 2237440 ----a-r- C:\OTLPE.exe
2011-09-13 01:38 . 2011-09-08 11:14 454016 -c--a-w- c:\windows\system32\dllcache\mrxsmb.sys
2011-09-13 01:38 . 2011-09-08 11:14 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-09-13 01:32 . 2011-09-13 01:33 -------- d-----w- C:\George
2011-09-12 04:35 . 2011-09-12 04:35 -------- d-----w- C:\_OTL
2011-09-11 16:06 . 2011-09-11 16:11 -------- d-----w- c:\windows\tmp
2011-09-06 23:20 . 2011-09-06 23:20 388096 ----a-r- c:\documents and settings\Justin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-06 11:06 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2011-09-01 11:50 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-01 11:50 . 2011-09-01 11:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-01 11:50 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-01 01:12 . 2011-09-01 01:11 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-09-01 01:11 . 2011-09-01 01:11 65808 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2011-08-26 14:48 . 2011-08-26 14:48 -------- d-----w- C:\iPod Photo Cache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 01:18 . 2010-09-05 05:17 41856 ----a-w- c:\windows\system32\drivers\imapi.sys
2011-09-09 01:18 . 2010-09-05 05:17 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-06-22 00:08 . 2011-05-16 05:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2005-04-25 18:20 . 2005-06-03 13:21 1456640 -c--a-w- c:\program files\Common Files\Auto Assault.msi
2005-09-15 22:26 . 2005-04-13 23:11 44153 ----a-w- c:\program files\mozilla firefox\components\inspector.dll
.
<pre>
c:\program files\iTunes\iTunesHelper .exe
</pre>
.
((((((((((((((((((((((((((((( SnapShot@2011-09-13_03.22.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 04:02 . 2009-07-12 04:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
- 2003-08-27 13:05 . 2008-04-14 00:12 14336 c:\windows\system32\svchost.exe
+ 2003-08-27 13:05 . 2004-08-04 07:56 14336 c:\windows\system32\svchost.exe
+ 2003-08-27 13:05 . 2004-08-04 07:56 14336 c:\windows\system32\dllcache\svchost.exe
+ 2009-07-12 04:02 . 2009-07-12 04:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2011-09-13 05:34 . 2011-09-13 05:34 219648 c:\windows\Installer\129855.msi
+ 2009-07-12 04:02 . 2009-07-12 04:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[BU]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\SteamApps\\bdjsb7\\rag doll kung fu demo\\Rag_Doll_Kung_Fu_Steam.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9/13/2011 1:34 AM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/13/2011 1:34 AM 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/13/2011 1:34 AM 20568]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [8/26/2003 6:43 PM 12160]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe --> c:\program files\TomTom HOME 2\TomTomHOMEService.exe [?]
S3 DCamUSBLTN;Kodak DVC325 Digital Video Camera;c:\windows\system32\drivers\dvc325.sys [3/9/2006 9:01 AM 112624]
S3 JL2005;JL2005A Camera;c:\windows\system32\drivers\toywdm.sys [10/8/2005 6:22 PM 71512]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [9/1/2011 7:50 AM 41272]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [5/27/2006 2:09 AM 13225]
S3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [7/30/2004 10:25 AM 136832]
S4 gupdate1c96b3e6afb0570;Google Update Service (gupdate1c96b3e6afb0570);c:\program files\Google\Update\GoogleUpdate.exe [12/31/2008 7:53 AM 133104]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-31 11:53]
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-31 11:53]
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003Core.job
- c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-01 00:38]
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003UA.job
- c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-01 00:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.comcast.net/
mSearch Bar =
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: frame.crazywinnings.com
TCP: DhcpNameServer = 192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\o26fuz9n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=59083&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Justin\Application Data\Move Networks
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-13 21:21
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1757981266-854245398-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:96,0a,2c,f5,36,7c,56,a5,ba,24,8e,66,8f,90,0f,39,a7,bd,7e,18,8e,71,32,
02,9a,cc,e5,a3,43,30,ec,23,de,5b,c3,c2,13,99,57,72,52,64,d8,91,26,59,ec,92,\
"??"=hex:28,06,8e,81,36,da,59,86,31,0d,8d,c4,2c,3d,e1,63
.
[HKEY_USERS\S-1-5-21-1757981266-854245398-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:07,d3,0e,31,1d,b6,7e,ed,58,28,1e,35,ca,5c,0e,a5,24,7c,fd,54,dd,
72,f6,00,b2,de,54,41,de,07,7b,d7,86,ae,5a,e0,2a,2b,41,66,3a,e4,0d,18,70,ea,\
"rkeysecu"=hex:73,84,43,dc,82,74,62,f7,07,9c,00,1b,e4,6a,a6,3c
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1448)
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTJBNS.DLL
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTIntrfc.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\JBNSHK.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\JBNSRES.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\ftpxext.dll
c:\program files\SmartFTP Client 2.0\smarthook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXEV.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-09-13 21:29:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-14 01:29
ComboFix2.txt 2011-09-13 05:20
ComboFix3.txt 2011-09-13 03:28
.
Pre-Run: 24,051,568,640 bytes free
Post-Run: 24,045,387,776 bytes free
.
- - End Of File - - 98A833053BB595E8A791AD11204242BE
  • 0

#36
RKinner
Posted 13 September 2011 - 07:42 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
One more time:



Copy the text in the code box:


Killall::

RenV::
c:\program files\iTunes\iTunesHelper .exe

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.



Ron
  • 0

#37
RKinner
Posted 13 September 2011 - 08:47 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Download and save the attached zip file. Right click and Extract All. There are 2 files. The dll file goes in C:\Windows\system32\ if you already have one there do not overwrite it. Just go on to the next step.

Right click on the dim.reg file and MERGE
  • 0

#38
bdjsb7
Posted 13 September 2011 - 10:21 PM

bdjsb7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
ComboFix 11-09-13.04 - Justin 09/13/2011 23:48:51.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.578 [GMT -4:00]
Running from: c:\documents and settings\Justin\Desktop\George.exe
Command switches used :: c:\documents and settings\Justin\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-08-14 to 2011-09-14 )))))))))))))))))))))))))))))))
.
.
2011-09-13 05:34 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-13 05:34 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-13 05:34 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-13 05:34 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-13 05:34 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-13 05:34 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-13 05:34 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-13 05:34 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-13 05:34 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-09-13 05:34 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-13 05:34 . 2011-09-13 05:34 -------- d-----w- c:\program files\AVAST Software
2011-09-13 05:34 . 2011-09-13 05:34 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-09-13 05:29 . 2011-07-13 02:55 2237440 ----a-r- C:\OTLPE.exe
2011-09-13 01:38 . 2011-09-08 11:14 454016 -c--a-w- c:\windows\system32\dllcache\mrxsmb.sys
2011-09-13 01:38 . 2011-09-08 11:14 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-09-13 01:32 . 2011-09-13 01:33 -------- d-----w- C:\George
2011-09-12 04:35 . 2011-09-12 04:35 -------- d-----w- C:\_OTL
2011-09-11 16:06 . 2011-09-11 16:11 -------- d-----w- c:\windows\tmp
2011-09-06 23:20 . 2011-09-06 23:20 388096 ----a-r- c:\documents and settings\Justin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-06 11:06 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2011-09-01 11:50 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-01 11:50 . 2011-09-01 11:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-01 11:50 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-01 01:12 . 2011-09-01 01:11 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-09-01 01:11 . 2011-09-01 01:11 65808 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2011-08-26 14:48 . 2011-08-26 14:48 -------- d-----w- C:\iPod Photo Cache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 01:18 . 2010-09-05 05:17 41856 ----a-w- c:\windows\system32\drivers\imapi.sys
2011-09-09 01:18 . 2010-09-05 05:17 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-06-22 00:08 . 2011-05-16 05:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2005-04-25 18:20 . 2005-06-03 13:21 1456640 -c--a-w- c:\program files\Common Files\Auto Assault.msi
2005-09-15 22:26 . 2005-04-13 23:11 44153 ----a-w- c:\program files\mozilla firefox\components\inspector.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-13_03.22.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 04:02 . 2009-07-12 04:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
- 2003-08-27 13:05 . 2008-04-14 00:12 14336 c:\windows\system32\svchost.exe
+ 2003-08-27 13:05 . 2004-08-04 07:56 14336 c:\windows\system32\svchost.exe
+ 2003-08-27 13:05 . 2004-08-04 07:56 14336 c:\windows\system32\dllcache\svchost.exe
+ 2009-07-12 04:02 . 2009-07-12 04:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2011-09-13 05:34 . 2011-09-13 05:34 219648 c:\windows\Installer\129855.msi
+ 2009-07-12 04:02 . 2009-07-12 04:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[BU]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\SteamApps\\bdjsb7\\rag doll kung fu demo\\Rag_Doll_Kung_Fu_Steam.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9/13/2011 1:34 AM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/13/2011 1:34 AM 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/13/2011 1:34 AM 20568]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [8/26/2003 6:43 PM 12160]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe --> c:\program files\TomTom HOME 2\TomTomHOMEService.exe [?]
S3 DCamUSBLTN;Kodak DVC325 Digital Video Camera;c:\windows\system32\drivers\dvc325.sys [3/9/2006 9:01 AM 112624]
S3 JL2005;JL2005A Camera;c:\windows\system32\drivers\toywdm.sys [10/8/2005 6:22 PM 71512]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [9/1/2011 7:50 AM 41272]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [5/27/2006 2:09 AM 13225]
S3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [7/30/2004 10:25 AM 136832]
S4 gupdate1c96b3e6afb0570;Google Update Service (gupdate1c96b3e6afb0570);c:\program files\Google\Update\GoogleUpdate.exe [12/31/2008 7:53 AM 133104]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-31 11:53]
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-31 11:53]
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003Core.job
- c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-01 00:38]
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003UA.job
- c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-01 00:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.comcast.net/
mSearch Bar =
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: frame.crazywinnings.com
TCP: DhcpNameServer = 192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\o26fuz9n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=59083&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Justin\Application Data\Move Networks
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-14 00:10
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1757981266-854245398-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:96,0a,2c,f5,36,7c,56,a5,ba,24,8e,66,8f,90,0f,39,a7,bd,7e,18,8e,71,32,
02,9a,cc,e5,a3,43,30,ec,23,de,5b,c3,c2,13,99,57,72,52,64,d8,91,26,59,ec,92,\
"??"=hex:28,06,8e,81,36,da,59,86,31,0d,8d,c4,2c,3d,e1,63
.
[HKEY_USERS\S-1-5-21-1757981266-854245398-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:07,d3,0e,31,1d,b6,7e,ed,58,28,1e,35,ca,5c,0e,a5,24,7c,fd,54,dd,
72,f6,00,b2,de,54,41,de,07,7b,d7,86,ae,5a,e0,2a,2b,41,66,3a,e4,0d,18,70,ea,\
"rkeysecu"=hex:73,84,43,dc,82,74,62,f7,07,9c,00,1b,e4,6a,a6,3c
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4032)
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTJBNS.DLL
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTIntrfc.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\JBNSHK.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\JBNSRES.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\ftpxext.dll
c:\program files\SmartFTP Client 2.0\smarthook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXEV.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-09-14 00:19:29 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-14 04:19
ComboFix2.txt 2011-09-14 01:29
ComboFix3.txt 2011-09-13 05:20
ComboFix4.txt 2011-09-13 03:28
.
Pre-Run: 24,054,390,784 bytes free
Post-Run: 24,038,445,056 bytes free
.
- - End Of File - - 3B2848CA2B0EBD210B1495147C499ED8
  • 0

#39
bdjsb7
Posted 14 September 2011 - 03:52 AM

bdjsb7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
In the mean time (before I went to bed), I ran an Avast scan.
It found six infected items, all in the system volume info \ restore area.
I assume that's a good thing.

I had it "do nothing" to these, fearing messing anything up.
  • 0

#40
RKinner
Posted 14 September 2011 - 09:04 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Stuff in System Restore archives which is what you found can be deleted. Since things are running more or less let's clear the archives:

Follow Jim's procedure here:
http://aumha.net/vie...581099691bf108f

Were you able to unzip and install the last attachment?

Ron
  • 0

Advertisements

#41
bdjsb7
Posted 14 September 2011 - 10:05 AM

bdjsb7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Oh, yes.
The .dll copied over (it did not previously exist) and the registry merge worked without a problem.

I'll clear the archives once I'm home in a few hours.

Does that look to be everything?
In your opinion, should I simply keep Avast running and updated, or is McAfee VirusScan a more powerful product? My license comes from my employer... but I do like that Avast seems to be clogging my resources less.

Thank you so very much for your time. My experience here has been an amazing one.
  • 0

#42
RKinner
Posted 14 September 2011 - 10:58 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I really do not like McAfee. It seems to be one of the weakest anti-viruses around so I'd stay with Avast if you can. It's really improved a lot since they hired the guy who wrote the gmer anti-rootkit program and it was already better than McAfee in most tests.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot.

Could you run OTL
select the All option in the Extra Registry group then Run Scan.
You should get two logs. Please copy and paste both of them.


Last time I looked you were still running XP SP2. You really need to be at SP3 since SP2 is not longer supported at all. Running SP2 you will get a lot more of these infections.

If this is an AMD CPU then you need to get KB953356:
http://www.microsoft...ang=en&id=23751
and install it first.


You should be offered the SP3 update from Windows Updates (in IE, Tools or Security then Windows Updates) but if not you can get it from:
http://technet.micro...indows/bb794714

Ron
  • 0

#43
bdjsb7
Posted 14 September 2011 - 05:11 PM

bdjsb7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
OTL logfile created on: 9/14/2011 6:23:36 PM - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Justin\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.73 Mb Total Physical Memory | 569.95 Mb Available Physical Memory | 55.73% Memory free
2.41 Gb Paging File | 2.11 Gb Available in Paging File | 87.86% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 23.29 Gb Free Space | 20.84% Space Free | Partition Type: NTFS
Drive K: | 232.88 Gb Total Space | 52.71 Gb Free Space | 22.63% Space Free | Partition Type: NTFS

Computer Name: BDJSB7X | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/14 18:12:45 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Justin\My Documents\Downloads\OTL (1).exe
PRC - [2011/09/06 16:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/09/03 08:28:25 | 001,017,912 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/14 15:17:31 | 001,562,112 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11091401\algo.dll
MOD - [2011/09/14 08:44:51 | 000,208,544 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11091401\aswRep.dll
MOD - [2011/09/03 08:28:23 | 000,400,440 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\ppgooglenaclpluginchrome.dll
MOD - [2011/09/03 08:28:22 | 004,118,072 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\pdf.dll
MOD - [2011/09/03 08:27:18 | 000,300,088 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\Locales\en-US.dll
MOD - [2011/09/03 08:26:51 | 000,104,520 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\avutil-50.dll
MOD - [2011/09/03 08:26:49 | 000,203,848 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\avformat-52.dll
MOD - [2011/09/03 08:26:48 | 001,846,344 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\avcodec-52.dll
MOD - [2006/05/14 00:23:40 | 000,138,752 | ---- | M] () -- C:\Program Files\7-Zip\7-zip.dll
MOD - [2004/06/20 19:17:22 | 000,121,344 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2000/05/17 15:04:54 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\PRTmate.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (TomTomHOMEService)
SRV - File not found [Auto | Stopped] -- -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - File not found [Auto | Stopped] -- -- (MDM)
SRV - File not found [Disabled | Stopped] -- -- (McTaskManager)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - File not found [Disabled | Stopped] -- -- (McAfeeFramework)
SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Auto | Stopped] -- -- (InCDsrv)
SRV - File not found [Auto | Stopped] -- -- (FlipShare Service)
SRV - File not found [Auto | Stopped] -- -- (dsNcService)
SRV - File not found [Auto | Stopped] -- -- (Bonjour Service)
SRV - File not found [Auto | Stopped] -- -- (Apple Mobile Device)
SRV - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)


========== Driver Services (SafeList) ==========

DRV - [2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 16:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 16:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/12 16:10:02 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2008/07/09 06:05:48 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/07/09 06:05:48 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/04/04 14:49:04 | 000,136,832 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH8000.sys -- (SaiH8000)
DRV - [2007/12/11 14:42:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/01/31 09:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007/01/18 08:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln)
DRV - [2005/10/15 21:15:41 | 000,027,171 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2005/10/08 18:22:38 | 000,071,512 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toywdm.sys -- (JL2005)
DRV - [2005/09/26 01:08:10 | 000,125,568 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avcgbdr.sys -- (avcgbdr)
DRV - [2005/07/28 04:28:10 | 000,019,712 | ---- | M] (Adaptec, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avcgbfl.sys -- (avcgbfl)
DRV - [2005/04/24 22:43:58 | 000,013,225 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Razerlow.sys -- (Razerlow)
DRV - [2004/10/08 07:59:12 | 000,326,656 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2004/10/08 07:57:50 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/08/06 02:26:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3)
DRV - [2004/07/17 05:24:20 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/04/07 15:11:00 | 000,038,860 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2004/04/07 15:11:00 | 000,019,908 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2003/06/30 10:51:24 | 000,028,208 | ---- | M] (Ahead Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass)
DRV - [2003/06/30 10:51:00 | 000,086,496 | ---- | M] () [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\incdfs.sys -- (InCDfs)
DRV - [2003/01/27 16:37:38 | 000,286,512 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/01/21 05:38:12 | 000,139,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HAP16V2K.SYS -- (hap16v2k)
DRV - [2003/01/07 05:03:42 | 000,822,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/01/06 03:24:12 | 000,012,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2003/01/06 03:05:14 | 000,184,656 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/12/19 02:06:02 | 000,116,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/12/19 02:05:52 | 000,135,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2002/12/19 02:05:32 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS -- (ctprxy2k)
DRV - [2002/12/19 02:05:12 | 000,497,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/12/19 02:03:42 | 000,135,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAC32K.SYS -- (ctac32k)
DRV - [2002/11/12 06:38:38 | 000,016,432 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)
DRV - [2001/08/23 15:00:00 | 000,022,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2000/12/12 15:45:52 | 000,008,679 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCI0PL.SYS -- (PLSCSI)
DRV - [2000/12/12 15:41:54 | 000,021,510 | ---- | M] ( ) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SCI1PL.SYS -- (USBAtapi2000)
DRV - [2000/04/18 00:53:50 | 000,112,624 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dvc325.sys -- (DCamUSBLTN)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Justin\Application Data\Move Networks\plugins\npqmp071500000347.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Justin\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Justin\Application Data\Move Networks\plugins\npqmp071500000347.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/04 19:37:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/09/13 01:34:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Justin\Application Data\Move Networks [2009/05/18 17:27:26 | 000,000,000 | ---D | M]

[2011/01/18 12:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Justin\Application Data\Mozilla\Extensions
[2011/01/18 12:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Justin\Application Data\Mozilla\Extensions\[email protected]
[2011/08/28 23:53:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\o26fuz9n.default\extensions
[2009/08/07 21:25:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\o26fuz9n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/09 19:53:24 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\o26fuz9n.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/08/31 02:31:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/30 20:58:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/03/30 20:57:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/05/28 17:15:00 | 000,110,592 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2006/02/02 15:56:00 | 000,225,280 | ---- | M] (Virtools SA) -- C:\Program Files\mozilla firefox\plugins\npvirtools.dll

O1 HOSTS File: ([2011/09/14 00:10:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PaltalkWebLogin) - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll (AVM Software Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - File not found
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: frame.crazywinnings.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Ranges: Range1 ([*] in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akama...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1159395208484 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://download.game...aploader_v5.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E5FB9FD-EF7B-49B1-BEC9-50AF68A889E3}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/03 16:07:01 | 000,002,247 | ---- | M] () - C:\AutoAssault.log -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/14 18:04:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/14 02:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\Virus Tools 2011
[2011/09/14 00:19:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/09/13 01:34:50 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/09/13 01:34:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/09/13 01:34:49 | 000,320,856 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/09/13 01:34:47 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/09/13 01:34:46 | 000,442,200 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/09/13 01:34:46 | 000,052,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/09/13 01:34:44 | 000,110,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/09/13 01:34:44 | 000,104,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/09/13 01:34:44 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/09/13 01:34:27 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/09/13 01:34:26 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/09/13 01:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/09/13 01:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/09/13 01:29:50 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011/09/12 21:38:59 | 000,454,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/09/12 21:32:57 | 000,000,000 | ---D | C] -- C:\George
[2011/09/12 00:35:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/11 12:06:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmp
[2011/09/08 18:18:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/08 18:18:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/08 18:18:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/08 18:18:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/08 18:13:55 | 004,207,571 | R--- | C] (Swearware) -- C:\Documents and Settings\Justin\Desktop\George.exe
[2011/09/08 18:05:26 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/09/06 19:20:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Start Menu\Programs\HiJackThis
[2011/09/06 07:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG Anti-Rootkit Free
[2011/09/06 07:06:30 | 000,003,968 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgArCln.sys
[2011/09/06 07:06:26 | 000,000,000 | ---D | C] -- C:\Program Files\GRISOFT
[2011/09/01 18:36:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Justin\Recent
[2011/09/01 07:50:32 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/01 07:50:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/01 07:50:25 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/01 07:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/01 07:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\Current pass
[2011/08/31 21:12:00 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/08/31 21:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\log
[2011/08/31 21:11:59 | 000,065,808 | ---- | C] (trend_company_name) -- C:\WINDOWS\System32\drivers\tmrkb.sys
[2011/08/31 20:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Start Menu\Programs\Google Chrome
[2011/08/27 19:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\Jaggery and Fox
[2011/08/26 10:48:07 | 000,000,000 | ---D | C] -- C:\iPod Photo Cache
[2003/09/03 18:26:18 | 000,021,510 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\SCI1PL.SYS
[2003/09/03 18:26:18 | 000,008,679 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\SCI0PL.SYS
[2003/08/26 18:43:04 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[56 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[1912 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[18 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/14 18:20:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/14 18:20:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/14 18:19:56 | 000,087,446 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/09/14 18:19:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/14 18:19:46 | 1072,484,352 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/14 18:18:50 | 000,030,180 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000002-00001102-00000004-10071102}.rfx
[2011/09/14 18:18:50 | 000,030,180 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000002-00001102-00000004-10071102}.rfx
[2011/09/14 18:18:50 | 000,030,168 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000002-00001102-00000004-10071102}.rfx
[2011/09/14 18:18:50 | 000,030,168 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000002-00001102-00000004-10071102}.rfx
[2011/09/14 18:18:50 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/09/14 18:18:50 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/09/14 18:18:50 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-10071102}.dat
[2011/09/14 18:18:50 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-10071102}.dat
[2011/09/14 06:43:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003UA.job
[2011/09/14 06:42:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/14 00:10:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/13 20:48:21 | 004,207,571 | R--- | M] (Swearware) -- C:\Documents and Settings\Justin\Desktop\George.exe
[2011/09/13 20:43:01 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003Core.job
[2011/09/13 01:34:50 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/09/13 01:34:45 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/09/11 11:46:01 | 000,000,512 | ---- | M] () -- C:\MBR_backup.dat
[2011/09/10 08:29:52 | 000,000,281 | -H-- | M] () -- C:\boot.ini
[2011/09/08 07:14:25 | 000,454,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/09/08 00:24:39 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/09/08 00:24:32 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/07 22:44:50 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\Google Chrome.lnk
[2011/09/07 22:44:50 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/06 16:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/09/06 16:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/09/06 16:36:23 | 000,110,552 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/09/06 16:36:20 | 000,104,536 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/09/06 16:33:11 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/08/31 21:11:59 | 000,065,808 | ---- | M] (trend_company_name) -- C:\WINDOWS\System32\drivers\tmrkb.sys
[2011/08/31 21:11:58 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/08/31 20:57:50 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\housecall.guid.cache
[1912 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[18 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/13 01:34:50 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/09/11 11:46:01 | 000,000,512 | ---- | C] () -- C:\MBR_backup.dat
[2011/09/09 07:09:37 | 1072,484,352 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/08 18:18:46 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/08 18:18:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/08 18:18:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/08 18:18:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/08 18:18:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/31 20:57:50 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\housecall.guid.cache
[2011/08/31 20:39:20 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\Google Chrome.lnk
[2011/08/31 20:39:20 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/31 20:38:15 | 000,000,982 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003UA.job
[2011/08/31 20:38:15 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-725345543-1003Core.job
[2011/02/18 06:54:29 | 000,000,185 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/24 13:12:22 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/31 14:02:57 | 000,063,900 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/18 14:34:50 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\mcs.rma
[2009/08/18 14:34:50 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\D031BF
[2009/08/09 10:58:42 | 000,000,943 | ---- | C] () -- C:\WINDOWS\TATCALL.INI
[2009/08/09 10:58:42 | 000,000,020 | ---- | C] () -- C:\WINDOWS\TATVER.INI
[2009/08/09 10:58:41 | 000,000,260 | ---- | C] () -- C:\WINDOWS\TATUNINS.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/01 20:12:10 | 000,001,697 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\Juniper Network Connect 6.3.0.ini
[2009/05/05 12:08:06 | 000,000,119 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
[2009/05/04 18:49:55 | 000,000,043 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2008/11/16 21:05:00 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/13 20:27:35 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/11/13 20:27:35 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/11/13 20:27:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/11/13 20:27:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/11/13 20:27:35 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/11/13 20:27:35 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/10/19 09:53:40 | 000,000,060 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/07/25 00:39:42 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/07/15 19:29:28 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/04/04 14:49:04 | 001,282,048 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000.Dll
[2008/04/04 14:49:04 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_0C.dll
[2008/04/04 14:49:04 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_10.dll
[2008/04/04 14:49:04 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_0A.dll
[2008/04/04 14:49:04 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_07.dll
[2008/04/04 14:49:04 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_09.dll
[2008/04/04 14:49:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_0402.dll
[2008/04/04 14:49:04 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_11.dll
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/10/15 21:05:47 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
[2007/03/03 07:12:44 | 000,000,473 | ---- | C] () -- C:\WINDOWS\vsp.ini
[2007/02/14 21:46:25 | 000,000,123 | ---- | C] () -- C:\WINDOWS\win96.INI
[2007/02/14 19:17:46 | 000,000,065 | ---- | C] () -- C:\WINDOWS\namedts.INI
[2007/01/30 20:31:46 | 000,002,795 | ---- | C] () -- C:\WINDOWS\EaseAudioConverter.ini
[2007/01/24 19:21:32 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/01/22 21:01:28 | 000,003,885 | ---- | C] () -- C:\WINDOWS\SCWRITER.INI
[2006/09/17 01:37:30 | 000,080,384 | ---- | C] () -- C:\WINDOWS\gamedelete.exe
[2006/07/09 23:36:01 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\UnCasino5.exe
[2006/04/14 11:37:26 | 000,000,032 | ---- | C] () -- C:\WINDOWS\aceg.ini
[2006/03/25 09:05:25 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/03/13 16:19:23 | 000,006,812 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/03/13 16:05:18 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2006/03/09 09:01:20 | 000,001,603 | ---- | C] () -- C:\WINDOWS\kd330lan.ini
[2006/03/09 09:01:20 | 000,001,403 | ---- | C] () -- C:\WINDOWS\Dvc325.ini
[2006/01/14 11:57:56 | 000,002,564 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/27 13:24:31 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/12/18 14:02:27 | 000,090,624 | ---- | C] () -- C:\WINDOWS\VSUNINST.EXE
[2005/10/16 20:23:27 | 000,096,768 | ---- | C] () -- C:\WINDOWS\System32\UnPoker.exe
[2005/07/08 14:26:09 | 000,000,032 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/06/21 23:57:21 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/06/03 09:21:42 | 001,456,640 | ---- | C] () -- C:\Program Files\Common Files\Auto Assault.msi
[2005/05/12 00:34:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/05/12 00:34:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2005/05/12 00:34:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/05/12 00:34:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2005/05/12 00:34:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/05/12 00:34:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/05/12 00:34:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/05/12 00:34:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2005/05/12 00:34:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2005/05/12 00:34:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/04/13 19:11:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/04/13 19:11:23 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/04/13 19:11:11 | 000,006,400 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/03/28 22:13:30 | 000,000,003 | ---- | C] () -- C:\WINDOWS\sw_app.sys
[2005/03/28 22:13:30 | 000,000,003 | ---- | C] () -- C:\WINDOWS\approval.dat
[2005/03/28 22:13:03 | 000,000,003 | ---- | C] () -- C:\WINDOWS\sw_ver.dat
[2005/01/17 08:32:50 | 000,002,840 | ---- | C] () -- C:\WINDOWS\System32\vp.dat
[2005/01/17 08:32:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\vg.dat
[2005/01/17 08:32:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\v.dat
[2005/01/15 17:02:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lqybd.dat
[2005/01/04 22:51:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\apiyi.exe
[2005/01/02 11:19:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sysxq.exe
[2004/12/26 23:26:25 | 000,000,125 | ---- | C] () -- C:\WINDOWS\WinFrotz.INI
[2004/12/20 08:08:04 | 000,001,234 | ---- | C] () -- C:\WINDOWS\ARCHPR.INI
[2004/12/19 09:05:53 | 000,000,021 | ---- | C] () -- C:\WINDOWS\progman.ini
[2004/12/19 09:05:41 | 000,000,082 | ---- | C] () -- C:\WINDOWS\swcmpc.ini
[2004/12/18 10:33:28 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2004/11/19 00:37:34 | 000,000,292 | ---- | C] () -- C:\WINDOWS\vtmb.ini
[2004/11/18 23:12:27 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/09/26 09:19:27 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/24 08:34:26 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\fusioncache.dat
[2004/07/31 16:07:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/07/19 18:14:44 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2004/07/19 18:14:42 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/05/23 19:52:44 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/04/21 23:37:39 | 000,000,167 | ---- | C] () -- C:\WINDOWS\Recorder.dat
[2004/03/13 10:00:02 | 000,087,040 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2004/03/12 18:17:59 | 000,000,103 | ---- | C] () -- C:\WINDOWS\BJ.INI
[2004/02/28 01:20:15 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2004/02/22 21:55:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MOTO.INI
[2004/02/21 10:13:04 | 000,000,017 | ---- | C] () -- C:\WINDOWS\BICYCLE.INI
[2004/02/21 10:11:50 | 000,000,332 | ---- | C] () -- C:\WINDOWS\BP.INI
[2004/02/21 10:05:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BA.INI
[2003/09/25 06:46:39 | 000,000,070 | ---- | C] () -- C:\WINDOWS\nero.INI
[2003/09/13 07:38:51 | 000,220,160 | ---- | C] () -- C:\WINDOWS\PRINTERS.EXE
[2003/09/13 07:38:51 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\PRTmate.dll
[2003/09/07 14:47:41 | 000,115,085 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/09/07 07:29:09 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/09/06 11:47:13 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wa.INI
[2003/09/06 10:38:51 | 000,000,761 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2003/09/06 08:52:49 | 000,001,645 | ---- | C] () -- C:\WINDOWS\yahtzee.ini
[2003/09/04 22:04:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2003/09/04 18:57:53 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2003/09/03 20:33:05 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/09/03 18:31:51 | 000,001,110 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2003/08/28 15:10:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/27 09:17:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/08/27 09:13:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/08/27 09:05:42 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2003/08/27 09:05:42 | 000,002,398 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/08/27 09:05:29 | 000,444,286 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/08/27 09:05:29 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/08/27 09:05:29 | 000,072,440 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/08/27 09:05:29 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/08/27 09:05:28 | 000,004,742 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/08/27 09:05:27 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/08/27 09:05:27 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/08/27 09:05:25 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/08/27 09:05:25 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/08/27 09:05:20 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/08/27 09:05:18 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/08/27 02:09:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/08/27 02:08:39 | 000,278,944 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/08/26 18:49:01 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-10071102}.dat
[2003/08/26 18:49:01 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-10071102}.dat
[2003/08/26 18:43:59 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2003/08/26 18:43:58 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2003/08/26 18:43:17 | 000,066,980 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2003/08/26 18:43:17 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/08/26 18:43:13 | 000,248,091 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2003/08/26 18:43:13 | 000,232,723 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2003/08/26 18:43:13 | 000,224,644 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2003/08/26 18:43:13 | 000,190,720 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2003/08/26 18:43:13 | 000,138,816 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2003/08/26 18:43:13 | 000,110,820 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2003/08/26 18:43:13 | 000,053,674 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2003/08/26 18:43:08 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2003/08/26 18:43:08 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2003/08/26 18:43:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2003/08/26 18:43:08 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2003/08/26 18:43:08 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2003/08/26 18:42:56 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2003/08/26 18:42:45 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2003/08/26 18:41:48 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/08/26 18:24:09 | 000,007,264 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2003/08/26 18:23:50 | 000,086,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\incdfs.sys
[2003/08/19 16:22:19 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.DLL
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/07 00:19:16 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2001/08/23 15:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2000/03/29 22:00:00 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
[1999/10/23 18:29:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\UNRAR.DLL
[1999/08/11 15:28:02 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\LIBBZ2.DLL
[1999/05/21 21:10:00 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1998/01/28 00:06:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
[1997/11/17 18:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93F3E4C9
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:364682BC

< End of report >

OTL Extras logfile created on: 9/14/2011 6:23:36 PM - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Justin\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.73 Mb Total Physical Memory | 569.95 Mb Available Physical Memory | 55.73% Memory free
2.41 Gb Paging File | 2.11 Gb Available in Paging File | 87.86% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 23.29 Gb Free Space | 20.84% Space Free | Partition Type: NTFS
Drive K: | 232.88 Gb Total Space | 52.71 Gb Free Space | 22.63% Space Free | Partition Type: NTFS

Computer Name: BDJSB7X | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\System32\Mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SmartFTP\SmartFTP.exe" = C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP -- (SmartFTP)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe" = C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0 -- (SmartSoft Ltd.)
"C:\Program Files\Joost\xulrunner\tvprunner.exe" = C:\Program Files\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner -- (Joost Technologies B.V.)
"C:\Program Files\Steam\SteamApps\bdjsb7\rag doll kung fu demo\Rag_Doll_Kung_Fu_Steam.exe" = C:\Program Files\Steam\SteamApps\bdjsb7\rag doll kung fu demo\Rag_Doll_Kung_Fu_Steam.exe:*:Enabled:Rag Doll Kung Fu Demo -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015ED318-48FE-4F7F-A7D5-D9BC77D3263E}" = Visual C++ 2005 Express Edition Beta - English
"{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies™
"{11C762F9-95EA-486A-A8E7-683A50C231C1}" = SmartFTP
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1A91D1FA-B9B3-4556-9878-5C61059A19B2}" = InterVideo DVD
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{204752E3-4202-11D4-8586-0050DA635DCF}" = Carmageddon TDR2000
"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{284CF4B8-4055-4D2E-BC04-5ADD7AA10E3D}" = The Movies™ 1.1 Patch
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C662203-292F-4E9D-AE02-281071C06903}" = Far Cry (Patch 1.33)
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{42095863-98D1-4A49-BDF8-638DE8A5F316}" = Sound Blaster Audigy 2
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{4FFB0B3B-BF82-4248-A275-630AC5F7EFC5}" = Adobe Photoshop Lightroom 2.4
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59AD52AA-2E3A-47B6-A3FA-D4C8C38A7FE5}" = Auto Assault
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = PlayNC Launcher
"{66F324A1-BDC0-11D7-9E5C-00D0B76A8705}" = Creative NOMAD Jukebox Zen Xtra
"{67D15B01-9A6B-0397-002A-D2A015212748}" = FlipShare
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C08753F-2A90-494A-BD09-E3F222B2BDCA}" = USB-IDE Bridge Driver
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{757A7F5D-F9A1-4DC5-8738-C0A31C658BC8}" = McAfee Agent
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{85DC9962-BB64-4C13-B079-1F5566C81BE7}" = Visual C# 2005 Express Edition Beta - English
"{89AD2814-AFA2-46AF-AE53-C27196D9FBE6}" = InterVideo TV
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{97573806-3C00-4CE0-9D31-3925DD845DCE}" = Freedom Force® vs The 3rd Reich
"{98786147-80E3-41A5-A80C-1F3C028558CF}" = Hearts of Iron 2
"{A1D90367-F510-49A7-A06C-03EFEFF6DB0D}" = FTP Explorer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABEB838C-A1A7-4C5D-B7E1-8B4314600203}" = MSN Messenger 6.1
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{C06A7DAC-1708-417C-B694-28C84DFE2DF9}" = The Movies™ Stunts & Effects
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C169D3BB-9A27-43F5-9979-09A0D65FE95C}" = SmartFTP Client 2.0
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D6D5CFB3-7095-4073-B6B7-B7E909838C57}" = Razer Pro|Solutions
"{D792A069-B96B-40BA-BCB4-E5651A6E5926}" = Far Cry (Patch 1)
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{D896FA08-E11B-48BB-BE48-EB0A87AC96FE}" = Hoyle Casino 3D
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EE8592F6-FC2B-4AFD-B527-109D127C039F}" = Far Cry (Patch 1.31)
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F1AB76C0-333F-11D5-BF46-0002B306C443}" = 3D Ultra Pinball Thrillride
"{F7514465-E5F3-48E9-A952-327DAEF33DE6}" = InterVideo Home Theater
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF70923C-8A51-47F4-A7E9-893C6D54EB68}" = TES Construction Set
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"7-Zip" = 7-Zip 4.42
"8461-7759-5462-8226" = Vuze
"Abuse for Windows - Full" = Abuse for Windows - Full
"Addiction Pinball" = Addiction Pinball
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Ambush Pack for Pocket Tanks Deluxe_is1" = Ambush Pack 1.00 for Pocket Tanks Deluxe
"AOL Instant Messenger" = AOL Instant Messenger
"Armagetron Advanced" = Armagetron Advanced 0.2.8.2.1.gcc
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"AVGantiRootkit" = AVG Anti-Rootkit Free
"balldroppings" = balldroppings
"Base Invaders_is1" = Base Invaders Alpha Release
"Battle for Wesnoth_is1" = Battle for Wesnoth 1.1.8
"BFGC" = Big Fish Games Client
"BFG-Fairway Solitaire" = Fairway Solitaire
"Bonus Pack for Super DX-Ball Deluxe_is1" = Bonus Pack v1.0 for Super DX-Ball Deluxe
"Bubble Bobble TNA" = Bubble Bobble TNA
"CDisplay_is1" = CDisplay 1.7
"Chaos Pack for Pocket Tanks Deluxe_is1" = Chaos Pack 1.00 for Pocket Tanks Deluxe
"CHOLO" = CHOLO
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"conduitEngine" = Conduit Engine
"CopyTrans Suite" = CopyTrans Suite (remove only)
"Cpt. Binary_is1" = Cpt. Binary
"Creative Jukebox Driver" = Creative Jukebox Driver
"Dark Oberon" = Dark Oberon
"De_Blob_EN" = De Blob (alleen verwijderen)
"Ease Audio Converter_is1" = Ease Audio Converter 4.10
"Escape Rosecliff Island 1.0.0.2" = Escape Rosecliff Island 1.0.0.2
"Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1" = NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up
"Exif Farm" = Exif Farm
"ExpressBurn" = Express Burn
"ExpressRip" = Express Rip
"Fallout" = Fallout
"FileZilla Client" = FileZilla Client 3.3.4.1
"Flamethrower Pack for Pocket Tanks Deluxe_is1" = Flamethrower Pack 1.00 for Pocket Tanks Deluxe
"Flickr Uploadr" = Flickr Uploadr 2.5.0.15
"Fraps" = Fraps (remove only)
"FriendlyNET" = FriendlyNET
"Future Pinball_is1" = Future Pinball
"Fuzz Pack for Pocket Tanks Deluxe_is1" = Fuzz Pack v1.0 for Pocket Tanks Deluxe
"GameBiz 2_is1" = GameBiz 2 Uninstall
"GameSpy Arcade" = GameSpy Arcade
"GEARDrivers" = GEAR Drivers
"Gish Demo" = Gish Demo
"GoldWave v5.06" = GoldWave v5.06
"Gravity Pack for Pocket Tanks Deluxe_is1" = Gravity Pack v1.1 for Pocket Tanks Deluxe
"Guild Wars" = Guild Wars
"Harmotionv0.21" = Harmotion
"Hoyle Casino 2007" = Hoyle Casino 2007 (remove only)
"InCD!UninstallKey" = Ahead InCD
"InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies™ Stunts & Effects
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{97573806-3C00-4CE0-9D31-3925DD845DCE}" = Freedom Force® vs The 3rd Reich
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 1.6
"JL2005A Camera_is1" = Uninstall JL2005A Camera
"Joost" = Joost ™ Beta 1.0
"Juniper Network Connect 6.4.0" = Juniper Networks Network Connect 6.4.0
"Juniper Network Connect 7.0.0" = Juniper Networks Network Connect 7.0.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"King's Quest 1 VGA" = King's Quest 1 VGA
"King's Quest 1 VGA Music Pack" = King's Quest 1 VGA Music Pack
"King's Quest 1 VGA Speech Pack" = King's Quest 1 VGA Speech Pack
"King's Quest 2 VGA" = King's Quest 2 VGA
"King's Quest 2 VGA Digital Music Pack" = King's Quest 2 VGA Digital Music Pack
"King's Quest 2 VGA Speech Pack" = King's Quest 2 VGA Speech Pack
"Kodak DVC325 Digital Video Camera Software" = Kodak DVC325 Digital Video Camera Software Installation
"Launch of the Screaming Narwhal" = Tales of Monkey Island - Launch of the Screaming Narwhal
"Logitech Print Service" = Logitech Print Service
"Lugaru_is1" = Lugaru v1.03
"Magic ISO Maker v4.2 (build 0091)" = Magic ISO Maker v4.2 (build 0091)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Maniac Mansion Deluxe" = Maniac Mansion Deluxe
"Meteor Pack for Pocket Tanks Deluxe_is1" = Meteor Pack 1.00 for Pocket Tanks Deluxe
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixPad" = MixPad
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSwap Tool" = MSwap Tool
"myFairTunes_is1" = myFairTunes v.7.0.2
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = Ahead NeroVision Express
"Nuke Pack for Pocket Tanks Deluxe_is1" = Nuke Pack 1.00 for Pocket Tanks Deluxe
"NVIDIA Drivers" = NVIDIA Drivers
"PalTalk8.2" = Paltalk Messenger
"Phun_is1" = Phun beta 3.0
"Pinball Arcade 1.0" = Microsoft Pinball Arcade
"Plants vs. Zombies" = Plants vs. Zombies
"Pocket Tanks Deluxe_is1" = Pocket Tanks Deluxe v1.2
"Power Pack for Pocket Tanks Deluxe_is1" = Power Pack 1.00 for Pocket Tanks Deluxe
"PowerArchiver" = PowerArchiver
"PowerISO" = PowerISO
"PROSet" = Intel® PRO Network Adapters and Drivers
"Pure Pinball" = Pure Pinball
"QcDrv" = Logitech® Camera Driver
"RealPlayer 6.0" = RealPlayer
"Scrabble" = Scrabble
"SEGA Swirl" = SEGA Swirl
"Shockwave" = Shockwave
"SHOUTcastDSP" = SHOUTcast Source DSP 1.8.2 (remove only)
"Sierra Utilities" = Sierra Utilities
"Slice" = Slice Uninstall
"Slingo" = Slingo
"SmartFTP Client 2.0 Setup Files" = SmartFTP Client 2.0 Setup Files (remove only)
"Snowball Pack for Pocket Tanks Deluxe_is1" = Snowball Pack v1.1 for Pocket Tanks Deluxe
"Soulseek" = SoulSeek Client 156c
"ST6UNST #1" = Arcade@Home v0.37b
"ST6UNST #2" = MAME Classic
"Steam" = Steam
"Super DX-Ball Deluxe_is1" = Super DX-Ball Deluxe v1.1
"Super DX-Ball_is1" = Super DX-Ball v1.00
"Super Mario: Blue Twilight DX (v1.04.1)" = Super Mario: Blue Twilight DX (v1.04.1)
"Super Pack for Pocket Tanks Deluxe_is1" = Super Pack v1.11 for Pocket Tanks Deluxe
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 2 Server_is1" = TeamSpeak 2 Server RC2
"The Silver Lining_is1" = TSL Alpha Demo - Public Demo RC1
"The Ur-Quan Masters" = The Ur-Quan Masters 0.5.0
"TomTom HOME" = TomTom HOME 2.8.0.2146
"Toshiba AutoTask" = Toshiba AutoTask
"Treasure Pack for Super DX-Ball Deluxe_is1" = Treasure Pack v1.0 for Super DX-Ball Deluxe
"TSDisp" = TSDisp
"UFRaw_is1" = UFRaw 0.14.1
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"Visual C# 2005 Express Edition Beta - English" = Visual C# 2005 Express Edition Beta - English
"Visual C++ 2005 Express Edition Beta - English" = Visual C++ 2005 Express Edition Beta - English
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinRAR archiver" = WinRAR archiver
"Within a Deep Forest_is1" = Within a Deep Forest 1.1.1
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"Yahoo! Messenger" = Yahoo! Messenger
"Yahtzeev1" = Yahtzee
"YASA Audio/Data/Video CD Burner v4.2.80" = YASA Audio/Data/Video CD Burner v4.2.80
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 9/14/2011 6:20:16 PM | Computer Name = BDJSB7X | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%2

Error - 9/14/2011 6:20:16 PM | Computer Name = BDJSB7X | Source = Service Control Manager | ID = 7003
Description = The McAfee McShield service depends on the following nonexistent service:
mfevtp

Error - 9/14/2011 6:20:16 PM | Computer Name = BDJSB7X | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 9/14/2011 6:20:16 PM | Computer Name = BDJSB7X | Source = Service Control Manager | ID = 7000
Description = The Machine Debug Manager service failed to start due to the following
error: %%2

Error - 9/14/2011 6:20:16 PM | Computer Name = BDJSB7X | Source = Service Control Manager | ID = 7000
Description = The SupportSoft Sprocket Service (ddoctorv2) service failed to start
due to the following error: %%2

Error - 9/14/2011 6:20:16 PM | Computer Name = BDJSB7X | Source = Service Control Manager | ID = 7000
Description = The TomTomHOMEService service failed to start due to the following
error: %%2

Error - 9/14/2011 6:20:16 PM | Computer Name = BDJSB7X | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 9/14/2011 6:20:19 PM | Computer Name = BDJSB7X | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
mfehidk mfetdik

Error - 9/14/2011 6:20:20 PM | Computer Name = BDJSB7X | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service iPod Service with
arguments "-Service" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 9/14/2011 6:20:20 PM | Computer Name = BDJSB7X | Source = Service Control Manager | ID = 7000
Description = The iPod Service service failed to start due to the following error:
%%2


< End of report >
  • 0

#44
bdjsb7
Posted 14 September 2011 - 06:03 PM

bdjsb7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Oh, and on the subject of SP3

Since it first came out, I have been unable to update to SP3. I get an access denied error after it has begun installing. I then get a setup error where it tells me the installation did not complete and to select OK to undo the changes that have been made.
I spent a long time trying to coax it into working, but eventually gave up with the hope that careful habits and updating everything else would keep me safe. That hasn't worked out for the best, unfortunately.
Do you know any tricks to get SP3 to work? I have an Intel processor, so I did not run the bit you said was needed for an AMD CPU.

I just tried it again now, and the same error occurred.
  • 0

#45
RKinner
Posted 14 September 2011 - 06:35 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:

Java™ 6 Update 24
J2SE Runtime Environment 5.0 Update 4

Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.


Uninstall and if you use them get the latest versions and reinstall:
Adobe Reader 9.1
Apple Mobile Device Support
Bonjour
TomTom HOME 2.8.0.2146
Ahead InCD
Desktop Doctor

Just uninstall:
Conduit Engine
Vuze
AVG Anti-Rootkit Free
NOD32 v3.0.642 FiX1.2 by TemDono
McAfee VirusScan Enterprise
McAfee Agent

Lot of McAfee junk left. Download and save the McAfee Removal tool
http://download.mcaf...atches/MCPR.exe
Run the McAfee Removal tool.

For XP SP3
I would try to reset permissions.

http://www.winhelpon...-in-windows-xp/

then try it again. Make sure you shutdown Avast while trying to update:
Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted



Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP