Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unfound Rootkit - still problems

Started by Horaldo , Apr 20 2011 10:57 AM

  • This topic is locked This topic is locked

#1
Horaldo
Posted 20 April 2011 - 10:57 AM

Horaldo

    Member

  • Member
  • PipPip
  • 43 posts
Hello,

I've visited this site recently, reading other peoples topics with similar problems, however while following their steps I've been unable to completely clear my computer of the rookit problem. So I then ask for some personal help!

After attracting a rootkit infection. I've ran MalwareBytes,CCleaner, TFC,Combofix, online ESET scanner, Super AntiSpyware and attempted TDSSKiller.exe. I found many virus and cleared them, however I still have a problem that I assume will be caused by whatever remains.

I'm unable to shut down/reboot properly as I blue screen every time (which may be hindering removal process). TDSSKiller.exe since this infection has not been running (I've tried renaming and changing file extension). My internet explorer also takes more than one try to load properly, even using "Run As Administrator" (same for TDSSKiller).

EDIT : Forgot to mention that I cannot visit Windows Update site, and I cannot update using the typical method. Also, Avast comes up with a blocked malicious URL many times every so often. Usually starting with an IP address "199.80.55.80" and the process is svchost.exe.

Please find the OTL log below.

Thank you so much for any help you can give!

OTL logfile created on: 20/04/2011 17:44:37 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.25 Gb Total Space | 89.61 Gb Free Space | 30.77% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.42 Gb Free Space | 96.60% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/19 21:02:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2011/04/07 22:44:48 | 000,841,832 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/02/23 15:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 15:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/05/10 17:10:00 | 004,468,736 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/09/19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe


========== Modules (SafeList) ==========

MOD - [2011/04/19 21:02:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
MOD - [2011/02/23 15:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (YUVYOKUVMV)
SRV - File not found [Disabled | Stopped] -- -- (XXOFFCXWV)
SRV - File not found [Disabled | Stopped] -- -- (USBBQTOQ)
SRV - File not found [Disabled | Stopped] -- -- (QPVDAKVQ)
SRV - File not found [On_Demand | Stopped] -- -- (ID)
SRV - File not found [Disabled | Stopped] -- -- (CAIQBRIUJBLKQCKU)
SRV - File not found [Disabled | Stopped] -- -- (BLVJPHRPPC)
SRV - File not found [Auto | Stopped] -- -- (AMService)
SRV - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/02/23 15:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/05/03 22:26:00 | 002,711,854 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)


========== Driver Services (SafeList) ==========

DRV - [2011/04/18 18:27:05 | 000,024,448 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rkhdrv40.sys -- (rkhdrv40)
DRV - [2011/04/08 06:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/02/23 14:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 14:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 14:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 14:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 14:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/02/23 14:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/02 22:15:52 | 000,022,016 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\1UnHooker.sys -- (1UnHooker)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/07/22 20:13:20 | 000,028,592 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/05/14 23:05:27 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/11 22:04:06 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/02/22 12:40:38 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2008/01/19 06:55:21 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2008/01/14 11:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/03/27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006/12/06 12:41:16 | 000,044,416 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/11/02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\agrsm.sys -- (AgereSoftModem)
DRV - [2006/11/02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/02/07 12:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/08/30 17:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/08/30 17:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/08/30 17:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://go.microsoft..../?LinkId=69157"
FF - prefs.js..extensions.enabledItems: [email protected]:4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: {FFB13D48-ACE2-4638-8891-2AC3DB8B7827}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/03/27 17:27:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/10 13:10:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/27 13:15:41 | 000,000,000 | ---D | M]

[2011/04/05 19:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\txixir02.default\extensions
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\txixir02.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\txixir02.default\extensions\[email protected]
[2011/03/27 16:05:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/16 17:24:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/16 20:46:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/17 20:30:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/19 22:30:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2008/08/19 16:42:47 | 000,000,000 | ---D | M] (Veoh Browser Plug-in) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOH\PLUGINS\NOREG\VIDEOFINDER4
[2008/12/04 19:10:59 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
File not found (No name found) -- C:\USERS\CHRIS\APPDATA\LOCAL\{FFB13D48-ACE2-4638-8891-2AC3DB8B7827}
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/20 13:29:14 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

Hosts file not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [StereoLinksInstall] C:\Program Files\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - Reg Error: Value error. File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} http://www.netmarble...b/NMJTransX.cab (NMJTransX Control)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://webcam.salisb...sCamControl.cab (CamImage Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/19 22:22:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/19 22:22:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp
[2011/04/19 22:08:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/19 21:02:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/04/18 19:14:43 | 000,100,480 | ---- | C] (GMER) -- C:\fwtoqpod.sys
[2011/04/18 19:08:12 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\TDSSKiller.exe
[2011/04/18 18:16:34 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/04/17 22:22:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/17 22:22:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/17 22:22:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/17 22:22:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/17 22:22:25 | 000,000,000 | ---D | C] -- C:\blah123
[2011/04/17 22:18:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/17 22:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/04/17 20:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tizer™ Rootkit Razor
[2011/04/17 20:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Tizer™ Rootkit Razor
[2011/04/17 20:31:46 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\Users\Chris\Desktop\fsbl.exe
[2011/04/17 19:58:44 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011/04/17 19:49:28 | 000,056,400 | ---- | C] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2011/04/17 18:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/17 18:41:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/04/17 18:33:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Deployment
[2011/04/17 18:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2011/04/17 18:02:53 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/04/17 17:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/04/17 17:56:23 | 006,449,984 | ---- | C] (SurfRight B.V.) -- C:\Users\Chris\Desktop\HitmanPro35.exe
[2011/04/17 16:02:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\SUPERAntiSpyware.com
[2011/04/17 16:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/04/17 16:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/04/17 16:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/16 15:55:36 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/04/16 12:25:38 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\TFC.exe
[2011/04/16 12:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/15 23:34:45 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\WinRAR
[2011/04/09 10:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/04/09 10:23:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\DivX
[2011/04/05 20:00:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/05 20:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/05 20:00:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/05 19:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/04/05 19:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/05 19:04:31 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Threat Expert
[2011/04/05 18:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/04/05 18:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/04/05 18:29:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apps(32)
[2011/04/05 18:22:04 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Macromedia
[2011/04/05 18:19:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Temp(39)
[2011/04/05 18:19:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Adobe
[2011/04/05 18:13:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Google
[2011/04/05 00:03:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2011/04/04 23:56:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Adobe(41)
[2011/03/27 17:27:39 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/03/27 17:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/03/27 17:27:38 | 000,301,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/03/27 17:27:36 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/03/27 17:27:36 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/03/27 17:27:35 | 000,371,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/03/27 17:27:34 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/03/27 17:27:13 | 000,190,016 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/03/27 17:27:13 | 000,040,648 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/03/27 17:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/03/27 17:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2010/08/07 15:44:48 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Users\Chris\AppData\Roaming\REX Shared Library.dll
[2009/05/04 16:15:24 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Users\Chris\AppData\Roaming\Rewire.dll
[2007/03/12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2005/11/23 12:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[1 C:\Users\Chris\AppData\Local\*.tmp files -> C:\Users\Chris\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/20 17:39:26 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/20 17:39:26 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/20 17:34:26 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/20 17:34:21 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/20 17:34:21 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/20 17:34:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/20 17:34:04 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/20 17:34:03 | 289,642,952 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/19 23:22:11 | 001,006,778 | ---- | M] () -- C:\Users\Chris\Desktop\uSeRiNiT.exe
[2011/04/19 23:16:01 | 001,544,204 | ---- | M] () -- C:\Users\Chris\Desktop\ProcessExplorer.zip
[2011/04/19 23:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/19 23:08:53 | 000,629,057 | ---- | M] () -- C:\Users\Chris\Desktop\RkU3.8.388.590.rar
[2011/04/19 22:48:16 | 000,147,456 | ---- | M] () -- C:\Users\Chris\Desktop\catchme.exe
[2011/04/19 22:47:57 | 000,089,088 | ---- | M] () -- C:\Users\Chris\Desktop\mbr.exe
[2011/04/19 21:30:14 | 000,089,422 | ---- | M] () -- C:\Users\Chris\Documents\GGGGGGGGGGG.ods
[2011/04/19 21:02:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/04/19 20:19:45 | 216,035,328 | ---- | M] () -- C:\Users\Chris\Desktop\kav_rescue_10.iso
[2011/04/19 20:18:11 | 000,387,584 | ---- | M] () -- C:\Users\Chris\Desktop\rescue2usb.exe
[2011/04/19 20:02:36 | 000,000,000 | ---- | M] () -- C:\Users\Chris\AppData\Local\{35E258CB-1735-45A6-89A0-1F6CFD23EB25}
[2011/04/19 08:28:44 | 000,000,680 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2011/04/18 22:38:29 | 000,002,523 | ---- | M] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2011/04/18 19:24:12 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/18 19:14:43 | 000,100,480 | ---- | M] (GMER) -- C:\fwtoqpod.sys
[2011/04/18 18:30:22 | 000,001,646 | -HS- | M] () -- C:\Users\Chris\AppData\Local\ci256wkm68
[2011/04/18 18:30:22 | 000,001,646 | -HS- | M] () -- C:\ProgramData\ci256wkm68
[2011/04/18 18:27:37 | 000,001,642 | -HS- | M] () -- C:\ProgramData\3720874580
[2011/04/18 18:27:05 | 000,024,448 | ---- | M] () -- C:\Windows\System32\drivers\rkhdrv40.sys
[2011/04/18 18:10:57 | 000,000,552 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
[2011/04/17 20:56:36 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\Tizer™ Rootkit Razor.lnk
[2011/04/17 20:51:38 | 000,000,050 | ---- | M] () -- C:\Windows\wininit.ini
[2011/04/17 20:31:46 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\Users\Chris\Desktop\fsbl.exe
[2011/04/17 19:58:45 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011/04/17 19:49:28 | 000,056,400 | ---- | M] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2011/04/17 19:17:11 | 000,001,192 | ---- | M] () -- C:\Users\Chris\Documents\GGGGGGG.rtf
[2011/04/17 18:02:53 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/04/17 17:56:48 | 006,449,984 | ---- | M] (SurfRight B.V.) -- C:\Users\Chris\Desktop\HitmanPro35.exe
[2011/04/17 17:39:33 | 004,323,312 | R--- | M] () -- C:\Users\Chris\Desktop\blah123.com
[2011/04/17 16:02:13 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/16 15:26:17 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/04/16 15:26:17 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/04/16 15:25:58 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/04/16 12:25:48 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\TFC.exe
[2011/04/16 12:06:01 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\yevm.sys
[2011/04/16 09:34:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/04/16 09:34:37 | 000,001,834 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/16 09:13:45 | 000,007,404 | -HS- | M] () -- C:\Users\Chris\AppData\Local\b513h2vulke4
[2011/04/16 09:04:25 | 000,011,326 | -HS- | M] () -- C:\ProgramData\b513h2vulke4
[2011/04/16 09:02:18 | 000,001,542 | -HS- | M] () -- C:\ProgramData\1199018546
[2011/04/16 09:00:12 | 001,263,721 | ---- | M] () -- C:\Users\Chris\Desktop\tdsskiller.zip
[2011/04/10 23:38:26 | 000,025,088 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 06:14:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/04/08 06:14:00 | 000,004,755 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2011/04/05 20:00:54 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/05 19:38:34 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/04/05 18:09:18 | 000,012,014 | -HS- | M] () -- C:\Users\Chris\AppData\Local\346lk7y0gq48207188i58cy7wbt45c5
[2011/04/05 18:09:18 | 000,012,014 | -HS- | M] () -- C:\ProgramData\346lk7y0gq48207188i58cy7wbt45c5
[2011/03/30 18:28:40 | 000,034,935 | ---- | M] () -- C:\Users\Chris\Documents\C & B 4th Draft.wps.rtf
[2011/03/28 19:24:35 | 000,039,936 | ---- | M] () -- C:\Users\Chris\Documents\C & B 4th Draft.wps
[1 C:\Users\Chris\AppData\Local\*.tmp files -> C:\Users\Chris\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/19 23:22:01 | 001,006,778 | ---- | C] () -- C:\Users\Chris\Desktop\uSeRiNiT.exe
[2011/04/19 23:16:01 | 001,544,204 | ---- | C] () -- C:\Users\Chris\Desktop\ProcessExplorer.zip
[2011/04/19 23:08:53 | 000,629,057 | ---- | C] () -- C:\Users\Chris\Desktop\RkU3.8.388.590.rar
[2011/04/19 22:48:16 | 000,147,456 | ---- | C] () -- C:\Users\Chris\Desktop\catchme.exe
[2011/04/19 22:47:57 | 000,089,088 | ---- | C] () -- C:\Users\Chris\Desktop\mbr.exe
[2011/04/19 22:44:01 | 2145,902,592 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/19 21:53:47 | 289,642,952 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/19 20:18:11 | 000,387,584 | ---- | C] () -- C:\Users\Chris\Desktop\rescue2usb.exe
[2011/04/19 20:12:55 | 216,035,328 | ---- | C] () -- C:\Users\Chris\Desktop\kav_rescue_10.iso
[2011/04/19 20:02:08 | 000,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Local\{35E258CB-1735-45A6-89A0-1F6CFD23EB25}
[2011/04/18 19:09:07 | 000,301,568 | ---- | C] () -- C:\Users\Chris\Desktop\gmer.exe
[2011/04/18 18:27:16 | 000,001,646 | -HS- | C] () -- C:\Users\Chris\AppData\Local\ci256wkm68
[2011/04/18 18:27:16 | 000,001,642 | -HS- | C] () -- C:\ProgramData\3720874580
[2011/04/18 18:27:07 | 000,001,646 | -HS- | C] () -- C:\ProgramData\ci256wkm68
[2011/04/18 18:10:57 | 000,000,552 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
[2011/04/17 22:22:33 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/17 22:22:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/17 22:22:33 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/17 22:22:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/17 22:22:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/17 20:56:36 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\Tizer™ Rootkit Razor.lnk
[2011/04/17 20:51:38 | 000,000,050 | ---- | C] () -- C:\Windows\wininit.ini
[2011/04/17 20:42:35 | 000,024,448 | ---- | C] () -- C:\Windows\System32\drivers\rkhdrv40.sys
[2011/04/17 18:56:51 | 000,089,422 | ---- | C] () -- C:\Users\Chris\Documents\GGGGGGGGGGG.ods
[2011/04/17 18:41:44 | 000,002,523 | ---- | C] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2011/04/17 17:57:30 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/17 17:39:33 | 004,323,312 | R--- | C] () -- C:\Users\Chris\Desktop\blah123.com
[2011/04/17 16:02:13 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/16 15:25:58 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/04/16 12:09:33 | 000,000,680 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2011/04/16 12:06:01 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\yevm.sys
[2011/04/16 09:02:06 | 000,007,404 | -HS- | C] () -- C:\Users\Chris\AppData\Local\b513h2vulke4
[2011/04/16 09:02:06 | 000,001,542 | -HS- | C] () -- C:\ProgramData\1199018546
[2011/04/16 09:01:55 | 000,011,326 | -HS- | C] () -- C:\ProgramData\b513h2vulke4
[2011/04/16 09:00:00 | 001,263,721 | ---- | C] () -- C:\Users\Chris\Desktop\tdsskiller.zip
[2011/04/05 20:00:54 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/05 19:38:34 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/04/04 20:24:31 | 000,012,014 | -HS- | C] () -- C:\Users\Chris\AppData\Local\346lk7y0gq48207188i58cy7wbt45c5
[2011/04/04 20:24:31 | 000,012,014 | -HS- | C] () -- C:\ProgramData\346lk7y0gq48207188i58cy7wbt45c5
[2011/03/30 18:28:40 | 000,034,935 | ---- | C] () -- C:\Users\Chris\Documents\C & B 4th Draft.wps.rtf
[2011/03/28 19:24:35 | 000,039,936 | ---- | C] () -- C:\Users\Chris\Documents\C & B 4th Draft.wps
[2011/03/27 17:27:39 | 000,001,834 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/02/07 21:56:28 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011/02/07 20:43:58 | 000,000,665 | ---- | C] () -- C:\Windows\eReg.dat
[2010/10/19 08:38:43 | 000,246,784 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2010/07/09 20:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010/03/02 22:15:52 | 000,022,016 | ---- | C] () -- C:\Windows\System32\drivers\1UnHooker.sys
[2009/11/10 23:13:54 | 000,139,152 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\PnkBstrK.sys
[2009/11/10 23:13:54 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/11/10 23:13:36 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/11/10 23:13:32 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/11/10 23:13:31 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009/10/08 17:38:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/08 17:38:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/08 17:38:11 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/09/05 11:32:58 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/20 18:01:17 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009/07/03 16:50:48 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009/05/08 22:57:22 | 000,000,023 | -HS- | C] () -- C:\Windows\System32\edacded0_x.dat
[2009/04/10 11:26:55 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/03/18 19:47:04 | 000,000,000 | ---- | C] () -- C:\Windows\MSDraw.ini
[2009/03/07 19:45:54 | 000,000,248 | ---- | C] () -- C:\Windows\RomeTW.ini
[2009/03/05 21:30:02 | 003,423,744 | ---- | C] () -- C:\Windows\System32\libfilefmt-1.1.0.dll
[2009/03/05 21:30:02 | 000,020,480 | ---- | C] () -- C:\Windows\System32\libavi-dd-1.2.0.dll
[2008/11/03 19:15:09 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX8400DEFGIPS.ini
[2008/11/03 19:04:29 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/11/03 19:04:29 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/11/03 19:04:29 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/11/03 19:04:29 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/11/03 19:04:29 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/11/03 19:04:29 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/11/03 19:04:29 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/11/03 19:04:29 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/11/03 19:04:29 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/11/03 19:04:29 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008/11/03 19:04:29 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/11/03 19:04:29 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/11/03 19:04:29 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/11/03 19:04:29 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/11/03 19:04:29 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/11/03 19:04:29 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008/11/03 19:04:29 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008/11/03 19:04:29 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/11/03 19:04:29 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/10/15 22:10:17 | 000,000,080 | RHS- | C] () -- C:\Windows\System32\C2912C281D.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/05 17:18:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/07/08 15:34:42 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008/06/16 16:59:32 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2008/06/16 16:59:32 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/05/14 23:44:30 | 000,000,911 | ---- | C] () -- C:\Windows\STA2.ini
[2008/04/26 08:17:56 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/04/26 08:17:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/04/11 10:20:20 | 000,025,088 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/07 10:35:52 | 000,229,376 | ---- | C] () -- C:\Windows\System32\CPGameLauncher.exe
[2007/04/17 15:34:40 | 000,135,716 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,392,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/19 09:07:28 | 000,827,392 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2004/02/27 16:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[1996/02/23 22:34:48 | 000,014,629 | ---- | C] () -- C:\Windows\System32\Declw.dll
[1996/02/22 20:09:20 | 000,032,256 | ---- | C] () -- C:\Windows\System32\Decln.dll

========== LOP Check ==========

[2011/04/17 18:02:53 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Acreon
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\CrystalApp
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DAEMON Tools
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DNA
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FreeAudioPack
[2011/04/07 19:02:54 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FrostWire
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FVDIEPlugin
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\GetRightToGo
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PlaneShift
[2011/04/05 19:38:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2011/04/20 17:48:55 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CE2C623F
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Edited by Horaldo, 20 April 2011 - 12:08 PM.

  • 0

Advertisements

#2
Essexboy
Posted 24 April 2011 - 08:48 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there - and sorry for the delay... It looks like you have thrown everything at this bar the kitchen sink...

I will start by removing what I can see, then I will ask for some old and new logs

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [Disabled | Stopped] -- -- (YUVYOKUVMV)
    SRV - File not found [Disabled | Stopped] -- -- (XXOFFCXWV)
    SRV - File not found [Disabled | Stopped] -- -- (USBBQTOQ)
    SRV - File not found [Disabled | Stopped] -- -- (QPVDAKVQ)
    SRV - File not found [On_Demand | Stopped] -- -- (ID)
    SRV - File not found [Disabled | Stopped] -- -- (CAIQBRIUJBLKQCKU)
    SRV - File not found [Disabled | Stopped] -- -- (BLVJPHRPPC)
    DRV - [2011/04/18 18:27:05 | 000,024,448 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rkhdrv40.sys -- (rkhdrv40)
    DRV - [2010/03/02 22:15:52 | 000,022,016 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\1UnHooker.sys -- (1UnHooker)
    [2010/04/16 17:24:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/16 20:46:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/17 20:30:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    [2011/04/18 18:30:22 | 000,001,646 | -HS- | M] () -- C:\Users\Chris\AppData\Local\ci256wkm68
    [2011/04/18 18:30:22 | 000,001,646 | -HS- | M] () -- C:\ProgramData\ci256wkm68
    [2011/04/18 18:27:37 | 000,001,642 | -HS- | M] () -- C:\ProgramData\3720874580
    [2011/04/16 12:06:01 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\yevm.sys
    [2011/04/16 09:13:45 | 000,007,404 | -HS- | M] () -- C:\Users\Chris\AppData\Local\b513h2vulke4
    [2011/04/16 09:04:25 | 000,011,326 | -HS- | M] () -- C:\ProgramData\b513h2vulke4
    [2011/04/16 09:02:18 | 000,001,542 | -HS- | M] () -- C:\ProgramData\1199018546
    [2011/04/05 18:09:18 | 000,012,014 | -HS- | M] () -- C:\Users\Chris\AppData\Local\346lk7y0gq48207188i58cy7wbt45c5
    [2011/04/05 18:09:18 | 000,012,014 | -HS- | M] () -- C:\ProgramData\346lk7y0gq48207188i58cy7wbt45c5

    :Files
    ipconfig /flushdns /c
    C:\Users\Chris\AppData\Local\346lk7y0gq48207188i58cy7wbt45c5
    C:\ProgramData\346lk7y0gq48207188i58cy7wbt45c5

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


Could you post the following Old logs please TDSSKiller, Combofix use as many posts as necessary

Then I would like two new logs

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0

#3
Horaldo
Posted 25 April 2011 - 03:13 AM

Horaldo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
After running the custom scans using OTL, I began receiving conhost.exe attacks from systemprofile/temp folder. I also cannot open firefox or internet explorer as firefox reads "Proxy Server Refused Connection". I removed conhost.exe using SuperAnti-Spyware, sorry but I hoped it would fix my ability to reply!

Using my phone right now so I can't post the OTL log! My MSN connects as well so I don't think it's my connection. It happened just as I was about to download gmer!

Edit: Changed firefox settings and got it to work! I will now perform Gmer scan

Edited by Horaldo, 25 April 2011 - 03:23 AM.

  • 0

#4
Essexboy
Posted 25 April 2011 - 03:52 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ok lets reset the proxies and then continue

Go to Control Panel and select Internet Options
Select the Connections TAB
Select LAN settings button
Ensure there is no tick in the Proxy Server box
Select OK and restart Internet explorer


And for Firefox there are instructions on this page and you want the setting to be no proxy
  • 0

#5
Horaldo
Posted 25 April 2011 - 03:22 PM

Horaldo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Thanks.

Sorry I'm taking so long to reply, caught me on a weekend of a stag do and a birthday!

Here is the OTL.exe. For some reason it gave me no extras.exe.

OTL logfile created on: 25/04/2011 09:28:17 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.25 Gb Total Space | 89.46 Gb Free Space | 30.72% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.42 Gb Free Space | 96.60% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/25 09:11:21 | 000,171,008 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\conhost.exe
PRC - [2011/04/25 09:11:19 | 000,409,225 | -HS- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Local\pxx.exe
PRC - [2011/04/24 21:58:36 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/19 21:02:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2011/04/07 22:44:48 | 000,841,832 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/02/23 15:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 15:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/05/10 17:10:00 | 004,468,736 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/09/19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe


========== Modules (SafeList) ==========

MOD - [2011/04/19 21:02:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
MOD - [2011/02/23 15:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (lcodk)
SRV - File not found [Auto | Stopped] -- -- (AMService)
SRV - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/02/23 15:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/05/03 22:26:00 | 002,711,854 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)


========== Driver Services (SafeList) ==========

DRV - [2011/04/08 06:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/02/23 14:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 14:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 14:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 14:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 14:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/02/23 14:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/07/22 20:13:20 | 000,028,592 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/05/14 23:05:27 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/11 22:04:06 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/02/22 12:40:38 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2008/01/19 06:55:21 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2008/01/14 11:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/03/27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006/12/06 12:41:16 | 000,044,416 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/11/02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\agrsm.sys -- (AgereSoftModem)
DRV - [2006/11/02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/02/07 12:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/08/30 17:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/08/30 17:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/08/30 17:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58202


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58202


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
IE - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62525

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 62525
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/03/27 17:27:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/24 21:58:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/24 21:58:50 | 000,000,000 | ---D | M]

[2011/04/20 22:32:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\txixir02.default\extensions
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\txixir02.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\txixir02.default\extensions\[email protected]
[2011/04/25 09:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/19 22:30:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/27 17:27:14 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2008/08/19 16:42:47 | 000,000,000 | ---D | M] (Veoh Browser Plug-in) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOH\PLUGINS\NOREG\VIDEOFINDER4
[2008/12/04 19:10:59 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
[2009/09/02 01:58:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/20 13:29:14 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2011/04/25 09:07:38 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [conhost] C:\Users\Chris\AppData\Roaming\Microsoft\conhost.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - Startup: C:\Users\Carolanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\__aswSnx private storage\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - Reg Error: Value error. File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} http://www.netmarble...b/NMJTransX.cab (NMJTransX Control)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://webcam.salisb...sCamControl.cab (CamImage Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "C:\Windows\system32\config\systemprofile\AppData\Local\pxx.exe" -a "%1" %* ()
O35 - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\pxx.exe" -a "%1" %* ()
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\pxx.exe" -a "%1" %* ()
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\pxx.exe" -a "%1" %* ()
O37 - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/04/25 09:07:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/22 11:07:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/22 11:07:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp
[2011/04/22 10:51:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/19 21:02:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/04/18 19:14:43 | 000,100,480 | ---- | C] (GMER) -- C:\fwtoqpod.sys
[2011/04/18 19:08:12 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\TDSSKiller.exe
[2011/04/18 18:16:34 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/04/17 22:22:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/17 22:22:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/17 22:22:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/17 22:22:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/17 22:22:25 | 000,000,000 | ---D | C] -- C:\blah123
[2011/04/17 22:18:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/17 22:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/04/17 20:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tizer™ Rootkit Razor
[2011/04/17 20:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Tizer™ Rootkit Razor
[2011/04/17 20:31:46 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\Users\Chris\Desktop\fsbl.exe
[2011/04/17 19:58:44 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011/04/17 19:49:28 | 000,056,400 | ---- | C] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2011/04/17 18:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/17 18:41:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/04/17 18:33:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Deployment
[2011/04/17 18:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2011/04/17 18:02:53 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/04/17 17:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/04/17 17:56:23 | 006,449,984 | ---- | C] (SurfRight B.V.) -- C:\Users\Chris\Desktop\HitmanPro35.exe
[2011/04/17 16:02:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\SUPERAntiSpyware.com
[2011/04/17 16:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/04/17 16:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/04/17 16:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/16 15:55:36 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/04/16 12:25:38 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\TFC.exe
[2011/04/16 12:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/15 23:34:45 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\WinRAR
[2011/04/09 10:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/04/09 10:23:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\DivX
[2011/04/05 20:00:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/05 20:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/05 20:00:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/05 19:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/04/05 19:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/05 19:04:31 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Threat Expert
[2011/04/05 18:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/04/05 18:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/04/05 18:29:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apps(32)
[2011/04/05 18:22:04 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Macromedia
[2011/04/05 18:19:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Temp(39)
[2011/04/05 18:19:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Adobe
[2011/04/05 18:13:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Google
[2011/04/05 00:03:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2011/04/04 23:56:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Adobe(41)
[2011/03/27 17:27:39 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/03/27 17:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/03/27 17:27:38 | 000,301,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/03/27 17:27:36 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/03/27 17:27:36 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/03/27 17:27:35 | 000,371,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/03/27 17:27:34 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/03/27 17:27:13 | 000,190,016 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/03/27 17:27:13 | 000,040,648 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/03/27 17:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/03/27 17:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2010/08/07 15:44:48 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Users\Chris\AppData\Roaming\REX Shared Library.dll
[2009/05/04 16:15:24 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Users\Chris\AppData\Roaming\Rewire.dll
[2007/03/12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2005/11/23 12:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2 C:\Users\Chris\AppData\Local\*.tmp files -> C:\Users\Chris\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/25 09:23:40 | 000,010,608 | -HS- | M] () -- C:\ProgramData\470524a813307a7x2ukkoo0l8edp751cvt80
[2011/04/25 09:19:35 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/25 09:19:35 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/25 09:18:29 | 000,002,316 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\37E0.2D4
[2011/04/25 09:13:41 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/25 09:13:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/25 09:13:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/25 09:13:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/25 09:13:17 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/25 09:13:16 | 261,441,992 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/25 09:07:38 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/04/24 22:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/24 14:45:53 | 000,012,148 | -HS- | M] () -- C:\Users\Chris\AppData\Local\257dc5kfcah0k7mbio37
[2011/04/24 14:45:53 | 000,012,148 | -HS- | M] () -- C:\ProgramData\257dc5kfcah0k7mbio37
[2011/04/21 20:12:07 | 000,002,523 | ---- | M] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2011/04/21 19:22:37 | 000,000,000 | ---- | M] () -- C:\Users\Chris\AppData\Local\{082ED083-878B-420D-A558-5A4D0560DC79}
[2011/04/19 23:16:01 | 001,544,204 | ---- | M] () -- C:\Users\Chris\Desktop\ProcessExplorer.zip
[2011/04/19 23:08:53 | 000,629,057 | ---- | M] () -- C:\Users\Chris\Desktop\RkU3.8.388.590.rar
[2011/04/19 22:48:16 | 000,147,456 | ---- | M] () -- C:\Users\Chris\Desktop\catchme.exe
[2011/04/19 22:47:57 | 000,089,088 | ---- | M] () -- C:\Users\Chris\Desktop\mbr.exe
[2011/04/19 21:30:14 | 000,089,422 | ---- | M] () -- C:\Users\Chris\Documents\GGGGGGGGGGG.ods
[2011/04/19 21:02:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/04/19 20:19:45 | 216,035,328 | ---- | M] () -- C:\Users\Chris\Desktop\kav_rescue_10.iso
[2011/04/19 20:18:11 | 000,387,584 | ---- | M] () -- C:\Users\Chris\Desktop\rescue2usb.exe
[2011/04/19 20:02:36 | 000,000,000 | ---- | M] () -- C:\Users\Chris\AppData\Local\{35E258CB-1735-45A6-89A0-1F6CFD23EB25}
[2011/04/19 08:28:44 | 000,000,680 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2011/04/18 19:24:12 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/18 19:14:43 | 000,100,480 | ---- | M] (GMER) -- C:\fwtoqpod.sys
[2011/04/18 18:10:57 | 000,000,552 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
[2011/04/17 20:56:36 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\Tizer™ Rootkit Razor.lnk
[2011/04/17 20:51:38 | 000,000,050 | ---- | M] () -- C:\Windows\wininit.ini
[2011/04/17 20:31:46 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\Users\Chris\Desktop\fsbl.exe
[2011/04/17 19:58:45 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011/04/17 19:49:28 | 000,056,400 | ---- | M] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2011/04/17 19:17:11 | 000,001,192 | ---- | M] () -- C:\Users\Chris\Documents\GGGGGGG.rtf
[2011/04/17 18:02:53 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/04/17 17:56:48 | 006,449,984 | ---- | M] (SurfRight B.V.) -- C:\Users\Chris\Desktop\HitmanPro35.exe
[2011/04/17 17:39:33 | 004,323,312 | R--- | M] () -- C:\Users\Chris\Desktop\blah123.com
[2011/04/17 16:02:13 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/16 15:26:17 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/04/16 15:26:17 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/04/16 15:25:58 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/04/16 12:25:48 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\TFC.exe
[2011/04/16 09:34:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/04/16 09:34:37 | 000,001,834 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/16 09:00:12 | 001,263,721 | ---- | M] () -- C:\Users\Chris\Desktop\tdsskiller.zip
[2011/04/10 23:38:26 | 000,025,088 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 06:14:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/04/08 06:14:00 | 000,004,755 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2011/04/05 20:00:54 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/05 19:38:34 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/03/30 18:28:40 | 000,034,935 | ---- | M] () -- C:\Users\Chris\Documents\C & B 4th Draft.wps.rtf
[2011/03/28 19:24:35 | 000,039,936 | ---- | M] () -- C:\Users\Chris\Documents\C & B 4th Draft.wps
[2 C:\Users\Chris\AppData\Local\*.tmp files -> C:\Users\Chris\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/25 09:14:46 | 000,002,316 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\37E0.2D4
[2011/04/25 09:11:22 | 000,010,608 | -HS- | C] () -- C:\ProgramData\470524a813307a7x2ukkoo0l8edp751cvt80
[2011/04/24 14:45:43 | 000,012,148 | -HS- | C] () -- C:\Users\Chris\AppData\Local\257dc5kfcah0k7mbio37
[2011/04/24 13:18:10 | 000,012,148 | -HS- | C] () -- C:\ProgramData\257dc5kfcah0k7mbio37
[2011/04/22 11:11:08 | 2145,902,592 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/22 09:45:08 | 261,441,992 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/21 19:22:37 | 000,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Local\{082ED083-878B-420D-A558-5A4D0560DC79}
[2011/04/19 23:16:01 | 001,544,204 | ---- | C] () -- C:\Users\Chris\Desktop\ProcessExplorer.zip
[2011/04/19 23:08:53 | 000,629,057 | ---- | C] () -- C:\Users\Chris\Desktop\RkU3.8.388.590.rar
[2011/04/19 22:48:16 | 000,147,456 | ---- | C] () -- C:\Users\Chris\Desktop\catchme.exe
[2011/04/19 22:47:57 | 000,089,088 | ---- | C] () -- C:\Users\Chris\Desktop\mbr.exe
[2011/04/19 20:18:11 | 000,387,584 | ---- | C] () -- C:\Users\Chris\Desktop\rescue2usb.exe
[2011/04/19 20:12:55 | 216,035,328 | ---- | C] () -- C:\Users\Chris\Desktop\kav_rescue_10.iso
[2011/04/19 20:02:08 | 000,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Local\{35E258CB-1735-45A6-89A0-1F6CFD23EB25}
[2011/04/18 18:10:57 | 000,000,552 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
[2011/04/17 22:22:33 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/17 22:22:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/17 22:22:33 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/17 22:22:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/17 22:22:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/17 20:56:36 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\Tizer™ Rootkit Razor.lnk
[2011/04/17 20:51:38 | 000,000,050 | ---- | C] () -- C:\Windows\wininit.ini
[2011/04/17 18:56:51 | 000,089,422 | ---- | C] () -- C:\Users\Chris\Documents\GGGGGGGGGGG.ods
[2011/04/17 18:41:44 | 000,002,523 | ---- | C] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2011/04/17 17:57:30 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/17 17:39:33 | 004,323,312 | R--- | C] () -- C:\Users\Chris\Desktop\blah123.com
[2011/04/17 16:02:13 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/16 15:25:58 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/04/16 12:09:33 | 000,000,680 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2011/04/16 09:00:00 | 001,263,721 | ---- | C] () -- C:\Users\Chris\Desktop\tdsskiller.zip
[2011/04/05 20:00:54 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/05 19:38:34 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/03/30 18:28:40 | 000,034,935 | ---- | C] () -- C:\Users\Chris\Documents\C & B 4th Draft.wps.rtf
[2011/03/28 19:24:35 | 000,039,936 | ---- | C] () -- C:\Users\Chris\Documents\C & B 4th Draft.wps
[2011/03/27 17:27:39 | 000,001,834 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/02/07 21:56:28 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011/02/07 20:43:58 | 000,000,665 | ---- | C] () -- C:\Windows\eReg.dat
[2010/10/19 08:38:43 | 000,246,784 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2010/07/09 20:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/11/10 23:13:54 | 000,139,152 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\PnkBstrK.sys
[2009/11/10 23:13:54 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/11/10 23:13:36 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/11/10 23:13:32 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/11/10 23:13:31 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009/10/08 17:38:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/08 17:38:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/08 17:38:11 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/09/05 11:32:58 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/20 18:01:17 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009/07/03 16:50:48 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009/05/08 22:57:22 | 000,000,023 | -HS- | C] () -- C:\Windows\System32\edacded0_x.dat
[2009/04/10 11:26:55 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/03/18 19:47:04 | 000,000,000 | ---- | C] () -- C:\Windows\MSDraw.ini
[2009/03/07 19:45:54 | 000,000,248 | ---- | C] () -- C:\Windows\RomeTW.ini
[2009/03/05 21:30:02 | 003,423,744 | ---- | C] () -- C:\Windows\System32\libfilefmt-1.1.0.dll
[2009/03/05 21:30:02 | 000,020,480 | ---- | C] () -- C:\Windows\System32\libavi-dd-1.2.0.dll
[2008/11/03 19:15:09 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX8400DEFGIPS.ini
[2008/11/03 19:04:29 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/11/03 19:04:29 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/11/03 19:04:29 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/11/03 19:04:29 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/11/03 19:04:29 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/11/03 19:04:29 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/11/03 19:04:29 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/11/03 19:04:29 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/11/03 19:04:29 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/11/03 19:04:29 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008/11/03 19:04:29 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/11/03 19:04:29 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/11/03 19:04:29 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/11/03 19:04:29 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/11/03 19:04:29 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/11/03 19:04:29 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008/11/03 19:04:29 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008/11/03 19:04:29 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/11/03 19:04:29 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/10/15 22:10:17 | 000,000,080 | RHS- | C] () -- C:\Windows\System32\C2912C281D.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/05 17:18:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/07/08 15:34:42 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008/06/16 16:59:32 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2008/06/16 16:59:32 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/05/14 23:44:30 | 000,000,911 | ---- | C] () -- C:\Windows\STA2.ini
[2008/04/26 08:17:56 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/04/26 08:17:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/04/11 10:20:20 | 000,025,088 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/07 10:35:52 | 000,229,376 | ---- | C] () -- C:\Windows\System32\CPGameLauncher.exe
[2007/04/17 15:34:40 | 000,135,716 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,392,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/19 09:07:28 | 000,827,392 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2004/02/27 16:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[1996/02/23 22:34:48 | 000,014,629 | ---- | C] () -- C:\Windows\System32\Declw.dll
[1996/02/22 20:09:20 | 000,032,256 | ---- | C] () -- C:\Windows\System32\Decln.dll

========== LOP Check ==========

[2011/03/20 18:35:25 | 000,000,000 | ---D | M] -- C:\Users\Carolanne\AppData\Roaming\FrostWire
[2008/11/22 17:40:28 | 000,000,000 | ---D | M] -- C:\Users\Carolanne\AppData\Roaming\LimeWire
[2010/06/16 18:16:04 | 000,000,000 | ---D | M] -- C:\Users\Carolanne\AppData\Roaming\Template
[2010/02/18 21:10:04 | 000,000,000 | ---D | M] -- C:\Users\Carolanne\AppData\Roaming\Trusteer
[2011/01/20 19:29:42 | 000,000,000 | ---D | M] -- C:\Users\Carolanne\AppData\Roaming\uTorrent
[2011/04/17 18:02:53 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Acreon
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\CrystalApp
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DAEMON Tools
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DNA
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FreeAudioPack
[2011/04/07 19:02:54 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FrostWire
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FVDIEPlugin
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\GetRightToGo
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PlaneShift
[2011/04/05 19:38:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2011/04/25 09:11:43 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/08/27 04:10:03 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/08/27 03:01:58 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 10:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: VOLSNAP.INF >
[2006/11/02 11:25:18 | 000,001,790 | ---- | M] () MD5=E5EE5E075DAB1367001C467C70E8C580 -- C:\Windows\inf\volsnap.inf
[2006/11/02 07:35:04 | 000,001,790 | ---- | M] () MD5=E5EE5E075DAB1367001C467C70E8C580 -- C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.inf

< MD5 for: VOLSNAP.INF_LOC >
[2006/11/02 13:41:18 | 000,000,198 | ---- | M] () MD5=F040058B592FE682204B2FC15DDEAC0D -- C:\Windows\System32\DriverStore\en-US\volsnap.inf_loc
[2006/11/02 13:41:18 | 000,000,198 | ---- | M] () MD5=F040058B592FE682204B2FC15DDEAC0D -- C:\Windows\winsxs\x86_volsnap.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_112c68f98452eff6\volsnap.inf_loc

< MD5 for: VOLSNAP.PNF >
[2007/06/26 23:46:35 | 000,004,940 | ---- | M] () MD5=8BB59B2576993A142AF85BAC5D9995F7 -- C:\Windows\inf\volsnap.PNF
[2007/06/26 23:46:35 | 000,004,940 | ---- | M] () MD5=F86E905420A12D5AAE107DBBC25E6A18 -- C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.PNF

< MD5 for: VOLSNAP.SYS >
[2006/11/02 10:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/11 07:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\drivers\volsnap.sys
[2009/04/11 07:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/11 07:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2007/10/26 05:22:53 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=327639D2EC931B057F3826A51ADC73E9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.20709_none_146318401803edb5\volsnap.sys
[2007/10/26 12:14:11 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f47b2c78\volsnap.sys
[2007/10/26 12:14:11 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.16586_none_137ff950ff29e447\volsnap.sys
[2008/01/19 08:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/19 08:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: VOLSNAP.SYS.MUI >
[2008/01/19 08:36:32 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=2A3DEAD70397152006B4E3CED20B41C4 -- C:\Windows\System32\drivers\en-US\volsnap.sys.mui
[2008/01/19 08:36:32 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=2A3DEAD70397152006B4E3CED20B41C4 -- C:\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6001.18000_en-us_7b264a38bff55d35\volsnap.sys.mui
[2006/11/02 13:41:23 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=F9B09F7E31E49004666C9B3EB0BEBD94 -- C:\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_78ef883cc30a4c61\volsnap.sys.mui

< MD5 for: WINLOGON.EXE >
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/24 21:58:44 | 000,509,512 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/24 21:58:44 | 000,509,512 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/24 21:58:44 | 000,509,512 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Windows\system32\config\systemprofile\AppData\Local\pxx.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" [2011/04/25 09:11:19 | 000,409,225 | -HS- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/24 21:58:36 | 000,307,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Windows\system32\config\systemprofile\AppData\Local\pxx.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/25 09:11:19 | 000,409,225 | -HS- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/16 15:25:58 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/16 15:25:58 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/16 15:25:58 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/16 15:26:01 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Windows\system32\config\systemprofile\AppData\Local\pxx.exe" -a "iexplore.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CE2C623F
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >



For some reason the two times I've tried to run Gmer scan (I've had to do so without Devices ticked as it crashes) my memory shoots up to 95% so I'm unable to copy the log to a report. I've tried this both in normal and safe mode, I couldn't even get task manager to open in safe mode due to "insufficient resources".

Sorry I just seem to nothing but problems today! Haha.
  • 0

#6
Essexboy
Posted 25 April 2011 - 03:36 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try to ease some of the problems .. On completion of the OTL fix could you update and run MBAM posting the resultant log

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - [2011/04/25 09:11:21 | 000,171,008 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\conhost.exe
    PRC - [2011/04/25 09:11:19 | 000,409,225 | -HS- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Local\pxx.exe
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58202
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58202
    IE - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62525
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 62525
    FF - prefs.js..network.proxy.type: 1
    O4 - HKLM..\Run: [conhost] C:\Users\Chris\AppData\Roaming\Microsoft\conhost.exe ()
    O35 - HKLM\..exefile [open] -- "C:\Windows\system32\config\systemprofile\AppData\Local\pxx.exe" -a "%1" %* ()
    O37 - HKLM\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\pxx.exe" -a "%1" %* ()
    O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\pxx.exe" -a "%1" %* ()
    O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\pxx.exe" -a "%1" %* ()
    [2011/04/25 09:23:40 | 000,010,608 | -HS- | M] () -- C:\ProgramData\470524a813307a7x2ukkoo0l8edp751cvt80
    [2011/04/24 14:45:53 | 000,012,148 | -HS- | M] () -- C:\Users\Chris\AppData\Local\257dc5kfcah0k7mbio37
    [2011/04/24 14:45:53 | 000,012,148 | -HS- | M] () -- C:\ProgramData\257dc5kfcah0k7mbio37
    [2009/05/08 22:57:22 | 000,000,023 | -HS- | C] () -- C:\Windows\System32\edacded0_x.dat

    :Files
    ipconfig /flushdns /c
    C:\ProgramData\470524a813307a7x2ukkoo0l8edp751cvt80
    C:\Users\Chris\AppData\Local\257dc5kfcah0k7mbio37
    C:\ProgramData\257dc5kfcah0k7mbio37

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#7
Horaldo
Posted 26 April 2011 - 10:43 AM

Horaldo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Thanks,

Please find OTL log below and MBAM log attached.

OTL logfile created on: 26/04/2011 17:38:08 - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.25 Gb Total Space | 89.39 Gb Free Space | 30.69% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.42 Gb Free Space | 96.60% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/24 21:58:36 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/19 21:02:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2011/04/07 22:44:48 | 000,841,832 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/02/23 15:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 15:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/05/10 17:10:00 | 004,468,736 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/09/19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe


========== Modules (SafeList) ==========

MOD - [2011/04/19 21:02:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
MOD - [2011/02/23 15:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (lcodk)
SRV - File not found [Auto | Stopped] -- -- (AMService)
SRV - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/02/23 15:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/05/03 22:26:00 | 002,711,854 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)


========== Driver Services (SafeList) ==========

DRV - [2011/04/26 00:25:12 | 000,054,016 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\obmwfji.sys -- (fwbylxuw)
DRV - [2011/04/08 06:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/02/23 14:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 14:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 14:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 14:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 14:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/02/23 14:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/07/22 20:13:20 | 000,028,592 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/05/14 23:05:27 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/11 22:04:06 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/02/22 12:40:38 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2008/01/19 06:55:21 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2008/01/14 11:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/03/27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006/12/06 12:41:16 | 000,044,416 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/11/02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\agrsm.sys -- (AgereSoftModem)
DRV - [2006/11/02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/02/07 12:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/08/30 17:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/08/30 17:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/08/30 17:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/03/27 17:27:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/24 21:58:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/24 21:58:50 | 000,000,000 | ---D | M]

[2011/04/20 22:32:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\txixir02.default\extensions
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\txixir02.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\txixir02.default\extensions\[email protected]
[2011/04/25 22:27:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/19 22:30:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/27 17:27:14 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2008/08/19 16:42:47 | 000,000,000 | ---D | M] (Veoh Browser Plug-in) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOH\PLUGINS\NOREG\VIDEOFINDER4
[2008/12/04 19:10:59 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
[2009/09/02 01:58:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/20 13:29:14 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

Hosts file not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - Reg Error: Value error. File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} http://www.netmarble...b/NMJTransX.cab (NMJTransX Control)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://webcam.salisb...sCamControl.cab (CamImage Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/25 09:07:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/22 11:07:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/22 11:07:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp
[2011/04/22 10:51:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/19 21:02:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/04/18 19:14:43 | 000,100,480 | ---- | C] (GMER) -- C:\fwtoqpod.sys
[2011/04/18 19:08:12 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\TDSSKiller.exe
[2011/04/18 18:16:34 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/04/17 22:22:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/17 22:22:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/17 22:22:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/17 22:22:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/17 22:22:25 | 000,000,000 | ---D | C] -- C:\blah123
[2011/04/17 22:18:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/17 22:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/04/17 20:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tizer™ Rootkit Razor
[2011/04/17 20:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Tizer™ Rootkit Razor
[2011/04/17 20:31:46 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\Users\Chris\Desktop\fsbl.exe
[2011/04/17 19:58:44 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011/04/17 19:49:28 | 000,056,400 | ---- | C] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2011/04/17 18:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/17 18:41:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/04/17 18:33:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Deployment
[2011/04/17 18:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2011/04/17 18:02:53 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/04/17 17:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/04/17 17:56:23 | 006,449,984 | ---- | C] (SurfRight B.V.) -- C:\Users\Chris\Desktop\HitmanPro35.exe
[2011/04/17 16:02:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\SUPERAntiSpyware.com
[2011/04/17 16:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/04/17 16:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/04/17 16:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/16 15:55:36 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/04/16 12:25:38 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\TFC.exe
[2011/04/16 12:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/15 23:34:45 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\WinRAR
[2011/04/09 10:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/04/09 10:23:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\DivX
[2011/04/05 20:00:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/05 20:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/05 20:00:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/05 19:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/04/05 19:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/05 19:04:31 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Threat Expert
[2011/04/05 18:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/04/05 18:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/04/05 18:29:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apps(32)
[2011/04/05 18:22:04 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Macromedia
[2011/04/05 18:19:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Temp(39)
[2011/04/05 18:19:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Adobe
[2011/04/05 18:13:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Google
[2011/04/05 00:03:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2011/04/04 23:56:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Adobe(41)
[2010/08/07 15:44:48 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Users\Chris\AppData\Roaming\REX Shared Library.dll
[2009/05/04 16:15:24 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Users\Chris\AppData\Roaming\Rewire.dll
[2007/03/12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2005/11/23 12:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2 C:\Users\Chris\AppData\Local\*.tmp files -> C:\Users\Chris\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/26 17:35:16 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/26 17:35:09 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/26 17:35:09 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/26 17:34:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/26 17:34:54 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/26 17:34:53 | 290,580,440 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/26 00:25:12 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\obmwfji.sys
[2011/04/26 00:12:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/25 23:23:26 | 000,001,207 | ---- | M] () -- C:\Users\Chris\Documents\GGGGGGG.rtf
[2011/04/25 22:50:14 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/25 22:50:14 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/25 09:54:22 | 000,000,948 | ---- | M] () -- C:\Users\Chris\Desktop\Launch Internet Explorer Browser.lnk
[2011/04/25 09:18:29 | 000,002,316 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\37E0.2D4
[2011/04/21 20:12:07 | 000,002,523 | ---- | M] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2011/04/21 19:22:37 | 000,000,000 | ---- | M] () -- C:\Users\Chris\AppData\Local\{082ED083-878B-420D-A558-5A4D0560DC79}
[2011/04/19 23:16:01 | 001,544,204 | ---- | M] () -- C:\Users\Chris\Desktop\ProcessExplorer.zip
[2011/04/19 23:08:53 | 000,629,057 | ---- | M] () -- C:\Users\Chris\Desktop\RkU3.8.388.590.rar
[2011/04/19 22:48:16 | 000,147,456 | ---- | M] () -- C:\Users\Chris\Desktop\catchme.exe
[2011/04/19 22:47:57 | 000,089,088 | ---- | M] () -- C:\Users\Chris\Desktop\mbr.exe
[2011/04/19 21:30:14 | 000,089,422 | ---- | M] () -- C:\Users\Chris\Documents\GGGGGGGGGGG.ods
[2011/04/19 21:02:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/04/19 20:19:45 | 216,035,328 | ---- | M] () -- C:\Users\Chris\Desktop\kav_rescue_10.iso
[2011/04/19 20:18:11 | 000,387,584 | ---- | M] () -- C:\Users\Chris\Desktop\rescue2usb.exe
[2011/04/19 20:02:36 | 000,000,000 | ---- | M] () -- C:\Users\Chris\AppData\Local\{35E258CB-1735-45A6-89A0-1F6CFD23EB25}
[2011/04/19 08:28:44 | 000,000,680 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2011/04/18 19:24:12 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/18 19:14:43 | 000,100,480 | ---- | M] (GMER) -- C:\fwtoqpod.sys
[2011/04/18 18:10:57 | 000,000,552 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
[2011/04/17 20:56:36 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\Tizer™ Rootkit Razor.lnk
[2011/04/17 20:51:38 | 000,000,050 | ---- | M] () -- C:\Windows\wininit.ini
[2011/04/17 20:31:46 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\Users\Chris\Desktop\fsbl.exe
[2011/04/17 19:58:45 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011/04/17 19:49:28 | 000,056,400 | ---- | M] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2011/04/17 18:02:53 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/04/17 17:56:48 | 006,449,984 | ---- | M] (SurfRight B.V.) -- C:\Users\Chris\Desktop\HitmanPro35.exe
[2011/04/17 17:39:33 | 004,323,312 | R--- | M] () -- C:\Users\Chris\Desktop\blah123.com
[2011/04/17 16:02:13 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/16 15:26:17 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/04/16 15:26:17 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/04/16 15:25:58 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/04/16 12:25:48 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\TFC.exe
[2011/04/16 09:34:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/04/16 09:34:37 | 000,001,834 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/16 09:00:12 | 001,263,721 | ---- | M] () -- C:\Users\Chris\Desktop\tdsskiller.zip
[2011/04/10 23:38:26 | 000,025,088 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 06:14:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/04/08 06:14:00 | 000,004,755 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2011/04/05 20:00:54 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/05 19:38:34 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/03/30 18:28:40 | 000,034,935 | ---- | M] () -- C:\Users\Chris\Documents\C & B 4th Draft.wps.rtf
[2011/03/28 19:24:35 | 000,039,936 | ---- | M] () -- C:\Users\Chris\Documents\C & B 4th Draft.wps
[2 C:\Users\Chris\AppData\Local\*.tmp files -> C:\Users\Chris\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/26 00:25:12 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\obmwfji.sys
[2011/04/25 22:16:31 | 2145,902,592 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/25 10:21:10 | 000,301,568 | ---- | C] () -- C:\Users\Chris\Desktop\gmer.exe
[2011/04/25 09:54:22 | 000,000,948 | ---- | C] () -- C:\Users\Chris\Desktop\Launch Internet Explorer Browser.lnk
[2011/04/25 09:14:46 | 000,002,316 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\37E0.2D4
[2011/04/22 09:45:08 | 290,580,440 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/21 19:22:37 | 000,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Local\{082ED083-878B-420D-A558-5A4D0560DC79}
[2011/04/19 23:16:01 | 001,544,204 | ---- | C] () -- C:\Users\Chris\Desktop\ProcessExplorer.zip
[2011/04/19 23:08:53 | 000,629,057 | ---- | C] () -- C:\Users\Chris\Desktop\RkU3.8.388.590.rar
[2011/04/19 22:48:16 | 000,147,456 | ---- | C] () -- C:\Users\Chris\Desktop\catchme.exe
[2011/04/19 22:47:57 | 000,089,088 | ---- | C] () -- C:\Users\Chris\Desktop\mbr.exe
[2011/04/19 20:18:11 | 000,387,584 | ---- | C] () -- C:\Users\Chris\Desktop\rescue2usb.exe
[2011/04/19 20:12:55 | 216,035,328 | ---- | C] () -- C:\Users\Chris\Desktop\kav_rescue_10.iso
[2011/04/19 20:02:08 | 000,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Local\{35E258CB-1735-45A6-89A0-1F6CFD23EB25}
[2011/04/18 18:10:57 | 000,000,552 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
[2011/04/17 22:22:33 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/17 22:22:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/17 22:22:33 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/17 22:22:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/17 22:22:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/17 20:56:36 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\Tizer™ Rootkit Razor.lnk
[2011/04/17 20:51:38 | 000,000,050 | ---- | C] () -- C:\Windows\wininit.ini
[2011/04/17 18:56:51 | 000,089,422 | ---- | C] () -- C:\Users\Chris\Documents\GGGGGGGGGGG.ods
[2011/04/17 18:41:44 | 000,002,523 | ---- | C] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2011/04/17 17:57:30 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/17 17:39:33 | 004,323,312 | R--- | C] () -- C:\Users\Chris\Desktop\blah123.com
[2011/04/17 16:02:13 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/16 15:25:58 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/04/16 12:09:33 | 000,000,680 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2011/04/16 09:00:00 | 001,263,721 | ---- | C] () -- C:\Users\Chris\Desktop\tdsskiller.zip
[2011/04/05 20:00:54 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/05 19:38:34 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/03/30 18:28:40 | 000,034,935 | ---- | C] () -- C:\Users\Chris\Documents\C & B 4th Draft.wps.rtf
[2011/03/28 19:24:35 | 000,039,936 | ---- | C] () -- C:\Users\Chris\Documents\C & B 4th Draft.wps
[2011/02/07 21:56:28 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011/02/07 20:43:58 | 000,000,665 | ---- | C] () -- C:\Windows\eReg.dat
[2010/10/19 08:38:43 | 000,246,784 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2010/07/09 20:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/11/10 23:13:54 | 000,139,152 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\PnkBstrK.sys
[2009/11/10 23:13:54 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/11/10 23:13:36 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/11/10 23:13:32 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/11/10 23:13:31 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009/10/08 17:38:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/08 17:38:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/08 17:38:11 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/09/05 11:32:58 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/20 18:01:17 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009/07/03 16:50:48 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009/04/10 11:26:55 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/03/18 19:47:04 | 000,000,000 | ---- | C] () -- C:\Windows\MSDraw.ini
[2009/03/07 19:45:54 | 000,000,248 | ---- | C] () -- C:\Windows\RomeTW.ini
[2009/03/05 21:30:02 | 003,423,744 | ---- | C] () -- C:\Windows\System32\libfilefmt-1.1.0.dll
[2009/03/05 21:30:02 | 000,020,480 | ---- | C] () -- C:\Windows\System32\libavi-dd-1.2.0.dll
[2008/11/03 19:15:09 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX8400DEFGIPS.ini
[2008/11/03 19:04:29 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/11/03 19:04:29 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/11/03 19:04:29 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/11/03 19:04:29 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/11/03 19:04:29 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/11/03 19:04:29 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/11/03 19:04:29 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/11/03 19:04:29 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/11/03 19:04:29 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/11/03 19:04:29 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008/11/03 19:04:29 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/11/03 19:04:29 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/11/03 19:04:29 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/11/03 19:04:29 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/11/03 19:04:29 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/11/03 19:04:29 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008/11/03 19:04:29 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008/11/03 19:04:29 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/11/03 19:04:29 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/10/15 22:10:17 | 000,000,080 | RHS- | C] () -- C:\Windows\System32\C2912C281D.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/05 17:18:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/07/08 15:34:42 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008/06/16 16:59:32 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2008/06/16 16:59:32 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/05/14 23:44:30 | 000,000,911 | ---- | C] () -- C:\Windows\STA2.ini
[2008/04/26 08:17:56 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/04/26 08:17:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/04/11 10:20:20 | 000,025,088 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/07 10:35:52 | 000,229,376 | ---- | C] () -- C:\Windows\System32\CPGameLauncher.exe
[2007/04/17 15:34:40 | 000,135,716 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,392,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/19 09:07:28 | 000,827,392 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2004/02/27 16:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[1996/02/23 22:34:48 | 000,014,629 | ---- | C] () -- C:\Windows\System32\Declw.dll
[1996/02/22 20:09:20 | 000,032,256 | ---- | C] () -- C:\Windows\System32\Decln.dll

========== LOP Check ==========

[2011/04/17 18:02:53 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Acreon
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\CrystalApp
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DAEMON Tools
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DNA
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FreeAudioPack
[2011/04/07 19:02:54 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FrostWire
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FVDIEPlugin
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\GetRightToGo
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PlaneShift
[2011/04/05 19:38:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2011/04/26 00:25:25 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CE2C623F
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6443

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

26/04/2011 00:24:04
mbam-log-2011-04-26 (00-23-57).txt

Scan type: Full scan (C:\|F:\|G:\|H:\|I:\|S:\|)
Objects scanned: 399858
Time elapsed: 1 hour(s), 39 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\pxx.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\pxx.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\pxx.exe" -a "iexplore.exe) Good: (iexplore.exe) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\deployment\cache\6.0\24\56e86f58-676258a5 (Trojan.FakeAlert) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\deployment\cache\6.0\41\602e1469-7614eaa0 (Spyware.Agent) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\deployment\cache\6.0\46\64b4d32e-2247edbc (Spyware.Agent) -> No action taken.
c:\_OTL\movedfiles\04252011_224031\c_windows\System32\config\systemprofile\AppData\Local\pxx.exe (Trojan.FakeAlert) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> No action taken.

Attached Files


  • 0

#8
Essexboy
Posted 26 April 2011 - 12:29 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi the log says no action taken for MBAM - could you re-run and allow it to delete all that it finds

Once done what problems are you having
  • 0

#9
Horaldo
Posted 27 April 2011 - 12:33 PM

Horaldo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
All the same. I've ran and deleted many trojans etc. before using MBAM and SuperAntiSpyware. The problem is that they keep coming back under different names I believe. Maybe the removal process is being hindered since I cannot reboot or shutdown properly?
  • 0

#10
Essexboy
Posted 27 April 2011 - 02:30 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets take them out manually then :)

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :processes
    killallprocesses

    :OTL
    SRV - File not found [Auto | Stopped] -- -- (lcodk)
    DRV - [2011/04/26 00:25:12 | 000,054,016 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\obmwfji.sys -- (fwbylxuw)
    [2011/04/26 00:25:12 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\obmwfji.sys

    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
    ""="C:\Program Files\Mozilla Firefox\firefox.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command]
    ""="C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
    ""="C:\Program Files\Internet Explorer\iexplore.exe"

    :Files
    ipconfig /flushdns /c
    c:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\deployment\cache\6.0\24\56e86f58-676258a5
    c:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\deployment\cache\6.0\41\602e1469-7614eaa0
    c:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\deployment\cache\6.0\46\64b4d32e-2247edbc
    c:\Windows\System32\config\systemprofile\AppData\Roaming\microsoft\conhost.exe


    :Commands
    [purity]
    [resethosts]
    [CREATERESTOREPOINT]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

Advertisements

#11
Horaldo
Posted 27 April 2011 - 02:45 PM

Horaldo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Thanks, please find below.

OTL logfile created on: 27/04/2011 21:35:53 - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.25 Gb Total Space | 90.67 Gb Free Space | 31.13% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.42 Gb Free Space | 96.60% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/24 21:58:36 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/19 21:02:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2011/04/07 22:44:48 | 000,841,832 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/02/23 15:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 15:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/05/10 17:10:00 | 004,468,736 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/09/19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe


========== Modules (SafeList) ==========

MOD - [2011/04/19 21:02:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
MOD - [2011/02/23 15:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AMService)
SRV - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/02/23 15:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/05/03 22:26:00 | 002,711,854 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)


========== Driver Services (SafeList) ==========

DRV - [2011/04/08 06:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/02/23 14:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 14:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 14:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 14:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 14:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/02/23 14:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/07/22 20:13:20 | 000,028,592 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/05/14 23:05:27 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/11 22:04:06 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/02/22 12:40:38 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2008/01/19 06:55:21 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2008/01/14 11:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/03/27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006/12/06 12:41:16 | 000,044,416 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/11/02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\agrsm.sys -- (AgereSoftModem)
DRV - [2006/11/02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/02/07 12:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/08/30 17:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/08/30 17:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/08/30 17:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/03/27 17:27:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/24 21:58:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/24 21:58:50 | 000,000,000 | ---D | M]

[2011/04/20 22:32:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\txixir02.default\extensions
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\txixir02.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\txixir02.default\extensions\[email protected]
[2011/04/27 19:38:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/19 22:30:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/27 17:27:14 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2008/08/19 16:42:47 | 000,000,000 | ---D | M] (Veoh Browser Plug-in) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOH\PLUGINS\NOREG\VIDEOFINDER4
[2008/12/04 19:10:59 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
[2009/09/02 01:58:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/20 13:29:14 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2011/04/27 21:31:40 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - Reg Error: Value error. File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} http://www.netmarble...b/NMJTransX.cab (NMJTransX Control)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://webcam.salisb...sCamControl.cab (CamImage Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/25 09:07:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/22 11:07:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/22 11:07:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp
[2011/04/22 10:51:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/19 21:02:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/04/18 19:14:43 | 000,100,480 | ---- | C] (GMER) -- C:\fwtoqpod.sys
[2011/04/18 19:08:12 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\TDSSKiller.exe
[2011/04/18 18:16:34 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/04/17 22:22:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/17 22:22:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/17 22:22:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/17 22:22:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/17 22:22:25 | 000,000,000 | ---D | C] -- C:\blah123
[2011/04/17 22:18:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/17 22:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/04/17 20:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tizer™ Rootkit Razor
[2011/04/17 20:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Tizer™ Rootkit Razor
[2011/04/17 20:31:46 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\Users\Chris\Desktop\fsbl.exe
[2011/04/17 19:58:44 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011/04/17 19:49:28 | 000,056,400 | ---- | C] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2011/04/17 18:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/17 18:41:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/04/17 18:33:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Deployment
[2011/04/17 18:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2011/04/17 18:02:53 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/04/17 17:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/04/17 17:56:23 | 006,449,984 | ---- | C] (SurfRight B.V.) -- C:\Users\Chris\Desktop\HitmanPro35.exe
[2011/04/17 16:02:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\SUPERAntiSpyware.com
[2011/04/17 16:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/04/17 16:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/04/17 16:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/16 15:55:36 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/04/16 12:25:38 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\TFC.exe
[2011/04/16 12:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/15 23:34:45 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\WinRAR
[2011/04/09 10:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/04/09 10:23:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\DivX
[2011/04/05 20:00:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/05 20:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/05 20:00:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/05 19:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/04/05 19:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/05 19:04:31 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Threat Expert
[2011/04/05 18:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/04/05 18:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/04/05 18:29:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apps(32)
[2011/04/05 18:22:04 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Macromedia
[2011/04/05 18:19:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Temp(39)
[2011/04/05 18:19:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Adobe
[2011/04/05 18:13:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Google
[2011/04/05 00:03:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2011/04/04 23:56:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Adobe(41)
[2010/08/07 15:44:48 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Users\Chris\AppData\Roaming\REX Shared Library.dll
[2009/05/04 16:15:24 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Users\Chris\AppData\Roaming\Rewire.dll
[2007/03/12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2005/11/23 12:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2 C:\Users\Chris\AppData\Local\*.tmp files -> C:\Users\Chris\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/27 21:33:30 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/27 21:33:21 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/27 21:33:21 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/27 21:33:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/27 21:33:05 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/27 21:33:04 | 253,188,552 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/27 21:31:40 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/04/27 21:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/27 19:31:54 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/27 19:31:54 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/25 23:23:26 | 000,001,207 | ---- | M] () -- C:\Users\Chris\Documents\GGGGGGG.rtf
[2011/04/25 09:54:22 | 000,000,948 | ---- | M] () -- C:\Users\Chris\Desktop\Launch Internet Explorer Browser.lnk
[2011/04/25 09:18:29 | 000,002,316 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\37E0.2D4
[2011/04/21 20:12:07 | 000,002,523 | ---- | M] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2011/04/21 19:22:37 | 000,000,000 | ---- | M] () -- C:\Users\Chris\AppData\Local\{082ED083-878B-420D-A558-5A4D0560DC79}
[2011/04/19 23:16:01 | 001,544,204 | ---- | M] () -- C:\Users\Chris\Desktop\ProcessExplorer.zip
[2011/04/19 23:08:53 | 000,629,057 | ---- | M] () -- C:\Users\Chris\Desktop\RkU3.8.388.590.rar
[2011/04/19 22:48:16 | 000,147,456 | ---- | M] () -- C:\Users\Chris\Desktop\catchme.exe
[2011/04/19 22:47:57 | 000,089,088 | ---- | M] () -- C:\Users\Chris\Desktop\mbr.exe
[2011/04/19 21:30:14 | 000,089,422 | ---- | M] () -- C:\Users\Chris\Documents\GGGGGGGGGGG.ods
[2011/04/19 21:02:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/04/19 20:19:45 | 216,035,328 | ---- | M] () -- C:\Users\Chris\Desktop\kav_rescue_10.iso
[2011/04/19 20:18:11 | 000,387,584 | ---- | M] () -- C:\Users\Chris\Desktop\rescue2usb.exe
[2011/04/19 20:02:36 | 000,000,000 | ---- | M] () -- C:\Users\Chris\AppData\Local\{35E258CB-1735-45A6-89A0-1F6CFD23EB25}
[2011/04/19 08:28:44 | 000,000,680 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2011/04/18 19:24:12 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/18 19:14:43 | 000,100,480 | ---- | M] (GMER) -- C:\fwtoqpod.sys
[2011/04/18 18:10:57 | 000,000,552 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
[2011/04/17 20:56:36 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\Tizer™ Rootkit Razor.lnk
[2011/04/17 20:51:38 | 000,000,050 | ---- | M] () -- C:\Windows\wininit.ini
[2011/04/17 20:31:46 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\Users\Chris\Desktop\fsbl.exe
[2011/04/17 19:58:45 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011/04/17 19:49:28 | 000,056,400 | ---- | M] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2011/04/17 18:02:53 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/04/17 17:56:48 | 006,449,984 | ---- | M] (SurfRight B.V.) -- C:\Users\Chris\Desktop\HitmanPro35.exe
[2011/04/17 17:39:33 | 004,323,312 | R--- | M] () -- C:\Users\Chris\Desktop\blah123.com
[2011/04/17 16:02:13 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/16 15:26:17 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/04/16 15:26:17 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/04/16 15:25:58 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/04/16 12:25:48 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\TFC.exe
[2011/04/16 09:34:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/04/16 09:34:37 | 000,001,834 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/16 09:00:12 | 001,263,721 | ---- | M] () -- C:\Users\Chris\Desktop\tdsskiller.zip
[2011/04/10 23:38:26 | 000,025,088 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 06:14:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/04/08 06:14:00 | 000,004,755 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2011/04/05 20:00:54 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/05 19:38:34 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/03/30 18:28:40 | 000,034,935 | ---- | M] () -- C:\Users\Chris\Documents\C & B 4th Draft.wps.rtf
[2 C:\Users\Chris\AppData\Local\*.tmp files -> C:\Users\Chris\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/25 22:16:31 | 2145,902,592 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/25 10:21:10 | 000,301,568 | ---- | C] () -- C:\Users\Chris\Desktop\gmer.exe
[2011/04/25 09:54:22 | 000,000,948 | ---- | C] () -- C:\Users\Chris\Desktop\Launch Internet Explorer Browser.lnk
[2011/04/25 09:14:46 | 000,002,316 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\37E0.2D4
[2011/04/22 09:45:08 | 253,188,552 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/21 19:22:37 | 000,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Local\{082ED083-878B-420D-A558-5A4D0560DC79}
[2011/04/19 23:16:01 | 001,544,204 | ---- | C] () -- C:\Users\Chris\Desktop\ProcessExplorer.zip
[2011/04/19 23:08:53 | 000,629,057 | ---- | C] () -- C:\Users\Chris\Desktop\RkU3.8.388.590.rar
[2011/04/19 22:48:16 | 000,147,456 | ---- | C] () -- C:\Users\Chris\Desktop\catchme.exe
[2011/04/19 22:47:57 | 000,089,088 | ---- | C] () -- C:\Users\Chris\Desktop\mbr.exe
[2011/04/19 20:18:11 | 000,387,584 | ---- | C] () -- C:\Users\Chris\Desktop\rescue2usb.exe
[2011/04/19 20:12:55 | 216,035,328 | ---- | C] () -- C:\Users\Chris\Desktop\kav_rescue_10.iso
[2011/04/19 20:02:08 | 000,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Local\{35E258CB-1735-45A6-89A0-1F6CFD23EB25}
[2011/04/18 18:10:57 | 000,000,552 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
[2011/04/17 22:22:33 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/17 22:22:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/17 22:22:33 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/17 22:22:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/17 22:22:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/17 20:56:36 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\Tizer™ Rootkit Razor.lnk
[2011/04/17 20:51:38 | 000,000,050 | ---- | C] () -- C:\Windows\wininit.ini
[2011/04/17 18:56:51 | 000,089,422 | ---- | C] () -- C:\Users\Chris\Documents\GGGGGGGGGGG.ods
[2011/04/17 18:41:44 | 000,002,523 | ---- | C] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2011/04/17 17:57:30 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/17 17:39:33 | 004,323,312 | R--- | C] () -- C:\Users\Chris\Desktop\blah123.com
[2011/04/17 16:02:13 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/16 15:25:58 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/04/16 12:09:33 | 000,000,680 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2011/04/16 09:00:00 | 001,263,721 | ---- | C] () -- C:\Users\Chris\Desktop\tdsskiller.zip
[2011/04/05 20:00:54 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/05 19:38:34 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/03/30 18:28:40 | 000,034,935 | ---- | C] () -- C:\Users\Chris\Documents\C & B 4th Draft.wps.rtf
[2011/02/07 21:56:28 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011/02/07 20:43:58 | 000,000,665 | ---- | C] () -- C:\Windows\eReg.dat
[2010/10/19 08:38:43 | 000,246,784 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2010/07/09 20:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/11/10 23:13:54 | 000,139,152 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\PnkBstrK.sys
[2009/11/10 23:13:54 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/11/10 23:13:36 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/11/10 23:13:32 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/11/10 23:13:31 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009/10/08 17:38:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/08 17:38:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/08 17:38:11 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/09/05 11:32:58 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/20 18:01:17 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009/07/03 16:50:48 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009/04/10 11:26:55 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/03/18 19:47:04 | 000,000,000 | ---- | C] () -- C:\Windows\MSDraw.ini
[2009/03/07 19:45:54 | 000,000,248 | ---- | C] () -- C:\Windows\RomeTW.ini
[2009/03/05 21:30:02 | 003,423,744 | ---- | C] () -- C:\Windows\System32\libfilefmt-1.1.0.dll
[2009/03/05 21:30:02 | 000,020,480 | ---- | C] () -- C:\Windows\System32\libavi-dd-1.2.0.dll
[2008/11/03 19:15:09 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX8400DEFGIPS.ini
[2008/11/03 19:04:29 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/11/03 19:04:29 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/11/03 19:04:29 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/11/03 19:04:29 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/11/03 19:04:29 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/11/03 19:04:29 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/11/03 19:04:29 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/11/03 19:04:29 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/11/03 19:04:29 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/11/03 19:04:29 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008/11/03 19:04:29 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/11/03 19:04:29 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/11/03 19:04:29 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/11/03 19:04:29 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/11/03 19:04:29 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/11/03 19:04:29 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008/11/03 19:04:29 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008/11/03 19:04:29 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/11/03 19:04:29 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/10/15 22:10:17 | 000,000,080 | RHS- | C] () -- C:\Windows\System32\C2912C281D.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/05 17:18:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/07/08 15:34:42 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008/06/16 16:59:32 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2008/06/16 16:59:32 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/05/14 23:44:30 | 000,000,911 | ---- | C] () -- C:\Windows\STA2.ini
[2008/04/26 08:17:56 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/04/26 08:17:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/04/11 10:20:20 | 000,025,088 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/07 10:35:52 | 000,229,376 | ---- | C] () -- C:\Windows\System32\CPGameLauncher.exe
[2007/04/17 15:34:40 | 000,135,716 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,392,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/19 09:07:28 | 000,827,392 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2004/02/27 16:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[1996/02/23 22:34:48 | 000,014,629 | ---- | C] () -- C:\Windows\System32\Declw.dll
[1996/02/22 20:09:20 | 000,032,256 | ---- | C] () -- C:\Windows\System32\Decln.dll

========== LOP Check ==========

[2011/04/17 18:02:53 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Acreon
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\CrystalApp
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DAEMON Tools
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DNA
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FreeAudioPack
[2011/04/07 19:02:54 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FrostWire
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FVDIEPlugin
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\GetRightToGo
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PlaneShift
[2011/04/05 19:38:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2011/04/27 21:31:49 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CE2C623F
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

#12
Essexboy
Posted 27 April 2011 - 02:49 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now update and run a quick scan with MBAM please
  • 0

#13
Horaldo
Posted 27 April 2011 - 03:02 PM

Horaldo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Here we go.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6459

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

27/04/2011 22:01:18
mbam-log-2011-04-27 (22-01-18).txt

Scan type: Quick scan
Objects scanned: 164230
Time elapsed: 3 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#14
Essexboy
Posted 27 April 2011 - 03:04 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you let me know what the current problems are that we still need to resolve
  • 0

#15
Horaldo
Posted 27 April 2011 - 03:07 PM

Horaldo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
The same problems I began with. Windows updates won't install/can't visit website. TDSSKiller.exe won't run and I blue screen every time I go to shutdown or reboot. Internet Explorer also opens "duds", however I don't seem to get this problem with Firefox (which I'm using right now).
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP