Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Unfound Rootkit - still problems

Started by Horaldo , Apr 20 2011 10:57 AM

Page 3 of 5
1
2
3
4
5

This topic is locked

#31
Essexboy

Posted 29 April 2011 - 03:21 PM

GeekU Moderator

Retired Staff
69,964 posts

This is the newest version of the TDL bootkit and we are still feeling our way around it - so lets ensure that windows files are OK

From safe mode

Go to start > All Programs > Accessories
Right Click Command Prompt and select run as administrator
When the prompt opens type the following bolded text and press enter

sfc /scannow (Note: There is a space between sfc and /scannow)

On completion reboot

Then could you run me a fresh OTL scan and let me know what problems are outstanding

#32
Horaldo

Posted 29 April 2011 - 03:50 PM

Member

Topic Starter
Member
43 posts

The command prompt scan found some corrupted files but was unable to fix them.

It said it created a report in the Windows/Logs/CBS folder called CBS.log. I can post is you wish, it looks big though!

I've attached a new OLT log.

OTL logfile created on: 29/04/2011 22:40:37 - Run 6
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.25 Gb Total Space | 91.70 Gb Free Space | 31.48% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.42 Gb Free Space | 96.60% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/19 21:02:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 08:33:11 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe

========== Modules (SafeList) ==========

MOD - [2011/04/19 21:02:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AMService)
SRV - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/02/23 15:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/05/03 22:26:00 | 002,711,854 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)

========== Driver Services (SafeList) ==========

DRV - [2011/04/08 06:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/02/23 14:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 14:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 14:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 14:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 14:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/02/23 14:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/07/22 20:13:20 | 000,028,592 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/05/14 23:05:27 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/11 22:04:06 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/02/22 12:40:38 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2008/01/19 06:55:21 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2008/01/14 11:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/03/27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006/12/06 12:41:16 | 000,044,416 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/11/02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\agrsm.sys -- (AgereSoftModem)
DRV - [2006/11/02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/02/07 12:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/08/30 17:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/08/30 17:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/08/30 17:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/03/27 17:27:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/24 21:58:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/24 21:58:50 | 000,000,000 | ---D | M]

[2011/04/20 22:32:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\txixir02.default\extensions
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\txixir02.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\txixir02.default\extensions\[email protected]
[2011/04/29 22:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/19 22:30:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/27 17:27:14 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2008/08/19 16:42:47 | 000,000,000 | ---D | M] (Veoh Browser Plug-in) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOH\PLUGINS\NOREG\VIDEOFINDER4
[2008/12/04 19:10:59 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
[2009/09/02 01:58:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/20 13:29:14 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

Hosts file not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - Reg Error: Value error. File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} http://www.netmarble...b/NMJTransX.cab (NMJTransX Control)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://webcam.salisb...sCamControl.cab (CamImage Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/29 11:32:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\ImgBurn
[2011/04/29 08:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/04/29 08:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/04/28 18:02:42 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR.exe
[2011/04/25 09:07:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/22 11:07:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/22 11:07:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp
[2011/04/22 10:51:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/19 21:02:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/04/18 19:14:43 | 000,100,480 | ---- | C] (GMER) -- C:\fwtoqpod.sys
[2011/04/18 19:08:12 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\TDSSKiller.exe
[2011/04/18 18:16:34 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/04/17 22:22:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/17 22:22:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/17 22:22:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/17 22:22:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/17 22:22:25 | 000,000,000 | ---D | C] -- C:\blah123
[2011/04/17 22:18:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/17 22:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/04/17 20:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tizer™ Rootkit Razor
[2011/04/17 20:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Tizer™ Rootkit Razor
[2011/04/17 20:31:46 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\Users\Chris\Desktop\fsbl.exe
[2011/04/17 19:58:44 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011/04/17 19:49:28 | 000,056,400 | ---- | C] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2011/04/17 18:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/17 18:41:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/04/17 18:33:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Deployment
[2011/04/17 18:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2011/04/17 18:02:53 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/04/17 17:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/04/17 17:56:23 | 006,449,984 | ---- | C] (SurfRight B.V.) -- C:\Users\Chris\Desktop\HitmanPro35.exe
[2011/04/17 16:02:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\SUPERAntiSpyware.com
[2011/04/17 16:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/04/17 16:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/04/17 16:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/16 15:55:36 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/04/16 12:25:38 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\TFC.exe
[2011/04/16 12:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/15 23:34:45 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\WinRAR
[2011/04/09 10:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/04/09 10:23:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\DivX
[2011/04/05 20:00:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/05 20:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/05 20:00:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/05 19:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/04/05 19:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/05 19:04:31 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Threat Expert
[2011/04/05 18:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/04/05 18:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/04/05 18:29:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apps(32)
[2011/04/05 18:22:04 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Macromedia
[2011/04/05 18:19:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Temp(39)
[2011/04/05 18:19:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Adobe
[2011/04/05 18:13:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Google
[2011/04/05 00:03:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2011/04/04 23:56:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Adobe(41)
[2010/08/07 15:44:48 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Users\Chris\AppData\Roaming\REX Shared Library.dll
[2009/05/04 16:15:24 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Users\Chris\AppData\Roaming\Rewire.dll
[2007/03/12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2005/11/23 12:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2 C:\Users\Chris\AppData\Local\*.tmp files -> C:\Users\Chris\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/29 22:39:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/29 22:39:42 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2011/04/29 22:37:05 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/29 22:09:35 | 000,607,600 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/29 22:09:35 | 000,107,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/29 21:26:54 | 000,000,680 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2011/04/29 21:06:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/29 21:06:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/29 20:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/29 19:31:02 | 238,836,168 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/28 18:04:28 | 000,000,512 | ---- | M] () -- C:\Users\Chris\Desktop\MBR.dat
[2011/04/28 18:02:44 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR.exe
[2011/04/25 23:23:26 | 000,001,207 | ---- | M] () -- C:\Users\Chris\Documents\GGGGGGG.rtf
[2011/04/25 09:54:22 | 000,000,948 | ---- | M] () -- C:\Users\Chris\Desktop\Launch Internet Explorer Browser.lnk
[2011/04/25 09:18:29 | 000,002,316 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\37E0.2D4
[2011/04/21 20:12:07 | 000,002,523 | ---- | M] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2011/04/21 19:22:37 | 000,000,000 | ---- | M] () -- C:\Users\Chris\AppData\Local\{082ED083-878B-420D-A558-5A4D0560DC79}
[2011/04/19 23:16:01 | 001,544,204 | ---- | M] () -- C:\Users\Chris\Desktop\ProcessExplorer.zip
[2011/04/19 23:08:53 | 000,629,057 | ---- | M] () -- C:\Users\Chris\Desktop\RkU3.8.388.590.rar
[2011/04/19 22:48:16 | 000,147,456 | ---- | M] () -- C:\Users\Chris\Desktop\catchme.exe
[2011/04/19 22:47:57 | 000,089,088 | ---- | M] () -- C:\Users\Chris\Desktop\mbr.exe
[2011/04/19 21:30:14 | 000,089,422 | ---- | M] () -- C:\Users\Chris\Documents\GGGGGGGGGGG.ods
[2011/04/19 21:02:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/04/19 20:19:45 | 216,035,328 | ---- | M] () -- C:\Users\Chris\Desktop\kav_rescue_10.iso
[2011/04/19 20:18:11 | 000,387,584 | ---- | M] () -- C:\Users\Chris\Desktop\rescue2usb.exe
[2011/04/19 20:02:36 | 000,000,000 | ---- | M] () -- C:\Users\Chris\AppData\Local\{35E258CB-1735-45A6-89A0-1F6CFD23EB25}
[2011/04/18 19:24:12 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/18 19:14:43 | 000,100,480 | ---- | M] (GMER) -- C:\fwtoqpod.sys
[2011/04/18 18:10:57 | 000,000,552 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
[2011/04/17 20:56:36 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\Tizer™ Rootkit Razor.lnk
[2011/04/17 20:51:38 | 000,000,050 | ---- | M] () -- C:\Windows\wininit.ini
[2011/04/17 20:31:46 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\Users\Chris\Desktop\fsbl.exe
[2011/04/17 19:58:45 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011/04/17 19:49:28 | 000,056,400 | ---- | M] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2011/04/17 18:02:53 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/04/17 17:56:48 | 006,449,984 | ---- | M] (SurfRight B.V.) -- C:\Users\Chris\Desktop\HitmanPro35.exe
[2011/04/17 17:39:33 | 004,323,312 | R--- | M] () -- C:\Users\Chris\Desktop\blah123.com
[2011/04/17 16:02:13 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/16 15:26:17 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/04/16 15:26:17 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/04/16 15:25:58 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/04/16 12:25:48 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\TFC.exe
[2011/04/16 09:34:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/04/16 09:34:37 | 000,001,834 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/16 09:00:12 | 001,263,721 | ---- | M] () -- C:\Users\Chris\Desktop\tdsskiller.zip
[2011/04/10 23:38:26 | 000,025,088 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 06:14:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/04/08 06:14:00 | 000,004,755 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2011/04/05 20:00:54 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/05 19:38:34 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2 C:\Users\Chris\AppData\Local\*.tmp files -> C:\Users\Chris\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/29 21:10:47 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011/04/29 08:11:07 | 000,001,667 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/04/28 18:04:28 | 000,000,512 | ---- | C] () -- C:\Users\Chris\Desktop\MBR.dat
[2011/04/28 18:03:42 | 000,301,568 | ---- | C] () -- C:\Users\Chris\Desktop\gmer.exe
[2011/04/25 09:54:22 | 000,000,948 | ---- | C] () -- C:\Users\Chris\Desktop\Launch Internet Explorer Browser.lnk
[2011/04/25 09:14:46 | 000,002,316 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\37E0.2D4
[2011/04/22 09:45:08 | 238,836,168 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/21 19:22:37 | 000,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Local\{082ED083-878B-420D-A558-5A4D0560DC79}
[2011/04/19 23:16:01 | 001,544,204 | ---- | C] () -- C:\Users\Chris\Desktop\ProcessExplorer.zip
[2011/04/19 23:08:53 | 000,629,057 | ---- | C] () -- C:\Users\Chris\Desktop\RkU3.8.388.590.rar
[2011/04/19 22:48:16 | 000,147,456 | ---- | C] () -- C:\Users\Chris\Desktop\catchme.exe
[2011/04/19 22:47:57 | 000,089,088 | ---- | C] () -- C:\Users\Chris\Desktop\mbr.exe
[2011/04/19 20:18:11 | 000,387,584 | ---- | C] () -- C:\Users\Chris\Desktop\rescue2usb.exe
[2011/04/19 20:12:55 | 216,035,328 | ---- | C] () -- C:\Users\Chris\Desktop\kav_rescue_10.iso
[2011/04/19 20:02:08 | 000,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Local\{35E258CB-1735-45A6-89A0-1F6CFD23EB25}
[2011/04/18 18:10:57 | 000,000,552 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
[2011/04/17 22:22:33 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/17 22:22:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/17 22:22:33 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/17 22:22:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/17 22:22:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/17 20:56:36 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\Tizer™ Rootkit Razor.lnk
[2011/04/17 20:51:38 | 000,000,050 | ---- | C] () -- C:\Windows\wininit.ini
[2011/04/17 18:56:51 | 000,089,422 | ---- | C] () -- C:\Users\Chris\Documents\GGGGGGGGGGG.ods
[2011/04/17 18:41:44 | 000,002,523 | ---- | C] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2011/04/17 17:57:30 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/17 17:39:33 | 004,323,312 | R--- | C] () -- C:\Users\Chris\Desktop\blah123.com
[2011/04/17 16:02:13 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/16 15:25:58 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/04/16 12:09:33 | 000,000,680 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2011/04/16 09:00:00 | 001,263,721 | ---- | C] () -- C:\Users\Chris\Desktop\tdsskiller.zip
[2011/04/05 20:00:54 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/05 19:38:34 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/02/07 21:56:28 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011/02/07 20:43:58 | 000,000,665 | ---- | C] () -- C:\Windows\eReg.dat
[2010/10/19 08:38:43 | 000,246,784 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2010/07/09 20:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/11/10 23:13:54 | 000,139,152 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\PnkBstrK.sys
[2009/11/10 23:13:54 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/11/10 23:13:36 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/11/10 23:13:32 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/11/10 23:13:31 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009/10/08 17:38:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/08 17:38:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/08 17:38:11 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/09/05 11:32:58 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/20 18:01:17 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009/07/03 16:50:48 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009/04/10 11:26:55 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/03/18 19:47:04 | 000,000,000 | ---- | C] () -- C:\Windows\MSDraw.ini
[2009/03/07 19:45:54 | 000,000,248 | ---- | C] () -- C:\Windows\RomeTW.ini
[2009/03/05 21:30:02 | 003,423,744 | ---- | C] () -- C:\Windows\System32\libfilefmt-1.1.0.dll
[2009/03/05 21:30:02 | 000,020,480 | ---- | C] () -- C:\Windows\System32\libavi-dd-1.2.0.dll
[2008/11/03 19:15:09 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX8400DEFGIPS.ini
[2008/11/03 19:04:29 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/11/03 19:04:29 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/11/03 19:04:29 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/11/03 19:04:29 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/11/03 19:04:29 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/11/03 19:04:29 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/11/03 19:04:29 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/11/03 19:04:29 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/11/03 19:04:29 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/11/03 19:04:29 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008/11/03 19:04:29 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/11/03 19:04:29 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/11/03 19:04:29 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/11/03 19:04:29 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/11/03 19:04:29 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/11/03 19:04:29 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008/11/03 19:04:29 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008/11/03 19:04:29 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/11/03 19:04:29 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/10/15 22:10:17 | 000,000,080 | RHS- | C] () -- C:\Windows\System32\C2912C281D.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/05 17:18:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/07/08 15:34:42 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008/06/16 16:59:32 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2008/06/16 16:59:32 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/05/14 23:44:30 | 000,000,911 | ---- | C] () -- C:\Windows\STA2.ini
[2008/04/26 08:17:56 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/04/26 08:17:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/04/11 10:20:20 | 000,025,088 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/07 10:35:52 | 000,229,376 | ---- | C] () -- C:\Windows\System32\CPGameLauncher.exe
[2007/04/17 15:34:40 | 000,135,716 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,392,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,607,600 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,107,478 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/19 09:07:28 | 000,827,392 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2004/02/27 16:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[1996/02/23 22:34:48 | 000,014,629 | ---- | C] () -- C:\Windows\System32\Declw.dll
[1996/02/22 20:09:20 | 000,032,256 | ---- | C] () -- C:\Windows\System32\Decln.dll

========== LOP Check ==========

[2011/04/17 18:02:53 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Acreon
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\CrystalApp
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DAEMON Tools
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DNA
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FreeAudioPack
[2011/04/07 19:02:54 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FrostWire
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FVDIEPlugin
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\GetRightToGo
[2011/04/29 19:20:18 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ImgBurn
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PlaneShift
[2011/04/29 09:17:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2011/04/29 21:06:54 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CE2C623F
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Attached Files

OTL.Txt 79.32KB 119 downloads

#33
Essexboy

Posted 29 April 2011 - 03:57 PM

GeekU Moderator

Retired Staff
69,964 posts

OK I think I see it

Your virtual memory is set to low

Click Start, point to Settings, click Control Panel, and then double-click System.
Click Virtual Memory, set the "Initial Size" and the "Maximum Size" values for the paging file to 0 (zero), and then restart your computer.
Click Start, point to Settings, click Control Panel, and then double-click System.
Click Virtual Memory, reset the "Initial Size" and the "Maximum Size" values to the recommended values for Windows NT, and then restart your computer.

#34
Horaldo

Posted 29 April 2011 - 04:14 PM

Member

Topic Starter
Member
43 posts

So I'm to set them to what is recommended at the bottom?

Minimum allowed : 18MB
Recommended : 3067 MB
Currently :256 MB

I have already changed both them to zero before the reboot, however it still has currently as 256MB, hope that's okay!

Edit: I tried putting them both to 3067 and hit "Set". It seemed to work at the time, but upon reboot it had reverted back to 256 MB!

Edited by Horaldo, 30 April 2011 - 03:11 AM.

#35
Essexboy

Posted 30 April 2011 - 04:08 AM

GeekU Moderator

Retired Staff
69,964 posts

When you have all the tabs open - ensure that you have selected system managed size - then ensure that you apply or OK your way out of all the tabs

#36
Horaldo

Posted 30 April 2011 - 04:28 AM

Member

Topic Starter
Member
43 posts

Hmm, no idea why but the change is made fine but as soon as I reboot back into normal I blue screen. I've tried making the change then rebooting into safe mode but it's just reverted back to 256 MB.

Before I reboot, I can see the size has been changed to 3000 though.

#37
Essexboy

Posted 30 April 2011 - 04:30 AM

GeekU Moderator

Retired Staff
69,964 posts

And you pressed the set button and OK'd your way out of all dialogues ?

#38
Horaldo

Posted 30 April 2011 - 04:41 AM

Member

Topic Starter
Member
43 posts

Yes I'm sure.

If I okay all the way out. I can go back in and it's what I've set it to. It's only with the reboot there is a change.

Attached Thumbnails

#39
Essexboy

Posted 30 April 2011 - 04:50 AM

GeekU Moderator

Retired Staff
69,964 posts

Could you run a fresh OTL for me please - so that I can look at the reboot sequence (run once keys)

#40
Essexboy

Posted 30 April 2011 - 04:52 AM

GeekU Moderator

Retired Staff
69,964 posts

Also could you set a tick into the small box at the top entitled "Automatically manage page file size........." then OK out and see if that sets it

Also are you running from the administrator logon ?

#41
Horaldo

Posted 30 April 2011 - 04:56 AM

Member

Topic Starter
Member
43 posts

Thanks for all your help so far. Never knew I'd got in this much of a mess!

Here is the log

OTL logfile created on: 30/04/2011 11:51:11 - Run 6
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): c:\pagefile.sys 3067 3067 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.25 Gb Total Space | 91.89 Gb Free Space | 31.55% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.42 Gb Free Space | 96.60% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/24 21:58:36 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/19 21:02:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/04/19 21:02:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AMService)
SRV - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/02/23 15:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/05/03 22:26:00 | 002,711,854 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)

========== Driver Services (SafeList) ==========

DRV - [2011/04/08 06:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/02/23 14:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 14:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 14:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 14:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 14:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/02/23 14:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/07/22 20:13:20 | 000,028,592 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/05/14 23:05:27 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/11 22:04:06 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/02/22 12:40:38 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2008/01/19 06:55:21 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2008/01/14 11:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/03/27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006/12/06 12:41:16 | 000,044,416 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/11/02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\agrsm.sys -- (AgereSoftModem)
DRV - [2006/11/02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/02/07 12:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/08/30 17:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/08/30 17:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/08/30 17:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58202

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58202

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
IE - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/03/27 17:27:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/24 21:58:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/24 21:58:50 | 000,000,000 | ---D | M]

[2011/04/20 22:32:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\txixir02.default\extensions
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\txixir02.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\txixir02.default\extensions\[email protected]
[2011/04/29 22:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/19 22:30:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/27 17:27:14 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2008/08/19 16:42:47 | 000,000,000 | ---D | M] (Veoh Browser Plug-in) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOH\PLUGINS\NOREG\VIDEOFINDER4
[2008/12/04 19:10:59 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
[2009/09/02 01:58:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/20 13:29:14 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

Hosts file not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - Startup: C:\Users\Carolanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - Reg Error: Value error. File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} http://www.netmarble...b/NMJTransX.cab (NMJTransX Control)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://webcam.salisb...sCamControl.cab (CamImage Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/29 11:32:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\ImgBurn
[2011/04/29 08:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/04/29 08:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/04/28 18:02:42 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR.exe
[2011/04/25 09:07:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/22 11:07:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/22 11:07:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp
[2011/04/22 10:51:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/19 21:02:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/04/18 19:14:43 | 000,100,480 | ---- | C] (GMER) -- C:\fwtoqpod.sys
[2011/04/18 19:08:12 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\TDSSKiller.exe
[2011/04/18 18:16:34 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/04/17 22:22:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/17 22:22:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/17 22:22:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/17 22:22:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/17 22:22:25 | 000,000,000 | ---D | C] -- C:\blah123
[2011/04/17 22:18:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/17 22:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/04/17 20:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tizer™ Rootkit Razor
[2011/04/17 20:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Tizer™ Rootkit Razor
[2011/04/17 20:31:46 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\Users\Chris\Desktop\fsbl.exe
[2011/04/17 19:58:44 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011/04/17 19:49:28 | 000,056,400 | ---- | C] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2011/04/17 18:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/17 18:41:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/04/17 18:33:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Deployment
[2011/04/17 18:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2011/04/17 18:02:53 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/04/17 17:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/04/17 17:56:23 | 006,449,984 | ---- | C] (SurfRight B.V.) -- C:\Users\Chris\Desktop\HitmanPro35.exe
[2011/04/17 16:02:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\SUPERAntiSpyware.com
[2011/04/17 16:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/04/17 16:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/04/17 16:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/16 15:55:36 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/04/16 12:25:38 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\TFC.exe
[2011/04/16 12:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/15 23:34:45 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\WinRAR
[2011/04/09 10:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/04/09 10:23:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\DivX
[2011/04/05 20:00:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/05 20:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/05 20:00:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/05 19:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/04/05 19:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/05 19:04:31 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Threat Expert
[2011/04/05 18:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/04/05 18:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/04/05 18:29:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apps(32)
[2011/04/05 18:22:04 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Macromedia
[2011/04/05 18:19:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Temp(39)
[2011/04/05 18:19:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Adobe
[2011/04/05 18:13:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Google
[2011/04/05 00:03:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2011/04/04 23:56:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Adobe(41)
[2010/08/07 15:44:48 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Users\Chris\AppData\Roaming\REX Shared Library.dll
[2009/05/04 16:15:24 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Users\Chris\AppData\Roaming\Rewire.dll
[2007/03/12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2005/11/23 12:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2 C:\Users\Chris\AppData\Local\*.tmp files -> C:\Users\Chris\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/30 11:36:53 | 000,000,680 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2011/04/30 11:28:59 | 000,607,600 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/30 11:28:59 | 000,107,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/30 11:24:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/30 11:23:56 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2011/04/30 11:18:58 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/29 21:06:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/29 21:06:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/29 20:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/29 19:31:02 | 238,836,168 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/28 18:04:28 | 000,000,512 | ---- | M] () -- C:\Users\Chris\Desktop\MBR.dat
[2011/04/28 18:02:44 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR.exe
[2011/04/25 23:23:26 | 000,001,207 | ---- | M] () -- C:\Users\Chris\Documents\GGGGGGG.rtf
[2011/04/25 09:54:22 | 000,000,948 | ---- | M] () -- C:\Users\Chris\Desktop\Launch Internet Explorer Browser.lnk
[2011/04/25 09:18:29 | 000,002,316 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\37E0.2D4
[2011/04/21 20:12:07 | 000,002,523 | ---- | M] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2011/04/21 19:22:37 | 000,000,000 | ---- | M] () -- C:\Users\Chris\AppData\Local\{082ED083-878B-420D-A558-5A4D0560DC79}
[2011/04/19 23:16:01 | 001,544,204 | ---- | M] () -- C:\Users\Chris\Desktop\ProcessExplorer.zip
[2011/04/19 23:08:53 | 000,629,057 | ---- | M] () -- C:\Users\Chris\Desktop\RkU3.8.388.590.rar
[2011/04/19 22:48:16 | 000,147,456 | ---- | M] () -- C:\Users\Chris\Desktop\catchme.exe
[2011/04/19 22:47:57 | 000,089,088 | ---- | M] () -- C:\Users\Chris\Desktop\mbr.exe
[2011/04/19 21:30:14 | 000,089,422 | ---- | M] () -- C:\Users\Chris\Documents\GGGGGGGGGGG.ods
[2011/04/19 21:02:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/04/19 20:19:45 | 216,035,328 | ---- | M] () -- C:\Users\Chris\Desktop\kav_rescue_10.iso
[2011/04/19 20:18:11 | 000,387,584 | ---- | M] () -- C:\Users\Chris\Desktop\rescue2usb.exe
[2011/04/19 20:02:36 | 000,000,000 | ---- | M] () -- C:\Users\Chris\AppData\Local\{35E258CB-1735-45A6-89A0-1F6CFD23EB25}
[2011/04/18 19:24:12 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/18 19:14:43 | 000,100,480 | ---- | M] (GMER) -- C:\fwtoqpod.sys
[2011/04/18 18:10:57 | 000,000,552 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
[2011/04/17 20:56:36 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\Tizer™ Rootkit Razor.lnk
[2011/04/17 20:51:38 | 000,000,050 | ---- | M] () -- C:\Windows\wininit.ini
[2011/04/17 20:31:46 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\Users\Chris\Desktop\fsbl.exe
[2011/04/17 19:58:45 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011/04/17 19:49:28 | 000,056,400 | ---- | M] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2011/04/17 18:02:53 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/04/17 17:56:48 | 006,449,984 | ---- | M] (SurfRight B.V.) -- C:\Users\Chris\Desktop\HitmanPro35.exe
[2011/04/17 17:39:33 | 004,323,312 | R--- | M] () -- C:\Users\Chris\Desktop\blah123.com
[2011/04/17 16:02:13 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/16 15:26:17 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/04/16 15:26:17 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/04/16 15:25:58 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/04/16 12:25:48 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\TFC.exe
[2011/04/16 09:34:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/04/16 09:34:37 | 000,001,834 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/16 09:00:12 | 001,263,721 | ---- | M] () -- C:\Users\Chris\Desktop\tdsskiller.zip
[2011/04/10 23:38:26 | 000,025,088 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 06:14:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/04/08 06:14:00 | 000,004,755 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2011/04/05 20:00:54 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/05 19:38:34 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2 C:\Users\Chris\AppData\Local\*.tmp files -> C:\Users\Chris\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/29 21:10:47 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011/04/29 08:11:07 | 000,001,667 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/04/28 18:04:28 | 000,000,512 | ---- | C] () -- C:\Users\Chris\Desktop\MBR.dat
[2011/04/28 18:03:42 | 000,301,568 | ---- | C] () -- C:\Users\Chris\Desktop\gmer.exe
[2011/04/25 09:54:22 | 000,000,948 | ---- | C] () -- C:\Users\Chris\Desktop\Launch Internet Explorer Browser.lnk
[2011/04/25 09:14:46 | 000,002,316 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\37E0.2D4
[2011/04/22 09:45:08 | 238,836,168 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/21 19:22:37 | 000,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Local\{082ED083-878B-420D-A558-5A4D0560DC79}
[2011/04/19 23:16:01 | 001,544,204 | ---- | C] () -- C:\Users\Chris\Desktop\ProcessExplorer.zip
[2011/04/19 23:08:53 | 000,629,057 | ---- | C] () -- C:\Users\Chris\Desktop\RkU3.8.388.590.rar
[2011/04/19 22:48:16 | 000,147,456 | ---- | C] () -- C:\Users\Chris\Desktop\catchme.exe
[2011/04/19 22:47:57 | 000,089,088 | ---- | C] () -- C:\Users\Chris\Desktop\mbr.exe
[2011/04/19 20:18:11 | 000,387,584 | ---- | C] () -- C:\Users\Chris\Desktop\rescue2usb.exe
[2011/04/19 20:12:55 | 216,035,328 | ---- | C] () -- C:\Users\Chris\Desktop\kav_rescue_10.iso
[2011/04/19 20:02:08 | 000,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Local\{35E258CB-1735-45A6-89A0-1F6CFD23EB25}
[2011/04/18 18:10:57 | 000,000,552 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
[2011/04/17 22:22:33 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/17 22:22:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/17 22:22:33 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/17 22:22:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/17 22:22:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/17 20:56:36 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\Tizer™ Rootkit Razor.lnk
[2011/04/17 20:51:38 | 000,000,050 | ---- | C] () -- C:\Windows\wininit.ini
[2011/04/17 18:56:51 | 000,089,422 | ---- | C] () -- C:\Users\Chris\Documents\GGGGGGGGGGG.ods
[2011/04/17 18:41:44 | 000,002,523 | ---- | C] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2011/04/17 17:57:30 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/17 17:39:33 | 004,323,312 | R--- | C] () -- C:\Users\Chris\Desktop\blah123.com
[2011/04/17 16:02:13 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/16 15:25:58 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/04/16 12:09:33 | 000,000,680 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2011/04/16 09:00:00 | 001,263,721 | ---- | C] () -- C:\Users\Chris\Desktop\tdsskiller.zip
[2011/04/05 20:00:54 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/05 19:38:34 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/02/07 21:56:28 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011/02/07 20:43:58 | 000,000,665 | ---- | C] () -- C:\Windows\eReg.dat
[2010/10/19 08:38:43 | 000,246,784 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2010/07/09 20:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/11/10 23:13:54 | 000,139,152 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\PnkBstrK.sys
[2009/11/10 23:13:54 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/11/10 23:13:36 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/11/10 23:13:32 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/11/10 23:13:31 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009/10/08 17:38:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/08 17:38:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/08 17:38:11 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/09/05 11:32:58 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/20 18:01:17 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009/07/03 16:50:48 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009/04/10 11:26:55 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/03/18 19:47:04 | 000,000,000 | ---- | C] () -- C:\Windows\MSDraw.ini
[2009/03/07 19:45:54 | 000,000,248 | ---- | C] () -- C:\Windows\RomeTW.ini
[2009/03/05 21:30:02 | 003,423,744 | ---- | C] () -- C:\Windows\System32\libfilefmt-1.1.0.dll
[2009/03/05 21:30:02 | 000,020,480 | ---- | C] () -- C:\Windows\System32\libavi-dd-1.2.0.dll
[2008/11/03 19:15:09 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX8400DEFGIPS.ini
[2008/11/03 19:04:29 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/11/03 19:04:29 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/11/03 19:04:29 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/11/03 19:04:29 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/11/03 19:04:29 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/11/03 19:04:29 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/11/03 19:04:29 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/11/03 19:04:29 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/11/03 19:04:29 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/11/03 19:04:29 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008/11/03 19:04:29 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/11/03 19:04:29 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/11/03 19:04:29 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/11/03 19:04:29 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/11/03 19:04:29 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/11/03 19:04:29 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008/11/03 19:04:29 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008/11/03 19:04:29 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/11/03 19:04:29 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/10/15 22:10:17 | 000,000,080 | RHS- | C] () -- C:\Windows\System32\C2912C281D.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/05 17:18:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/07/08 15:34:42 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008/06/16 16:59:32 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2008/06/16 16:59:32 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/05/14 23:44:30 | 000,000,911 | ---- | C] () -- C:\Windows\STA2.ini
[2008/04/26 08:17:56 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/04/26 08:17:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/04/11 10:20:20 | 000,025,088 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/07 10:35:52 | 000,229,376 | ---- | C] () -- C:\Windows\System32\CPGameLauncher.exe
[2007/04/17 15:34:40 | 000,135,716 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,392,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,607,600 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,107,478 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/19 09:07:28 | 000,827,392 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2004/02/27 16:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[1996/02/23 22:34:48 | 000,014,629 | ---- | C] () -- C:\Windows\System32\Declw.dll
[1996/02/22 20:09:20 | 000,032,256 | ---- | C] () -- C:\Windows\System32\Decln.dll

========== LOP Check ==========

[2011/03/20 18:35:25 | 000,000,000 | ---D | M] -- C:\Users\Carolanne\AppData\Roaming\FrostWire
[2008/11/22 17:40:28 | 000,000,000 | ---D | M] -- C:\Users\Carolanne\AppData\Roaming\LimeWire
[2010/06/16 18:16:04 | 000,000,000 | ---D | M] -- C:\Users\Carolanne\AppData\Roaming\Template
[2010/02/18 21:10:04 | 000,000,000 | ---D | M] -- C:\Users\Carolanne\AppData\Roaming\Trusteer
[2011/01/20 19:29:42 | 000,000,000 | ---D | M] -- C:\Users\Carolanne\AppData\Roaming\uTorrent
[2011/04/17 18:02:53 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Acreon
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\CrystalApp
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DAEMON Tools
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DNA
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FreeAudioPack
[2011/04/07 19:02:54 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FrostWire
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FVDIEPlugin
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\GetRightToGo
[2011/04/29 19:20:18 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ImgBurn
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PlaneShift
[2011/04/29 09:17:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2011/04/29 21:06:54 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CE2C623F
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

#42
Essexboy

Posted 30 April 2011 - 05:11 AM

GeekU Moderator

Retired Staff
69,964 posts

Hmm this is still showing that it is not working properly temppf.sys

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58202
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58202

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Reboot to safe mode and select repair my computer
Select startup repair
Once done reboot and let me know the outcome

#43
Horaldo

Posted 30 April 2011 - 05:30 AM

Member

Topic Starter
Member
43 posts

The startup repair found no problems.

Here is the OTL log

OTL logfile created on: 30/04/2011 12:26:29 - Run 6
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.25 Gb Total Space | 91.97 Gb Free Space | 31.58% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.42 Gb Free Space | 96.60% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/24 21:58:36 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/19 21:02:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/04/19 21:02:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AMService)
SRV - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/02/23 15:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/05/03 22:26:00 | 002,711,854 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)

========== Driver Services (SafeList) ==========

DRV - [2011/04/08 06:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/02/23 14:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 14:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 14:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 14:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 14:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/02/23 14:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/07/22 20:13:20 | 000,028,592 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/05/14 23:05:27 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/11 22:04:06 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/02/22 12:40:38 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2008/01/19 06:55:21 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2008/01/14 11:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/03/27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006/12/06 12:41:16 | 000,044,416 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/11/02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\agrsm.sys -- (AgereSoftModem)
DRV - [2006/11/02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/02/07 12:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/08/30 17:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/08/30 17:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/08/30 17:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58202

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58202

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
IE - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/03/27 17:27:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/24 21:58:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/24 21:58:50 | 000,000,000 | ---D | M]

[2011/04/20 22:32:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\txixir02.default\extensions
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\txixir02.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\txixir02.default\extensions\[email protected]
[2011/04/29 22:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/19 22:30:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/27 17:27:14 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2008/08/19 16:42:47 | 000,000,000 | ---D | M] (Veoh Browser Plug-in) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOH\PLUGINS\NOREG\VIDEOFINDER4
[2008/12/04 19:10:59 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
[2009/09/02 01:58:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/20 13:29:14 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2011/04/30 12:14:16 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - Startup: C:\Users\Carolanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - Reg Error: Value error. File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} http://www.netmarble...b/NMJTransX.cab (NMJTransX Control)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://webcam.salisb...sCamControl.cab (CamImage Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/29 11:32:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\ImgBurn
[2011/04/29 08:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/04/29 08:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/04/28 18:02:42 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR.exe
[2011/04/25 09:07:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/22 11:07:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/22 11:07:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp
[2011/04/22 10:51:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/19 21:02:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/04/18 19:14:43 | 000,100,480 | ---- | C] (GMER) -- C:\fwtoqpod.sys
[2011/04/18 19:08:12 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\TDSSKiller.exe
[2011/04/18 18:16:34 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/04/17 22:22:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/17 22:22:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/17 22:22:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/17 22:22:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/17 22:22:25 | 000,000,000 | ---D | C] -- C:\blah123
[2011/04/17 22:18:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/17 22:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/04/17 20:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tizer™ Rootkit Razor
[2011/04/17 20:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Tizer™ Rootkit Razor
[2011/04/17 20:31:46 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\Users\Chris\Desktop\fsbl.exe
[2011/04/17 19:58:44 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011/04/17 19:49:28 | 000,056,400 | ---- | C] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2011/04/17 18:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/17 18:41:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/04/17 18:33:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Deployment
[2011/04/17 18:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2011/04/17 18:02:53 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/04/17 17:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/04/17 17:56:23 | 006,449,984 | ---- | C] (SurfRight B.V.) -- C:\Users\Chris\Desktop\HitmanPro35.exe
[2011/04/17 16:02:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\SUPERAntiSpyware.com
[2011/04/17 16:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/04/17 16:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/04/17 16:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/16 15:55:36 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/04/16 12:25:38 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\TFC.exe
[2011/04/16 12:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/15 23:34:45 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\WinRAR
[2011/04/09 10:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/04/09 10:23:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\DivX
[2011/04/05 20:00:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/05 20:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/05 20:00:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/05 19:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/04/05 19:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/05 19:04:31 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Threat Expert
[2011/04/05 18:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/04/05 18:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/04/05 18:29:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apps(32)
[2011/04/05 18:22:04 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Macromedia
[2011/04/05 18:19:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Temp(39)
[2011/04/05 18:19:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Adobe
[2011/04/05 18:13:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Google
[2011/04/05 00:03:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2011/04/04 23:56:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Adobe(41)
[2010/08/07 15:44:48 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Users\Chris\AppData\Roaming\REX Shared Library.dll
[2009/05/04 16:15:24 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Users\Chris\AppData\Roaming\Rewire.dll
[2007/03/12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2005/11/23 12:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2 C:\Users\Chris\AppData\Local\*.tmp files -> C:\Users\Chris\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/30 12:22:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/30 12:22:52 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2011/04/30 12:14:16 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/04/30 11:36:53 | 000,000,680 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2011/04/30 11:28:59 | 000,607,600 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/30 11:28:59 | 000,107,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/30 11:18:58 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/29 21:06:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/29 21:06:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/29 20:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/29 19:31:02 | 238,836,168 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/28 18:04:28 | 000,000,512 | ---- | M] () -- C:\Users\Chris\Desktop\MBR.dat
[2011/04/28 18:02:44 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR.exe
[2011/04/25 23:23:26 | 000,001,207 | ---- | M] () -- C:\Users\Chris\Documents\GGGGGGG.rtf
[2011/04/25 09:54:22 | 000,000,948 | ---- | M] () -- C:\Users\Chris\Desktop\Launch Internet Explorer Browser.lnk
[2011/04/25 09:18:29 | 000,002,316 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\37E0.2D4
[2011/04/21 20:12:07 | 000,002,523 | ---- | M] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2011/04/21 19:22:37 | 000,000,000 | ---- | M] () -- C:\Users\Chris\AppData\Local\{082ED083-878B-420D-A558-5A4D0560DC79}
[2011/04/19 23:16:01 | 001,544,204 | ---- | M] () -- C:\Users\Chris\Desktop\ProcessExplorer.zip
[2011/04/19 23:08:53 | 000,629,057 | ---- | M] () -- C:\Users\Chris\Desktop\RkU3.8.388.590.rar
[2011/04/19 22:48:16 | 000,147,456 | ---- | M] () -- C:\Users\Chris\Desktop\catchme.exe
[2011/04/19 22:47:57 | 000,089,088 | ---- | M] () -- C:\Users\Chris\Desktop\mbr.exe
[2011/04/19 21:30:14 | 000,089,422 | ---- | M] () -- C:\Users\Chris\Documents\GGGGGGGGGGG.ods
[2011/04/19 21:02:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/04/19 20:19:45 | 216,035,328 | ---- | M] () -- C:\Users\Chris\Desktop\kav_rescue_10.iso
[2011/04/19 20:18:11 | 000,387,584 | ---- | M] () -- C:\Users\Chris\Desktop\rescue2usb.exe
[2011/04/19 20:02:36 | 000,000,000 | ---- | M] () -- C:\Users\Chris\AppData\Local\{35E258CB-1735-45A6-89A0-1F6CFD23EB25}
[2011/04/18 19:24:12 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/18 19:14:43 | 000,100,480 | ---- | M] (GMER) -- C:\fwtoqpod.sys
[2011/04/18 18:10:57 | 000,000,552 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
[2011/04/17 20:56:36 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\Tizer™ Rootkit Razor.lnk
[2011/04/17 20:51:38 | 000,000,050 | ---- | M] () -- C:\Windows\wininit.ini
[2011/04/17 20:31:46 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\Users\Chris\Desktop\fsbl.exe
[2011/04/17 19:58:45 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011/04/17 19:49:28 | 000,056,400 | ---- | M] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2011/04/17 18:02:53 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/04/17 17:56:48 | 006,449,984 | ---- | M] (SurfRight B.V.) -- C:\Users\Chris\Desktop\HitmanPro35.exe
[2011/04/17 17:39:33 | 004,323,312 | R--- | M] () -- C:\Users\Chris\Desktop\blah123.com
[2011/04/17 16:02:13 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/16 15:26:17 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/04/16 15:26:17 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/04/16 15:25:58 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/04/16 12:25:48 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\TFC.exe
[2011/04/16 09:34:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/04/16 09:34:37 | 000,001,834 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/16 09:00:12 | 001,263,721 | ---- | M] () -- C:\Users\Chris\Desktop\tdsskiller.zip
[2011/04/10 23:38:26 | 000,025,088 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 06:14:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/04/08 06:14:00 | 000,004,755 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2011/04/05 20:00:54 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/05 19:38:34 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2 C:\Users\Chris\AppData\Local\*.tmp files -> C:\Users\Chris\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/29 21:10:47 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011/04/29 08:11:07 | 000,001,667 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/04/28 18:04:28 | 000,000,512 | ---- | C] () -- C:\Users\Chris\Desktop\MBR.dat
[2011/04/28 18:03:42 | 000,301,568 | ---- | C] () -- C:\Users\Chris\Desktop\gmer.exe
[2011/04/25 09:54:22 | 000,000,948 | ---- | C] () -- C:\Users\Chris\Desktop\Launch Internet Explorer Browser.lnk
[2011/04/25 09:14:46 | 000,002,316 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\37E0.2D4
[2011/04/22 09:45:08 | 238,836,168 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/21 19:22:37 | 000,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Local\{082ED083-878B-420D-A558-5A4D0560DC79}
[2011/04/19 23:16:01 | 001,544,204 | ---- | C] () -- C:\Users\Chris\Desktop\ProcessExplorer.zip
[2011/04/19 23:08:53 | 000,629,057 | ---- | C] () -- C:\Users\Chris\Desktop\RkU3.8.388.590.rar
[2011/04/19 22:48:16 | 000,147,456 | ---- | C] () -- C:\Users\Chris\Desktop\catchme.exe
[2011/04/19 22:47:57 | 000,089,088 | ---- | C] () -- C:\Users\Chris\Desktop\mbr.exe
[2011/04/19 20:18:11 | 000,387,584 | ---- | C] () -- C:\Users\Chris\Desktop\rescue2usb.exe
[2011/04/19 20:12:55 | 216,035,328 | ---- | C] () -- C:\Users\Chris\Desktop\kav_rescue_10.iso
[2011/04/19 20:02:08 | 000,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Local\{35E258CB-1735-45A6-89A0-1F6CFD23EB25}
[2011/04/18 18:10:57 | 000,000,552 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
[2011/04/17 22:22:33 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/17 22:22:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/17 22:22:33 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/17 22:22:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/17 22:22:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/17 20:56:36 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\Tizer™ Rootkit Razor.lnk
[2011/04/17 20:51:38 | 000,000,050 | ---- | C] () -- C:\Windows\wininit.ini
[2011/04/17 18:56:51 | 000,089,422 | ---- | C] () -- C:\Users\Chris\Documents\GGGGGGGGGGG.ods
[2011/04/17 18:41:44 | 000,002,523 | ---- | C] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2011/04/17 17:57:30 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/17 17:39:33 | 004,323,312 | R--- | C] () -- C:\Users\Chris\Desktop\blah123.com
[2011/04/17 16:02:13 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/16 15:25:58 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/04/16 12:09:33 | 000,000,680 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2011/04/16 09:00:00 | 001,263,721 | ---- | C] () -- C:\Users\Chris\Desktop\tdsskiller.zip
[2011/04/05 20:00:54 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/05 19:38:34 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/02/07 21:56:28 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011/02/07 20:43:58 | 000,000,665 | ---- | C] () -- C:\Windows\eReg.dat
[2010/10/19 08:38:43 | 000,246,784 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2010/07/09 20:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/11/10 23:13:54 | 000,139,152 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\PnkBstrK.sys
[2009/11/10 23:13:54 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/11/10 23:13:36 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/11/10 23:13:32 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/11/10 23:13:31 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009/10/08 17:38:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/08 17:38:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/08 17:38:11 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/09/05 11:32:58 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/20 18:01:17 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009/07/03 16:50:48 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009/04/10 11:26:55 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/03/18 19:47:04 | 000,000,000 | ---- | C] () -- C:\Windows\MSDraw.ini
[2009/03/07 19:45:54 | 000,000,248 | ---- | C] () -- C:\Windows\RomeTW.ini
[2009/03/05 21:30:02 | 003,423,744 | ---- | C] () -- C:\Windows\System32\libfilefmt-1.1.0.dll
[2009/03/05 21:30:02 | 000,020,480 | ---- | C] () -- C:\Windows\System32\libavi-dd-1.2.0.dll
[2008/11/03 19:15:09 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX8400DEFGIPS.ini
[2008/11/03 19:04:29 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/11/03 19:04:29 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/11/03 19:04:29 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/11/03 19:04:29 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/11/03 19:04:29 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/11/03 19:04:29 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/11/03 19:04:29 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/11/03 19:04:29 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/11/03 19:04:29 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/11/03 19:04:29 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008/11/03 19:04:29 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/11/03 19:04:29 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/11/03 19:04:29 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/11/03 19:04:29 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/11/03 19:04:29 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/11/03 19:04:29 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008/11/03 19:04:29 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008/11/03 19:04:29 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/11/03 19:04:29 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/10/15 22:10:17 | 000,000,080 | RHS- | C] () -- C:\Windows\System32\C2912C281D.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/05 17:18:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/07/08 15:34:42 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008/06/16 16:59:32 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2008/06/16 16:59:32 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/05/14 23:44:30 | 000,000,911 | ---- | C] () -- C:\Windows\STA2.ini
[2008/04/26 08:17:56 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/04/26 08:17:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/04/11 10:20:20 | 000,025,088 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/07 10:35:52 | 000,229,376 | ---- | C] () -- C:\Windows\System32\CPGameLauncher.exe
[2007/04/17 15:34:40 | 000,135,716 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,392,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,607,600 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,107,478 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/19 09:07:28 | 000,827,392 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2004/02/27 16:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[1996/02/23 22:34:48 | 000,014,629 | ---- | C] () -- C:\Windows\System32\Declw.dll
[1996/02/22 20:09:20 | 000,032,256 | ---- | C] () -- C:\Windows\System32\Decln.dll

========== LOP Check ==========

[2011/03/20 18:35:25 | 000,000,000 | ---D | M] -- C:\Users\Carolanne\AppData\Roaming\FrostWire
[2008/11/22 17:40:28 | 000,000,000 | ---D | M] -- C:\Users\Carolanne\AppData\Roaming\LimeWire
[2010/06/16 18:16:04 | 000,000,000 | ---D | M] -- C:\Users\Carolanne\AppData\Roaming\Template
[2010/02/18 21:10:04 | 000,000,000 | ---D | M] -- C:\Users\Carolanne\AppData\Roaming\Trusteer
[2011/01/20 19:29:42 | 000,000,000 | ---D | M] -- C:\Users\Carolanne\AppData\Roaming\uTorrent
[2011/04/17 18:02:53 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Acreon
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\CrystalApp
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DAEMON Tools
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DNA
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FreeAudioPack
[2011/04/07 19:02:54 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FrostWire
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FVDIEPlugin
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\GetRightToGo
[2011/04/29 19:20:18 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ImgBurn
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PlaneShift
[2011/04/29 09:17:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2011/04/29 21:06:54 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CE2C623F
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

#44
Essexboy

Posted 30 April 2011 - 05:40 AM

GeekU Moderator

Retired Staff
69,964 posts

OK lets look deeper

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#45
Horaldo

Posted 30 April 2011 - 06:06 AM

Member

Topic Starter
Member
43 posts

Please find log attached.

ComboFix 11-04-29.03 - Chris 30/04/2011 12:54:25.5.4 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.1631 [GMT 1:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-30 )))))))))))))))))))))))))))))))
.
.
2072-07-31 16:44 . 2004-08-24 13:27 375808 ----a-w- c:\program files\Microsoft Games\Halo\binkw32.dll
2011-04-30 12:01 . 2011-04-30 12:01 -------- d-----w- c:\users\Chris\AppData\Local\temp
2011-04-30 12:01 . 2011-04-30 12:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-04-30 12:01 . 2011-04-30 12:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-30 12:01 . 2011-04-30 12:01 -------- d-----w- c:\users\Carolanne\AppData\Local\temp
2011-04-29 10:32 . 2011-04-29 18:20 -------- d-----w- c:\users\Chris\AppData\Roaming\ImgBurn
2011-04-29 07:11 . 2011-04-29 07:11 -------- d-----w- c:\program files\ImgBurn
2011-04-25 08:07 . 2011-04-25 08:07 -------- d-----w- C:\_OTL
2011-04-21 18:22 . 2011-04-21 18:22 0 ---ha-w- c:\users\Chris\AppData\Local\BIT61CE.tmp
2011-04-19 19:02 . 2011-04-19 19:02 0 ---ha-w- c:\users\Chris\AppData\Local\BIT86BC.tmp
2011-04-18 18:14 . 2011-04-18 18:14 100480 ----a-w- C:\fwtoqpod.sys
2011-04-18 17:16 . 2011-04-08 05:14 6299752 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-04-18 17:16 . 2011-04-08 05:14 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-18 17:16 . 2011-04-08 05:14 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
2011-04-18 17:16 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-18 17:16 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-18 17:16 . 2011-04-08 05:14 5180824 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-18 17:16 . 2011-04-08 05:14 2765928 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-18 17:16 . 2011-04-08 05:14 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-18 17:16 . 2011-04-08 05:14 13007464 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-18 17:16 . 2011-04-08 05:14 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-04-18 17:16 . 2011-04-08 05:14 10071656 ----a-w- c:\windows\system32\nvd3dum.dll
2011-04-17 21:22 . 2011-04-17 21:28 -------- d-----w- C:\blah123
2011-04-17 21:02 . 2011-04-18 16:51 -------- d-----w- c:\programdata\Kaspersky Lab
2011-04-17 19:56 . 2011-04-17 19:56 -------- d-----w- c:\program files\Tizer™ Rootkit Razor
2011-04-17 18:58 . 2011-04-17 18:58 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-04-17 18:49 . 2011-04-17 18:49 56400 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2011-04-17 17:41 . 2011-04-17 17:41 388096 ----a-r- c:\users\Chris\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-17 17:41 . 2011-04-17 17:41 -------- d-----w- c:\program files\Trend Micro
2011-04-17 17:33 . 2011-04-17 17:33 -------- d-----w- c:\users\Chris\AppData\Local\Deployment
2011-04-17 17:19 . 2011-04-17 17:19 -------- d-----w- c:\programdata\Sunbelt
2011-04-17 17:02 . 2011-04-17 17:02 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-04-17 16:57 . 2011-04-18 18:24 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-17 16:57 . 2011-04-17 17:02 -------- d-----w- c:\programdata\Hitman Pro
2011-04-17 15:02 . 2011-04-17 15:02 -------- d-----w- c:\users\Chris\AppData\Roaming\SUPERAntiSpyware.com
2011-04-17 15:02 . 2011-04-17 15:02 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-04-17 15:02 . 2011-04-22 08:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-16 14:25 . 2011-04-16 14:25 466432 ----a-w- c:\program files\Internet Explorer\ieinstal.exe
2011-04-16 11:23 . 2011-04-16 11:23 -------- d-----w- c:\program files\ESET
2011-04-16 08:30 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{86678B9B-CC10-4108-ADF4-258B07F051ED}\mpengine.dll
2011-04-09 09:23 . 2011-04-09 09:23 -------- d-----w- c:\users\Chris\AppData\Roaming\DivX
2011-04-07 21:45 . 2011-04-07 21:45 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 21:45 . 2011-04-07 21:45 612456 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-07 21:45 . 2011-04-07 21:45 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 21:44 . 2011-04-07 21:44 3701352 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 21:44 . 2011-04-07 21:44 2565224 ----a-w- c:\windows\system32\nvsvc.dll
2011-04-05 19:00 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-05 19:00 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-05 18:38 . 2011-04-05 18:38 -------- d-----w- c:\program files\CCleaner
2011-04-05 18:04 . 2011-04-05 18:04 -------- d-----w- c:\users\Chris\AppData\Local\Threat Expert
2011-04-05 17:42 . 2011-04-05 18:12 -------- d-----w- c:\program files\PC Tools Security
2011-04-05 17:42 . 2011-04-05 18:12 -------- d-----w- c:\program files\Common Files\PC Tools
2011-04-05 17:29 . 2011-04-05 17:29 -------- d-----w- c:\users\Chris\AppData\Local\Apps(32)
2011-04-05 17:19 . 2011-04-05 17:19 -------- d-----w- c:\users\Chris\AppData\Local\Temp(39)
2011-04-05 17:19 . 2011-04-05 17:19 -------- d-----w- c:\users\Chris\AppData\Local\Adobe
2011-04-05 17:13 . 2011-04-05 17:13 -------- d-----w- c:\users\Chris\AppData\Local\Google
2011-04-04 23:03 . 2011-04-04 23:03 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2011-04-04 22:56 . 2011-04-05 17:19 -------- d-----w- c:\users\Chris\AppData\Roaming\Adobe(41)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-29 21:32 . 2010-11-17 18:24 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2011-04-29 21:32 . 2006-11-02 12:41 3584 ----a-w- c:\windows\system32\drivers\en-US\scsiport.sys.mui
2011-04-29 21:32 . 2006-11-02 12:41 4096 ----a-w- c:\windows\system32\drivers\en-US\modem.sys.mui
2011-04-29 21:32 . 2006-11-02 12:41 8704 ----a-w- c:\windows\system32\drivers\en-US\afd.sys.mui
2011-04-08 05:14 . 2011-04-18 17:16 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-04-08 05:14 . 2007-11-13 21:21 2034280 ----a-w- c:\windows\system32\nvapi.dll
2011-02-23 14:04 . 2011-03-27 16:27 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 14:04 . 2011-03-27 16:27 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 13:56 . 2011-03-27 16:27 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 13:56 . 2011-03-27 16:27 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 13:55 . 2011-03-27 16:27 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 13:55 . 2011-03-27 16:27 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 13:55 . 2011-03-27 16:27 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-23 13:54 . 2011-03-27 16:27 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-22 14:13 . 2011-03-27 15:50 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-27 15:50 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-27 15:50 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-07 20:56 . 2011-02-07 20:56 4608 ----a-w- c:\windows\system32\w95inf32.dll
2011-02-07 20:56 . 2011-02-07 20:56 2272 ----a-w- c:\windows\system32\w95inf16.dll
2011-02-02 18:11 . 2009-10-02 16:25 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 4468736]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
c:\users\Carolanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2291423683-1319649724-4169294494-1000]
"EnableNotificationsRef"=dword:00000001
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 AMService;AMService;c:\windows\TEMP\mslm\setup.exe run [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-17 136176]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files\MU\GameGuard\dump_wmimmc.sys [x]
R3 FXDrv32;FXDrv32;I:\FXDrv32.sys [x]
R3 gsplittm;gsplittm;c:\users\Chris\AppData\Local\Temp\gsplittm.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-17 136176]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [2008-02-22 28672]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-05-03 2711854]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-09-14 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-09-14 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-09-14 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-09-14 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-09-14 25704]
R3 XDva332;XDva332;c:\windows\system32\XDva332.sys [x]
R3 XDva346;XDva346;c:\windows\system32\XDva346.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-05-14 717296]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-17 19:55]
.
2011-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-17 19:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.co.uk/
IE: &Save Flash In This Page by Flash Saver
IE: E&xport to Microsoft Excel
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} - hxxp://www.netmarble.jp/_common/cab/NMJTransX.cab
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\txixir02.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: [email protected] - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Veoh Browser Plug-in: [email protected] - c:\program files\Veoh Networks\Veoh\Plugins\noreg\VideoFinder4
FF - Ext: Veoh Web Player Video Finder: [email protected] - c:\program files\Veoh Networks\VeohWebPlayer\FFVideoFinder
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-30 13:01
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet011\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2291423683-1319649724-4169294494-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2291423683-1319649724-4169294494-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-04-30 13:04:56
ComboFix-quarantined-files.txt 2011-04-30 12:04
ComboFix2.txt 2011-04-22 10:07
ComboFix3.txt 2011-04-19 21:22
ComboFix4.txt 2011-04-17 22:20
.
Pre-Run: 97,756,176,384 bytes free
Post-Run: 97,705,218,048 bytes free
.
- - End Of File - - 8154CE3C827005298A95EF104E5867C1