1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Mozilla Firefox Redirects to Random Sites

Discussion in 'Virus & Other Malware Removal' started by rrod93, Aug 8, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. rrod93

    rrod93 Thread Starter

    Joined:
    Aug 8, 2010
    Messages:
    11
    Well, like the title says, Firefox keeps redirecting me to random sites. For instance I clicked on a wikipedia link and got sent to Travelocity.com. This just started happening earlier today, out of nowhere, and it's only Firefox that does this. The last things I remember downloading are Artweaver, Torsion, Notepad++, and Torsion, but that was all maybe over a week ago. I've used Malwarebytes' Anti-Malware and deleted four infected files. I've researched a few other threads but I'm still not exactly sure what I need to do. Can somebody please give me some direction? I'm using Windows XP by the way.
     
  2. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


      [​IMG]

    • If an infected file is detected, the default action will be Cure, click on Continue.


      [​IMG]

    • If a suspicious file is detected, the default action will be Skip, click on Continue.


      [​IMG]

    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


      [​IMG]

    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
     
  3. rrod93

    rrod93 Thread Starter

    Joined:
    Aug 8, 2010
    Messages:
    11
    Thank you for the reply. This is the report I got:

    2010/08/09 07:52:38.0234 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41
    2010/08/09 07:52:38.0234 ================================================================================
    2010/08/09 07:52:38.0234 SystemInfo:
    2010/08/09 07:52:38.0234
    2010/08/09 07:52:38.0234 OS Version: 5.1.2600 ServicePack: 3.0
    2010/08/09 07:52:38.0234 Product type: Workstation
    2010/08/09 07:52:38.0234 ComputerName: OWNER_PC
    2010/08/09 07:52:38.0234 UserName: Owner
    2010/08/09 07:52:38.0234 Windows directory: C:\WINDOWS
    2010/08/09 07:52:38.0234 System windows directory: C:\WINDOWS
    2010/08/09 07:52:38.0234 Processor architecture: Intel x86
    2010/08/09 07:52:38.0234 Number of processors: 1
    2010/08/09 07:52:38.0234 Page size: 0x1000
    2010/08/09 07:52:38.0234 Boot type: Normal boot
    2010/08/09 07:52:38.0234 ================================================================================
    2010/08/09 07:52:38.0500 Initialize success
    2010/08/09 07:52:49.0890 ================================================================================
    2010/08/09 07:52:49.0890 Scan started
    2010/08/09 07:52:49.0890 Mode: Manual;
    2010/08/09 07:52:49.0890 ================================================================================
    2010/08/09 07:52:51.0171 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/08/09 07:52:51.0343 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/08/09 07:52:51.0531 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/08/09 07:52:51.0656 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/08/09 07:52:51.0781 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2010/08/09 07:52:52.0234 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/08/09 07:52:52.0406 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/08/09 07:52:52.0640 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/08/09 07:52:52.0781 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/08/09 07:52:52.0937 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
    2010/08/09 07:52:53.0078 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
    2010/08/09 07:52:53.0312 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
    2010/08/09 07:52:53.0515 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/08/09 07:52:53.0734 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/08/09 07:52:54.0046 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/08/09 07:52:54.0203 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/08/09 07:52:54.0343 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/08/09 07:52:54.0640 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
    2010/08/09 07:52:54.0859 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/08/09 07:52:55.0015 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/08/09 07:52:55.0187 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/08/09 07:52:55.0359 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/08/09 07:52:55.0515 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/08/09 07:52:55.0718 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/08/09 07:52:55.0890 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    2010/08/09 07:52:56.0187 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/08/09 07:52:56.0375 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2010/08/09 07:52:56.0484 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/08/09 07:52:56.0734 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2010/08/09 07:52:57.0125 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2010/08/09 07:52:57.0359 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/08/09 07:52:57.0625 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/08/09 07:52:57.0750 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
    2010/08/09 07:52:57.0859 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2010/08/09 07:52:58.0000 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/08/09 07:52:58.0125 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/08/09 07:52:58.0343 HSFHWBS2 (5380253d2751f2b5d95941c09e7e42ac) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
    2010/08/09 07:52:58.0562 HSF_DP (e9a4c20ab168be8bd78486afebba5836) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
    2010/08/09 07:52:58.0796 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/08/09 07:52:58.0953 hwinterface (448bb2fe30f1dde9eaa4f0e87b52b687) C:\WINDOWS\system32\Drivers\hwinterface.sys
    2010/08/09 07:52:59.0250 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/08/09 07:52:59.0437 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/08/09 07:52:59.0687 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/08/09 07:52:59.0796 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2010/08/09 07:52:59.0968 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/08/09 07:53:00.0062 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/08/09 07:53:00.0234 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/08/09 07:53:00.0390 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/08/09 07:53:00.0531 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/08/09 07:53:00.0687 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/08/09 07:53:00.0796 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/08/09 07:53:00.0875 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2010/08/09 07:53:00.0984 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/08/09 07:53:01.0125 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/08/09 07:53:01.0406 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    2010/08/09 07:53:01.0546 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/08/09 07:53:01.0687 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/08/09 07:53:01.0781 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    2010/08/09 07:53:01.0890 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/08/09 07:53:02.0000 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/08/09 07:53:02.0140 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/08/09 07:53:02.0328 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/08/09 07:53:02.0500 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/08/09 07:53:02.0812 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/08/09 07:53:03.0234 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/08/09 07:53:03.0718 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/08/09 07:53:04.0109 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/08/09 07:53:04.0421 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/08/09 07:53:04.0593 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/08/09 07:53:04.0750 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/08/09 07:53:04.0906 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/08/09 07:53:05.0062 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/08/09 07:53:05.0203 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/08/09 07:53:05.0437 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/08/09 07:53:05.0625 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/08/09 07:53:05.0781 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/08/09 07:53:05.0968 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\NPF.sys
    2010/08/09 07:53:06.0093 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/08/09 07:53:06.0296 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/08/09 07:53:06.0531 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/08/09 07:53:06.0843 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2010/08/09 07:53:07.0171 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/08/09 07:53:07.0312 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/08/09 07:53:07.0484 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
    2010/08/09 07:53:07.0765 P16X (f051107ff80f132882e71e3a5d302ec1) C:\WINDOWS\system32\drivers\P16X.sys
    2010/08/09 07:53:08.0093 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2010/08/09 07:53:08.0312 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/08/09 07:53:08.0437 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/08/09 07:53:08.0625 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/08/09 07:53:08.0859 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/08/09 07:53:09.0062 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2010/08/09 07:53:09.0312 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
    2010/08/09 07:53:10.0140 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/08/09 07:53:10.0328 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/08/09 07:53:10.0468 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/08/09 07:53:10.0656 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2010/08/09 07:53:11.0453 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/08/09 07:53:11.0640 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/08/09 07:53:11.0812 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/08/09 07:53:12.0000 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/08/09 07:53:12.0203 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/08/09 07:53:12.0375 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/08/09 07:53:12.0546 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/08/09 07:53:12.0718 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/08/09 07:53:13.0015 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
    2010/08/09 07:53:13.0437 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
    2010/08/09 07:53:13.0609 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/08/09 07:53:13.0781 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
    2010/08/09 07:53:13.0968 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/08/09 07:53:14.0062 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/08/09 07:53:14.0234 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/08/09 07:53:14.0562 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
    2010/08/09 07:53:14.0765 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/08/09 07:53:14.0937 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
    2010/08/09 07:53:14.0937 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
    2010/08/09 07:53:14.0937 sptd - detected Locked file (1)
    2010/08/09 07:53:15.0125 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/08/09 07:53:15.0328 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/08/09 07:53:15.0515 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/08/09 07:53:15.0625 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/08/09 07:53:15.0984 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/08/09 07:53:16.0140 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/08/09 07:53:16.0390 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/08/09 07:53:16.0546 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/08/09 07:53:16.0734 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/08/09 07:53:16.0984 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/08/09 07:53:17.0265 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/08/09 07:53:17.0484 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2010/08/09 07:53:17.0640 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
    2010/08/09 07:53:17.0812 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/08/09 07:53:17.0921 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
    2010/08/09 07:53:18.0109 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/08/09 07:53:18.0296 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/08/09 07:53:18.0421 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
    2010/08/09 07:53:18.0609 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/08/09 07:53:18.0718 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/08/09 07:53:18.0859 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/08/09 07:53:19.0062 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/08/09 07:53:19.0296 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/08/09 07:53:19.0546 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/08/09 07:53:19.0765 winachsf (2e5bc3ddf1c44c84c3093e1148a0354e) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    2010/08/09 07:53:20.0015 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    2010/08/09 07:53:20.0171 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/08/09 07:53:20.0296 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/08/09 07:53:20.0359 ================================================================================
    2010/08/09 07:53:20.0359 Scan finished
    2010/08/09 07:53:20.0359 ================================================================================
    2010/08/09 07:53:20.0390 Detected object count: 1
    2010/08/09 07:53:49.0609 Locked file(sptd) - User select action: Skip
     
  4. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    Download ComboFix here :

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

      Click me

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
     
  5. rrod93

    rrod93 Thread Starter

    Joined:
    Aug 8, 2010
    Messages:
    11
    I let ComboFix run. This is the log:

    ComboFix 10-08-08.03 - Owner 2010-08-09 11:36:36.3.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1573 [GMT -5:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\documents and settings\Owner\Application Data\inst.exe
    c:\documents and settings\Owner\Local Settings\Application Data\{E0278FD0-4167-4337-97E1-D25914BA47E3}
    c:\documents and settings\Owner\Local Settings\Application Data\{E0278FD0-4167-4337-97E1-D25914BA47E3}\chrome.manifest
    c:\documents and settings\Owner\Local Settings\Application Data\{E0278FD0-4167-4337-97E1-D25914BA47E3}\chrome\content\_cfg.js
    c:\documents and settings\Owner\Local Settings\Application Data\{E0278FD0-4167-4337-97E1-D25914BA47E3}\chrome\content\c.js
    c:\documents and settings\Owner\Local Settings\Application Data\{E0278FD0-4167-4337-97E1-D25914BA47E3}\chrome\content\overlay.xul
    c:\documents and settings\Owner\Local Settings\Application Data\{E0278FD0-4167-4337-97E1-D25914BA47E3}\install.rdf
    c:\documents and settings\Owner\Local Settings\Application Data\Windows Server
    c:\documents and settings\Owner\Local Settings\Application Data\Windows Server\flags.ini
    c:\documents and settings\Owner\Local Settings\Application Data\Windows Server\server.dat
    c:\documents and settings\Owner\Local Settings\Application Data\Windows Server\uses32.dat
    C:\restore
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\Packet.dll
    c:\windows\system32\pthreadVC.dll
    c:\windows\system32\WanPacket.dll
    c:\windows\system32\wpcap.dll
    c:\windows\system32\winlogon.exe . . . is infected!!
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    -------\Legacy_NPF
    -------\Service_NPF

    ((((((((((((((((((((((((( Files Created from 2010-07-09 to 2010-08-09 )))))))))))))))))))))))))))))))
    .
    2010-08-09 12:49 . 2010-08-09 12:49 -------- d-----w- c:\program files\Common Files\McAfee
    2010-08-09 12:49 . 2010-08-09 16:32 -------- d-----w- c:\program files\McAfee
    2010-08-08 20:45 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-08 20:45 . 2010-08-08 23:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-08 20:45 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-07-28 19:15 . 2010-07-28 19:15 -------- d-----w- c:\program files\Microsoft SQL Server
    2010-07-28 19:15 . 2010-07-28 19:15 -------- d-----w- c:\program files\Microsoft Synchronization Services
    2010-07-28 19:15 . 2010-07-28 19:15 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2010-07-28 19:14 . 2010-07-28 19:17 131808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
    2010-07-28 19:11 . 2010-07-28 19:11 -------- d-----w- c:\program files\Microsoft Help Viewer
    2010-07-28 19:11 . 2010-07-28 19:17 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
    2010-07-28 19:11 . 2010-07-28 19:11 -------- d-----w- c:\program files\Microsoft SDKs
    2010-07-28 18:36 . 2010-07-29 02:11 -------- d-----w- c:\documents and settings\Owner\Application Data\GarageGames
    2010-07-28 18:36 . 2010-07-28 18:36 4096 ----a-w- c:\windows\d3dx.dat
    2010-07-28 18:34 . 2010-07-29 02:11 444952 ----a-w- c:\windows\system32\wrap_oal.dll
    2010-07-28 18:34 . 2010-07-29 02:11 109080 ----a-w- c:\windows\system32\OpenAL32.dll
    2010-07-28 18:34 . 2010-07-28 18:34 -------- d-----w- c:\program files\OpenAL
    2010-07-28 18:33 . 2010-07-29 02:10 -------- d-----w- c:\program files\Torque
    2010-07-28 18:19 . 2010-07-28 18:19 -------- d-----w- c:\documents and settings\Owner\Application Data\Notepad++
    2010-07-28 18:19 . 2010-07-28 18:19 -------- d-----w- c:\program files\Notepad++
    2010-07-27 17:01 . 2010-07-27 17:01 -------- d-----w- c:\documents and settings\Owner\Application Data\Artweaver
    2010-07-27 17:01 . 2010-07-27 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Artweaver
    2010-07-27 17:01 . 2010-07-27 20:29 -------- d-----w- c:\program files\Artweaver 1.0
    2010-07-24 01:18 . 2010-07-24 01:18 503808 ----a-w- c:\documents and settings\Rolando\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-56af12c3-n\msvcp71.dll
    2010-07-24 01:18 . 2010-07-24 01:18 499712 ----a-w- c:\documents and settings\Rolando\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-56af12c3-n\jmc.dll
    2010-07-24 01:18 . 2010-07-24 01:18 348160 ----a-w- c:\documents and settings\Rolando\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-56af12c3-n\msvcr71.dll
    2010-07-21 13:42 . 2010-07-21 13:42 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
    2010-07-21 13:42 . 2010-07-21 13:42 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
    2010-07-21 13:42 . 2010-07-21 13:42 1373536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
    2010-07-21 13:42 . 2010-07-21 13:42 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
    2010-07-18 14:08 . 2010-07-18 14:08 -------- d-----w- c:\program files\iPod
    2010-07-18 14:08 . 2010-07-18 14:09 -------- d-----w- c:\program files\iTunes
    2010-07-18 14:03 . 2010-07-18 14:03 -------- d-----w- c:\program files\Bonjour
    2010-07-18 14:00 . 2010-07-18 14:00 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
    2010-07-17 16:50 . 2010-07-17 16:50 77312 ----a-w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.72.0A.dll
    2010-07-15 14:23 . 2010-07-15 14:23 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
    2010-07-15 14:23 . 2010-07-15 14:23 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
    2010-07-15 14:23 . 2010-07-15 14:23 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-07-15 14:20 . 2010-07-15 14:20 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
    2010-07-15 14:20 . 2010-07-15 14:20 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
    2010-07-15 14:20 . 2010-07-15 14:20 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
    2010-07-15 14:20 . 2010-07-15 14:20 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-09 16:14 . 2010-01-27 17:07 0 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\prvlcl.dat
    2010-08-09 12:49 . 2009-04-06 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2010-08-08 23:09 . 2004-08-04 12:00 -------- d-----w- c:\program files\Common Files\Mozilla Shared
    2010-07-28 18:30 . 2009-03-26 03:22 -------- d-----w- c:\program files\Microsoft.NET
    2010-07-28 13:22 . 2003-07-21 05:05 -------- d-----w- c:\program files\World of Warcraft
    2010-07-18 14:08 . 2009-03-26 03:34 -------- d-----w- c:\program files\Common Files\Apple
    2010-07-17 16:50 . 2009-12-15 23:46 -------- d-----w- c:\program files\SystemRequirementsLab
    2010-07-17 16:50 . 2009-12-15 23:46 -------- d-----w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab
    2010-07-15 14:23 . 2010-01-15 22:20 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-07-15 14:21 . 2010-01-15 22:20 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-07-06 16:44 . 2010-07-06 16:44 -------- d-----w- c:\program files\Magelo
    2010-07-04 01:23 . 2010-07-04 01:23 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-07-03 22:00 . 2010-07-03 22:00 -------- d-----w- c:\program files\System Spec Analyser
    2010-07-02 22:43 . 2010-07-02 22:43 -------- d-----w- c:\documents and settings\Owner\Application Data\InstallShield
    2010-07-01 23:43 . 2010-07-01 23:43 -------- d-----w- c:\documents and settings\Owner\Application Data\Carambis
    2010-07-01 23:43 . 2010-07-01 23:43 -------- d-----w- c:\program files\Carambis
    2010-06-22 12:09 . 2010-06-15 08:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
    2010-06-19 14:08 . 2009-03-26 03:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
    2010-06-15 18:48 . 2010-06-15 16:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-06-15 16:35 . 2010-06-15 16:35 -------- d-----w- c:\program files\Disk Space Visualizer
    2010-06-15 15:45 . 2009-03-25 20:27 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-06-15 13:44 . 2010-06-12 01:57 -------- d-----w- c:\program files\City of Heroes
    2010-06-14 14:31 . 2003-07-21 06:02 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-10 19:56 . 2010-06-10 19:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Turbine
    2010-06-10 19:55 . 2010-06-10 19:55 128 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat
    2010-06-10 19:55 . 2009-03-26 14:28 79648 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-05-18 21:35 . 2010-05-18 21:35 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-05-18 21:35 . 2010-05-18 21:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2009-03-16 19:35 . 2009-03-16 19:35 525128 -c--a-w- c:\program files\DXSETUP.exe
    2009-03-16 19:35 . 2009-03-16 19:35 94024 -c--a-w- c:\program files\DSETUP.dll
    2009-07-23 23:04 . 2009-07-23 03:06 56 --sh--r- c:\windows\system32\2D55EAC86B.sys
    2006-05-03 10:06 . 2003-07-26 12:43 163328 -csh--r- c:\windows\system32\flvDX.dll
    2009-07-23 23:04 . 2009-07-23 03:06 848 -csha-w- c:\windows\system32\KGyGaAvL.sys
    2007-02-21 11:47 . 2003-07-26 12:43 31232 -csh--r- c:\windows\system32\msfDX.dll
    2008-03-16 13:30 . 2003-07-26 12:43 216064 -csh--r- c:\windows\system32\nbDX.dll
    .
    ------- Sigcheck -------
    [-] 2008-04-14 . 314B7A22B03FA4ED61625A95BB1D5D0A . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
    [-] 2009-03-18 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2009-04-02 17:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2010-04-19 15:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4F43FBC-F9F9-45B7-B009-192EF77E33FA}]
    c:\windows\system32\tzcoapu.dll [BU]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
    "Driver Updater"="c:\program files\Carambis\Driver Updater\dupdater.exe" [2010-06-08 4973056]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-26 180269]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
    "NWEReboot"="" [BU]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
    "nwiz"="nwiz.exe" [2006-10-22 1622016]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-15 149280]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "_nltide_2"="shell32" [X]
    c:\documents and settings\Owner\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-07-15 14:23 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
    "c:\\Program Files\\World of Warcraft\\Launcher.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Program Files\\World of Warcraft\\Repair.exe"=
    "c:\\Program Files\\Common Files\\Blizzard Entertainment\\World of Warcraft\\Uninstall.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
    "58879:TCP"= 58879:TCP:pando Media Booster
    "58879:UDP"= 58879:UDP:pando Media Booster
    "6112:TCP"= 6112:TCP:Blizzard Downloader
    "1120:TCP"= 1120:TCP:Blizzard Downloader
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-01-15 216400]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-01-15 243024]
    R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2009-07-22 3026]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2010-08-09 88176]
    S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-06-08 234888]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2009-10-07 1527900]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-05-31 721904]
    .
    Contents of the 'Scheduled Tasks' folder
    2010-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.yahoo.com/search?fr=mcafee&p=
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
    TCP: {070910E6-0CDF-4ED4-8586-A80E5A36B640} = 192.168.10.1
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\y4bi0lnz.default\
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -
    HKCU-Run-Torrent2Exe[b5bd537efdae619f52617e6ed61aacb12cef5bb7] - c:\documents and settings\Owner\Desktop\Doctor_Who_Season_2_Complete_TVRips_(2006).exe
    AddRemove-4Videosoft Video Converter Platinum_is1 - c:\program files\4Videosoft Studio\4Videosoft Video Converter Platinum\unins000.exe
    AddRemove-HijackThis - f:\a virus repair\hijackthis\HijackThis.exe

    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-09 11:47
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'explorer.exe'(236)
    c:\windows\system32\WININET.dll
    c:\program files\Windows Desktop Search\deskbar.dll
    c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
    c:\program files\Windows Desktop Search\dbres.dll
    c:\program files\Windows Desktop Search\wordwheel.dll
    c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
    c:\program files\Windows Desktop Search\msnlExtRes.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\program files\AVG\AVG9\avgrsx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\program files\AVG\AVG9\avgnsx.exe
    c:\program files\OpenOffice.org 3\program\soffice.exe
    c:\program files\OpenOffice.org 3\program\soffice.bin
    c:\windows\system32\SearchIndexer.exe
    c:\program files\Windows Media Player\WMPNetwk.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\SearchProtocolHost.exe
    c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
    c:\program files\Java\jre6\bin\jucheck.exe
    c:\windows\system32\SearchFilterHost.exe
    .
    **************************************************************************
    .
    Completion time: 2010-08-09 11:53:45 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-08-09 16:53
    ComboFix2.txt 2009-04-15 22:30
    Pre-Run: 30,022,127,616 bytes free
    Post-Run: 30,489,595,904 bytes free
    - - End Of File - - F4116F8EC359F275EA3116AC9A6255AC
     
  6. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    Please download GooredFix from one of the locations below and save it to your Desktop
    Download Mirror #1
    Download Mirror #2
    • Ensure all Firefox windows are closed.
    • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
    • When prompted to run the scan, click Yes.
    • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).



    • Make sure to use Internet Explorer for this
    • Please go to VirSCAN.org FREE on-line scan service
    • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
      • c:\windows\system32\sfcfiles.dll
    • Click on the Upload button
    • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
    • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
    • Paste the contents of the Clipboard in your next reply.




    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:

    Save this as CFScript.txt, in the same location as ComboFix.exe


    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
     
  7. rrod93

    rrod93 Thread Starter

    Joined:
    Aug 8, 2010
    Messages:
    11
    This is the GooredFix log:

    GooredFix by jpshortstuff (03.07.10.1)
    Log created at 16:11 on 09/08/2010 (Owner)
    Firefox version 3.6.8 (en-US)
    ========== GooredScan ==========
    Removing Orphan:
    "{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG9\Firefox" -> Success!
    Removing Orphan:
    "[email protected]"="C:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected]" -> Success!
    ========== GooredLog ==========
    C:\Program Files\Mozilla Firefox\extensions\
    {972ce4c6-7e08-4474-a285-3208198ce6fd} [23:11 08/08/2010]
    C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\y4bi0lnz.default\extensions\
    [email protected] [23:43 08/01/2010]
    {20a82645-c095-46ed-80e3-08825760534b} [20:29 02/09/2009]
    {635abd67-4fe9-1b23-4f01-e679fa7484c1} [21:16 25/04/2009]
    [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
    "{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [08:06 08/08/2009]
    "[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [23:44 15/12/2009]
    "{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [12:49 09/08/2010]
    -=E.O.F=-

    These are the results from VirSCAN:

    VirSCAN.org Scanned Report :
    Scanned time : 2010/08/09 16:59:27 (CDT)
    Scanner results: Scanners did not find malware!
    File Name : sfcfiles.dll
    File Size : 1614848 byte
    File Type : PE32 executable for MS Windows (DLL) (console) Intel 80386 3
    MD5 : 362bc5af8eaf712832c58cc13ae05750
    SHA1 : c8c2d44f34115f27f10bc435dd986d4eff00fe3f
    Online report : http://virscan.org/report/7cbafd6631da74acc6c0e1e693dae05a.html
    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 5.0.0.18 20100810041103 2010-08-10 0.36 -
    AhnLab V3 2010.08.07.00 2010.08.07 2010-08-07 1.21 -
    AntiVir 8.2.4.34 7.10.10.126 2010-08-09 0.27 -
    Antiy 2.0.18 20100810.4923669 2010-08-10 0.02 -
    Arcavir 2009 201006281601 2010-06-28 0.00 -
    Authentium 5.1.1 201008091742 2010-08-09 1.25 -
    AVAST! 4.7.4 100809-1 2010-08-09 0.08 -
    AVG 8.5.793 271.1.1/3060 2010-08-09 0.25 -
    BitDefender 7.90123.6154084 7.33273 2010-08-10 4.34 -
    ClamAV 0.96.1 11520 2010-08-09 0.01 -
    Comodo 4.0 5698 2010-08-09 1.25 -
    CP Secure 1.3.0.5 2010.08.10 2010-08-10 0.43 -
    Dr.Web 5.0.2.3300 2010.08.10 2010-08-10 9.13 -
    F-Prot 4.4.4.56 20100809 2010-08-09 1.25 -
    F-Secure 7.02.73807 2010.08.09.06 2010-08-09 0.15 -
    Fortinet 4.1.143 12.229 2010-08-09 0.18 -
    GData 21.647/21.245 20100809 2010-08-09 7.30 -
    ViRobot 20100809 2010.08.09 2010-08-09 0.37 -
    Ikarus T3. 2010.08.09.76454 2010-08-09 4.85 -
    JiangMin 13.0.900 2010.08.09 2010-08-09 1.57 -
    Kaspersky 5.5.10 2010.08.09 2010-08-09 0.08 -
    KingSoft 2009.2.5.15 2010.8.9.18 2010-08-09 0.65 -
    McAfee 5400.1158 6069 2010-08-09 17.97 -
    Microsoft 1.6004 2010.08.09 2010-08-09 5.99 -
    Norman 6.05.11 6.05.00 2010-08-09 4.01 -
    Panda 9.05.01 2010.08.08 2010-08-08 2.73 -
    Trend Micro 9.120-1004 7.372.18 2010-08-09 0.08 -
    Quick Heal 11.00 2010.08.09 2010-08-09 2.80 -
    Rising 20.0 22.60.00.04 2010-08-09 1.46 -
    Sophos 3.10.0 4.56 2010-08-10 3.80 -
    Sunbelt 3.9.2432.2 6708 2010-08-09 11.32 -
    Symantec 1.3.0.24 20100809.002 2010-08-09 0.11 -
    nProtect 20100808.01 8813262 2010-08-08 9.14 -
    The Hacker 6.5.2.1 v00339 2010-08-09 1.84 -
    VBA32 3.12.12.8 20100809.0801 2010-08-09 3.08 -
    VirusBuster 4.5.11.10 10.127.50/2027477 2010-08-10 2.47 -


    The log from ComboFix is attached because it was to big to paste in a reply.
     

    Attached Files:

  8. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in

      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      activex
      drivers32
      %SYSTEMDRIVE%\*.*
      %systemroot%\system32\Spool\prtprocs\w32x86\*.*
      %systemroot%\*. /mp /s
      %systemroot%\System32\config\*.sav
      %systemroot%\system32\*.wt
      %systemroot%\system32\*.ruy
      %systemroot%\Fonts\*.dll
      %systemroot%\Fonts\*.com
      %systemroot%\Fonts\*.exe
      %systemroot%\Fonts\*.ini
      %systemroot%\Fonts\*.ini2
      %systemroot%\REPAIR\*.bak1
      %systemroot%\REPAIR\*.ini
      %systemroot%\system32\*.jpg
      %systemroot%\*.jpg
      %systemroot%\*.png
      %systemroot%\*.scr
      %systemroot%\*._sy
      %APPDATA%\Adobe\Update\*.*
      %APPDATA%\Microsoft\*.*
      %PROGRAMFILES%\*.*
      %ALLUSERSPROFILE%\Favorites\*.*
      %APPDATA%\Update\*.*
      CREATERESTOREPOINT
      %PROGRAMFILES%\*.
      /md5start
      winlogon.*
      /md5stop
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      set /c
      %PROGRAMFILES%|bak;true;false;false /fp
      %systemroot%\system32|bak;true;false;false /fp


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
     
  9. rrod93

    rrod93 Thread Starter

    Joined:
    Aug 8, 2010
    Messages:
    11
    This is the OTL.Txt file:

    OTL logfile created on: 2010-08-09 17:53:37 - Run 1
    OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 71.34 Gb Total Space | 28.40 Gb Free Space | 39.81% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive X: | 149.05 Gb Total Space | 87.66 Gb Free Space | 58.82% Space Free | Partition Type: NTFS

    Computer Name: OWNER_PC
    Current User Name: Owner
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010-08-09 17:53:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    PRC - [2010-07-15 09:23:37 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
    PRC - [2010-07-15 09:23:29 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
    PRC - [2010-07-15 09:23:28 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
    PRC - [2010-07-15 09:23:22 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
    PRC - [2010-07-15 09:21:18 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
    PRC - [2010-07-15 09:21:17 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
    PRC - [2010-06-10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010-06-08 14:56:10 | 004,973,056 | ---- | M] (Media Fog Ltd.) -- C:\Program Files\Carambis\Driver Updater\dupdater.exe
    PRC - [2010-05-20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    PRC - [2009-12-15 18:44:56 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
    PRC - [2009-03-25 21:48:46 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2008-09-30 17:46:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2008-09-30 17:46:12 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2008-05-26 23:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    PRC - [2008-04-13 19:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007-08-16 08:56:14 | 000,236,016 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    PRC - [2006-09-11 04:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    PRC - [2003-08-06 13:24:20 | 012,037,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE


    ========== Modules (SafeList) ==========

    MOD - [2010-08-09 17:53:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    MOD - [2008-04-14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010-07-15 09:23:22 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2010-06-10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010-05-20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2010-03-18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
    SRV - [2010-03-18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010-03-18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
    SRV - [2009-06-02 07:21:40 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009-04-02 12:47:04 | 000,234,888 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
    SRV - [2005-11-17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010-07-15 09:23:34 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
    DRV - [2010-07-15 09:21:19 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
    DRV - [2009-07-22 22:47:31 | 000,003,026 | ---- | M] (Logix4u) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hwinterface.sys -- (hwinterface)
    DRV - [2009-05-31 18:44:14 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2008-04-13 19:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2007-04-09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2007-04-09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2007-04-09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2006-10-22 13:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2006-08-15 10:48:00 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
    DRV - [2006-08-15 10:46:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
    DRV - [2006-08-15 10:46:04 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2006-08-15 10:46:04 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2003-08-04 08:12:25 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
    DRV - [2003-07-02 10:26:20 | 000,202,368 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2003-07-02 10:25:24 | 000,631,680 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2003-07-02 10:24:16 | 001,063,936 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2001-08-17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/search?fr=mcafee&p=
    IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    IE - HKCU\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultEngine: "Yahoo"
    FF - prefs.js..browser.search.defaultenginename: "Secure Search"
    FF - prefs.js..browser.search.order.1: "Ask"
    FF - prefs.js..browser.search.param.yahoo-fr: "chrf-offrhap"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-offrhap"
    FF - prefs.js..browser.search.selectedEngine: "Secure Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://search.yahoo.com/search?fr=mcafee&p=%s"
    FF - prefs.js..extensions.enabledItems: [email protected]:2.0
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
    FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="


    FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010-08-09 07:55:01 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-08-08 18:11:35 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-08-08 18:11:33 | 000,000,000 | ---D | M]

    [2003-08-09 20:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
    [2003-08-09 20:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
    [2010-08-09 07:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\y4bi0lnz.default\extensions
    [2009-09-02 15:29:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\y4bi0lnz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009-04-25 16:16:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\y4bi0lnz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010-01-08 18:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\y4bi0lnz.default\extensions\[email protected]
    [2009-06-08 18:39:44 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\y4bi0lnz.default\searchplugins\ask.xml
    [2009-06-01 07:34:19 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\y4bi0lnz.default\searchplugins\daemon-search.xml
    [2010-08-08 18:11:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010-08-09 07:50:53 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

    O1 HOSTS File: ([2010-08-09 11:45:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O2 - BHO: () - {A4F43FBC-F9F9-45B7-B009-192EF77E33FA} - C:\WINDOWS\System32\tzcoapu.dll File not found
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll File not found
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll File not found
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NWEReboot] File not found
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [Driver Updater] C:\Program Files\Carambis\Driver Updater\dupdater.exe (Media Fog Ltd.)
    O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2003-07-21 01:04:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found

    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 0
    MsConfig - State: "startup" - 0

    SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: sermouse.sys - Driver
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vga.sys - Driver
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: sermouse.sys - Driver
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vga.sys - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
    ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
    ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
    ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
    ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
    ActiveX: {CC7AC871-B554-A21F-8B33-68D8B9184726} - Themes Setup
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
    ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
    Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
    Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
    Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010-08-09 17:53:14 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2010-08-09 16:23:50 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2010-08-09 16:11:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\GooredFix Backups
    [2010-08-09 16:11:42 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Owner\Desktop\GooredFix.exe
    [2010-08-09 07:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\tdsskiller
    [2010-08-09 07:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
    [2010-08-09 07:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
    [2010-08-08 18:11:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2010-08-08 15:45:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010-08-08 15:45:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010-08-08 15:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010-07-28 14:40:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\MyGames
    [2010-07-28 14:15:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
    [2010-07-28 14:15:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
    [2010-07-28 14:15:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
    [2010-07-28 14:14:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Visual Studio 2010
    [2010-07-28 14:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
    [2010-07-28 14:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
    [2010-07-28 14:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
    [2010-07-28 13:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GarageGames
    [2010-07-28 13:34:50 | 000,444,952 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
    [2010-07-28 13:34:50 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
    [2010-07-28 13:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
    [2010-07-28 13:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\Torque
    [2010-07-28 13:31:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Design
    [2010-07-28 13:30:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Downloads
    [2010-07-28 13:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
    [2010-07-28 13:19:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Notepad++
    [2010-07-27 12:01:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Artweaver
    [2010-07-27 12:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Artweaver
    [2010-07-27 12:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\Artweaver 1.0
    [2010-07-27 12:01:07 | 006,642,457 | ---- | C] (Boris Eyrich Software ) -- C:\Documents and Settings\Owner\Desktop\Artweaver.exe
    [2010-07-20 11:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Rubens Shared
    [2010-07-18 09:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010-07-18 09:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010-07-18 09:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010-07-15 09:23:28 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2010-07-06 11:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\Magelo
    [2010-07-03 17:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\System Spec Analyser
    [2010-07-02 17:43:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\InstallShield
    [2010-07-01 18:51:56 | 001,045,384 | ---- | C] (PC Drivers HeadQuarters ) -- C:\Documents and Settings\Owner\Desktop\DriverInstaller_DD.exe
    [2010-07-01 18:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Carambis
    [2010-07-01 18:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\Carambis
    [2010-07-01 18:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Motorola_WR850_6.1.4
    [2010-06-30 18:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\WTF
    [2010-06-30 18:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Interface
    [2010-06-30 18:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Cache
    [2010-06-15 11:35:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010-06-15 11:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\Disk Space Visualizer
    [2010-06-15 03:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
    [2010-06-11 20:57:57 | 000,000,000 | ---D | C] -- C:\Program Files\City of Heroes
    [2010-06-10 15:09:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\The Lord of the Rings Online
    [2010-06-10 14:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Turbine
    [2010-06-10 14:55:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Turbine
    [2010-06-10 14:51:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory
    [2010-06-10 14:49:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
    [2010-06-09 22:19:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Atari
    [2003-07-20 19:48:46 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010-08-09 17:53:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2010-08-09 17:00:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010-08-09 16:47:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010-08-09 16:29:54 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010-08-09 16:14:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
    [2010-08-09 16:11:42 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Owner\Desktop\GooredFix.exe
    [2010-08-09 11:45:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2010-08-09 11:45:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010-08-09 11:45:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010-08-09 11:45:22 | 2146,504,704 | -HS- | M] () -- C:\hiberfil.sys
    [2010-08-09 11:44:26 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
    [2010-08-09 11:31:40 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
    [2010-08-09 11:18:01 | 003,817,853 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    [2010-08-09 08:39:38 | 063,167,957 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2010-08-09 07:46:25 | 001,130,629 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
    [2010-08-08 18:11:36 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010-08-08 18:11:36 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010-08-08 15:45:53 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010-08-08 15:34:30 | 003,171,476 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
    [2010-08-08 14:53:42 | 000,000,044 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\{3D55D1F4-1059-11DC-B281-197056D89593}
    [2010-07-28 21:12:57 | 000,001,009 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Torque Game Builder 1.7.5.lnk
    [2010-07-28 21:11:10 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
    [2010-07-28 21:11:10 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
    [2010-07-28 13:43:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010-07-28 13:43:11 | 000,000,165 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
    [2010-07-28 13:39:17 | 000,617,258 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010-07-28 13:39:17 | 000,527,882 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010-07-28 13:39:17 | 000,097,250 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010-07-28 13:36:03 | 000,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
    [2010-07-28 12:27:22 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
    [2010-07-27 12:01:42 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Artweaver 1.0.lnk
    [2010-07-27 12:01:17 | 006,642,457 | ---- | M] (Boris Eyrich Software ) -- C:\Documents and Settings\Owner\Desktop\Artweaver.exe
    [2010-07-27 12:00:32 | 000,260,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SoftonicDownloader38751.exe
    [2010-07-23 09:58:38 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010-07-15 09:23:34 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2010-07-15 09:23:28 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2010-07-15 09:21:19 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2010-07-06 11:44:27 | 000,001,714 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Magelo Sync.lnk
    [2010-07-06 11:44:27 | 000,001,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Magelo Sync.lnk
    [2010-07-06 11:44:03 | 000,459,942 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MageloSyncSetup.exe
    [2010-07-03 20:23:44 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010-07-03 17:13:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010-07-03 16:58:11 | 001,307,954 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SystemSpecAnalyser.exe
    [2010-07-01 18:51:56 | 001,045,384 | ---- | M] (PC Drivers HeadQuarters ) -- C:\Documents and Settings\Owner\Desktop\DriverInstaller_DD.exe
    [2010-07-01 18:43:52 | 000,004,990 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
    [2010-07-01 18:42:00 | 017,581,825 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Motorola_WR850_6.1.4.zip
    [2010-06-15 04:27:26 | 000,000,882 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\World of Warcraft Installer.lnk
    [2010-06-11 20:57:59 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\City of Heroes.lnk
    [2010-06-11 03:33:50 | 000,300,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010-06-10 14:55:26 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
    [2010-06-10 14:55:17 | 000,079,648 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010-08-09 11:33:43 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010-08-09 11:33:43 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010-08-09 11:19:15 | 003,817,853 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    [2010-08-09 07:46:25 | 001,130,629 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
    [2010-08-08 18:11:36 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010-08-08 18:11:36 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010-08-08 15:45:53 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010-07-28 21:11:11 | 000,001,009 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Torque Game Builder 1.7.5.lnk
    [2010-07-28 13:43:11 | 000,000,165 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
    [2010-07-28 13:36:03 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
    [2010-07-28 13:35:53 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{3D55D1F4-1059-11DC-B281-197056D89593}
    [2010-07-27 12:01:42 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Artweaver 1.0.lnk
    [2010-07-27 12:00:31 | 000,260,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SoftonicDownloader38751.exe
    [2010-07-18 09:09:22 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010-07-06 11:44:27 | 000,001,714 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Magelo Sync.lnk
    [2010-07-06 11:44:27 | 000,001,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Magelo Sync.lnk
    [2010-07-06 11:44:03 | 000,459,942 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MageloSyncSetup.exe
    [2010-07-03 20:25:15 | 2146,504,704 | -HS- | C] () -- C:\hiberfil.sys
    [2010-07-03 20:23:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010-07-03 16:58:06 | 001,307,954 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SystemSpecAnalyser.exe
    [2010-07-01 18:43:52 | 000,004,990 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
    [2010-07-01 18:41:21 | 017,581,825 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Motorola_WR850_6.1.4.zip
    [2010-06-11 20:57:59 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\City of Heroes.lnk
    [2010-06-10 14:55:26 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
    [2010-01-12 11:24:44 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
    [2010-01-12 11:24:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
    [2009-10-07 22:41:24 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI
    [2009-10-07 22:40:07 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
    [2009-10-07 22:39:08 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
    [2009-10-07 22:38:47 | 000,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
    [2009-08-30 10:04:50 | 000,000,019 | ---- | C] () -- C:\WINDOWS\wp.ini
    [2009-08-30 10:03:12 | 000,002,303 | ---- | C] () -- C:\WINDOWS\wp2.ini
    [2009-07-22 22:06:35 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\2D55EAC86B.sys
    [2009-07-22 22:06:13 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2009-03-25 22:23:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009-03-25 22:12:59 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009-03-25 21:53:06 | 000,006,909 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2008-10-28 17:40:48 | 000,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
    [2007-09-27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007-09-27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007-09-27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2006-10-22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2006-10-22 12:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2006-10-22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2006-10-22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2006-10-22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2006-10-22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2006-10-22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [2005-12-21 05:36:46 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2005-11-05 11:46:26 | 000,000,537 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
    [2005-08-30 00:00:00 | 000,781,312 | ---- | C] () -- C:\WINDOWS\System32\RGSS102J.dll
    [2005-08-30 00:00:00 | 000,778,752 | ---- | C] () -- C:\WINDOWS\System32\RGSS102E.dll
    [2005-08-30 00:00:00 | 000,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll
    [2005-02-05 14:46:00 | 000,004,608 | ---- | C] () -- C:\WINDOWS\fgexec.dll
    [2003-07-26 07:46:55 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
    [2003-07-20 19:48:55 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
    [2003-01-07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2009-10-07 22:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica
    [2010-07-27 12:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artweaver
    [2003-07-30 22:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2010-01-15 17:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2009-06-01 07:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2009-12-18 11:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
    [2009-08-06 14:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
    [2010-06-09 19:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
    [2009-06-12 15:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
    [2009-06-02 07:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdBackup
    [2010-06-15 13:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009-03-25 22:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2010-04-15 23:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009-11-09 19:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009-12-07 21:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Any Video Converter
    [2010-07-27 12:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Artweaver
    [2010-06-09 22:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Atari
    [2010-07-01 18:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Carambis
    [2009-06-01 18:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Clone2Go Video Converter Free Version
    [2009-06-01 07:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Lite
    [2009-08-30 08:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Design Science
    [2009-08-02 09:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DVDFab
    [2009-03-25 21:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FLVPlayer4Free
    [2010-07-28 21:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GarageGames
    [2009-05-17 11:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImTOO Software Studio
    [2010-04-17 12:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Laconic Software
    [2009-10-07 22:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MAGIX
    [2009-08-24 12:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MoveFab
    [2009-12-07 20:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Moyea
    [2010-04-15 21:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\My Games
    [2010-07-28 13:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Notepad++
    [2009-11-29 10:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
    [2009-05-24 22:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Research In Motion
    [2009-10-30 13:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SecondLife
    [2010-07-17 11:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
    [2010-06-10 14:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Turbine
    [2010-01-21 21:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
    [2009-07-08 20:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Watchtower
    [2009-03-25 14:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
    [2009-03-28 22:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
    [2010-02-16 10:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wizards of the Coast
    [2009-04-10 00:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\zojzlpyk

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2003-07-21 01:04:45 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009-04-06 09:26:33 | 000,000,212 | ---- | M] () -- C:\Boot.bak
    [2009-04-14 17:27:37 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2004-08-03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2010-08-09 16:32:27 | 000,498,932 | ---- | M] () -- C:\ComboFix.txt
    [2003-07-21 01:04:45 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010-08-09 11:45:22 | 2146,504,704 | -HS- | M] () -- C:\hiberfil.sys
    [2003-07-21 01:04:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2003-07-29 21:19:58 | 000,010,402 | ---- | M] () -- C:\MP4debug.log
    [2003-07-21 01:04:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2008-04-13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008-04-14 00:01:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010-08-09 11:45:21 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2009-07-22 22:30:35 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\psapi.dll
    [2003-07-21 01:09:39 | 000,000,165 | ---- | M] () -- C:\setup.log
    [2010-08-09 08:25:53 | 000,036,684 | ---- | M] () -- C:\TDSSKiller.2.4.1.0_09.08.2010_07.52.38_log.txt
    [2010-06-30 20:29:53 | 000,001,231 | ---- | M] () -- C:\tracert.txt

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.* >
    [2008-07-06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2003-06-18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008-07-06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2003-07-20 19:41:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2003-07-20 19:41:38 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2003-07-20 19:41:38 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\*.wt >

    < %systemroot%\system32\*.ruy >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.com >
    [2006-04-18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006-06-29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006-04-18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006-06-29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\Fonts\*.ini >
    [2003-07-21 01:04:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2009-01-28 05:53:12 | 002,256,728 | ---- | M] (Laconic Software) -- C:\WINDOWS\freefire.scr
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2010-03-18 00:21:11 | 000,001,650 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >
    [2009-03-16 14:36:40 | 001,347,346 | -H-- | M] () -- C:\Program Files\Apr2005_d3dx9_25_x64.cab
    [2009-03-16 14:36:42 | 001,078,954 | -H-- | M] () -- C:\Program Files\Apr2005_d3dx9_25_x86.cab
    [2009-03-16 14:36:38 | 001,397,830 | -H-- | M] () -- C:\Program Files\Apr2006_d3dx9_30_x64.cab
    [2009-03-16 14:36:44 | 001,115,221 | -H-- | M] () -- C:\Program Files\Apr2006_d3dx9_30_x86.cab
    [2009-03-16 14:36:38 | 000,916,422 | -H-- | M] () -- C:\Program Files\Apr2006_MDX1_x86.cab
    [2009-03-16 14:36:48 | 004,162,622 | -H-- | M] () -- C:\Program Files\Apr2006_MDX1_x86_Archive.cab
    [2009-03-16 14:36:28 | 000,179,125 | -H-- | M] () -- C:\Program Files\Apr2006_XACT_x64.cab
    [2009-03-16 14:36:20 | 000,133,095 | -H-- | M] () -- C:\Program Files\Apr2006_XACT_x86.cab
    [2009-03-16 14:36:16 | 000,087,093 | -H-- | M] () -- C:\Program Files\Apr2006_xinput_x64.cab
    [2009-03-16 14:36:12 | 000,046,002 | -H-- | M] () -- C:\Program Files\Apr2006_xinput_x86.cab
    [2009-03-16 14:36:34 | 000,698,612 | -H-- | M] () -- C:\Program Files\APR2007_d3dx10_33_x64.cab
    [2009-03-16 14:36:32 | 000,695,857 | -H-- | M] () -- C:\Program Files\APR2007_d3dx10_33_x86.cab
    [2009-03-16 14:36:38 | 001,607,358 | -H-- | M] () -- C:\Program Files\APR2007_d3dx9_33_x64.cab
    [2009-03-16 14:36:38 | 001,606,039 | -H-- | M] () -- C:\Program Files\APR2007_d3dx9_33_x86.cab
    [2009-03-16 14:36:26 | 000,195,758 | -H-- | M] () -- C:\Program Files\APR2007_XACT_x64.cab
    [2009-03-16 14:36:26 | 000,151,225 | -H-- | M] () -- C:\Program Files\APR2007_XACT_x86.cab
    [2009-03-16 14:36:20 | 000,096,817 | -H-- | M] () -- C:\Program Files\APR2007_xinput_x64.cab
    [2009-03-16 14:36:14 | 000,053,302 | -H-- | M] () -- C:\Program Files\APR2007_xinput_x86.cab
    [2009-03-16 14:36:42 | 001,350,534 | -H-- | M] () -- C:\Program Files\Aug2005_d3dx9_27_x64.cab
    [2009-03-16 14:36:42 | 001,077,644 | -H-- | M] () -- C:\Program Files\Aug2005_d3dx9_27_x86.cab
    [2009-03-16 14:36:26 | 000,182,895 | -H-- | M] () -- C:\Program Files\AUG2006_XACT_x64.cab
    [2009-03-16 14:36:22 | 000,137,227 | -H-- | M] () -- C:\Program Files\AUG2006_XACT_x86.cab
    [2009-03-16 14:36:16 | 000,087,134 | -H-- | M] () -- C:\Program Files\AUG2006_xinput_x64.cab
    [2009-03-16 14:36:12 | 000,046,050 | -H-- | M] () -- C:\Program Files\AUG2006_xinput_x86.cab
    [2009-03-16 14:36:36 | 000,852,278 | -H-- | M] () -- C:\Program Files\AUG2007_d3dx10_35_x64.cab
    [2009-03-16 14:36:34 | 000,796,859 | -H-- | M] () -- C:\Program Files\AUG2007_d3dx10_35_x86.cab
    [2009-03-16 14:36:48 | 001,800,152 | -H-- | M] () -- C:\Program Files\AUG2007_d3dx9_35_x64.cab
    [2009-03-16 14:36:38 | 001,708,144 | -H-- | M] () -- C:\Program Files\AUG2007_d3dx9_35_x86.cab
    [2009-03-16 14:36:28 | 000,198,088 | -H-- | M] () -- C:\Program Files\AUG2007_XACT_x64.cab
    [2009-03-16 14:36:24 | 000,153,004 | -H-- | M] () -- C:\Program Files\AUG2007_XACT_x86.cab
    [2009-03-16 14:36:38 | 000,867,604 | -H-- | M] () -- C:\Program Files\Aug2008_d3dx10_39_x64.cab
    [2009-03-16 14:36:36 | 000,849,159 | -H-- | M] () -- C:\Program Files\Aug2008_d3dx10_39_x86.cab
    [2009-03-16 14:36:48 | 001,794,076 | -H-- | M] () -- C:\Program Files\Aug2008_d3dx9_39_x64.cab
    [2009-03-16 14:36:38 | 001,464,664 | -H-- | M] () -- C:\Program Files\Aug2008_d3dx9_39_x86.cab
    [2009-03-16 14:36:20 | 000,121,824 | -H-- | M] () -- C:\Program Files\Aug2008_XACT_x64.cab
    [2009-03-16 14:36:20 | 000,093,004 | -H-- | M] () -- C:\Program Files\Aug2008_XACT_x86.cab
    [2009-03-16 14:36:32 | 000,271,360 | -H-- | M] () -- C:\Program Files\Aug2008_XAudio_x64.cab
    [2009-03-16 14:36:32 | 000,269,842 | -H-- | M] () -- C:\Program Files\Aug2008_XAudio_x86.cab
    [2009-03-16 14:36:44 | 001,155,483 | -H-- | M] () -- C:\Program Files\BDANT.cab
    [2009-03-16 14:36:38 | 000,975,148 | -H-- | M] () -- C:\Program Files\BDAXP.cab
    [2009-03-16 14:36:38 | 001,357,976 | -H-- | M] () -- C:\Program Files\Dec2005_d3dx9_28_x64.cab
    [2009-03-16 14:36:42 | 001,079,456 | -H-- | M] () -- C:\Program Files\Dec2005_d3dx9_28_x86.cab
    [2009-03-16 14:36:30 | 000,212,799 | -H-- | M] () -- C:\Program Files\DEC2006_d3dx10_00_x64.cab
    [2009-03-16 14:36:30 | 000,191,720 | -H-- | M] () -- C:\Program Files\DEC2006_d3dx10_00_x86.cab
    [2009-03-16 14:36:38 | 001,571,154 | -H-- | M] () -- C:\Program Files\DEC2006_d3dx9_32_x64.cab
    [2009-03-16 14:36:38 | 001,574,376 | -H-- | M] () -- C:\Program Files\DEC2006_d3dx9_32_x86.cab
    [2009-03-16 14:36:26 | 000,192,475 | -H-- | M] () -- C:\Program Files\DEC2006_XACT_x64.cab
    [2009-03-16 14:36:22 | 000,145,591 | -H-- | M] () -- C:\Program Files\DEC2006_XACT_x86.cab
    [2009-03-16 14:35:34 | 000,094,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\DSETUP.dll
    [2009-03-16 14:36:16 | 001,691,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\dsetup32.dll
    [2009-03-16 14:36:12 | 000,044,444 | -H-- | M] () -- C:\Program Files\dxdllreg_x86.cab
    [2009-03-16 14:36:48 | 013,264,160 | -H-- | M] () -- C:\Program Files\dxnt.cab
    [2009-03-16 14:35:46 | 000,525,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\DXSETUP.exe
    [2009-03-16 14:36:18 | 000,095,296 | -H-- | M] () -- C:\Program Files\dxupdate.cab
    [2009-03-16 14:36:38 | 001,247,499 | -H-- | M] () -- C:\Program Files\Feb2005_d3dx9_24_x64.cab
    [2009-03-16 14:36:42 | 001,013,217 | -H-- | M] () -- C:\Program Files\Feb2005_d3dx9_24_x86.cab
    [2009-03-16 14:36:38 | 001,362,788 | -H-- | M] () -- C:\Program Files\Feb2006_d3dx9_29_x64.cab
    [2009-03-16 14:36:44 | 001,084,712 | -H-- | M] () -- C:\Program Files\Feb2006_d3dx9_29_x86.cab
    [2009-03-16 14:36:28 | 000,178,351 | -H-- | M] () -- C:\Program Files\Feb2006_XACT_x64.cab
    [2009-03-16 14:36:20 | 000,132,409 | -H-- | M] () -- C:\Program Files\Feb2006_XACT_x86.cab
    [2009-03-16 14:36:26 | 000,194,675 | -H-- | M] () -- C:\Program Files\FEB2007_XACT_x64.cab
    [2009-03-16 14:36:24 | 000,147,975 | -H-- | M] () -- C:\Program Files\FEB2007_XACT_x86.cab
    [2009-03-16 14:36:38 | 001,335,994 | -H-- | M] () -- C:\Program Files\Jun2005_d3dx9_26_x64.cab
    [2009-03-16 14:36:42 | 001,064,917 | -H-- | M] () -- C:\Program Files\Jun2005_d3dx9_26_x86.cab
    [2009-03-16 14:36:28 | 000,180,777 | -H-- | M] () -- C:\Program Files\JUN2006_XACT_x64.cab
    [2009-03-16 14:36:20 | 000,133,663 | -H-- | M] () -- C:\Program Files\JUN2006_XACT_x86.cab
    [2009-03-16 14:36:32 | 000,699,036 | -H-- | M] () -- C:\Program Files\JUN2007_d3dx10_34_x64.cab
    [2009-03-16 14:36:34 | 000,698,472 | -H-- | M] () -- C:\Program Files\JUN2007_d3dx10_34_x86.cab
    [2009-03-16 14:36:40 | 001,607,766 | -H-- | M] () -- C:\Program Files\JUN2007_d3dx9_34_x64.cab
    [2009-03-16 14:36:40 | 001,607,286 | -H-- | M] () -- C:\Program Files\JUN2007_d3dx9_34_x86.cab
    [2009-03-16 14:36:28 | 000,197,122 | -H-- | M] () -- C:\Program Files\JUN2007_XACT_x64.cab
    [2009-03-16 14:36:24 | 000,152,909 | -H-- | M] () -- C:\Program Files\JUN2007_XACT_x86.cab
    [2009-03-16 14:36:38 | 000,867,828 | -H-- | M] () -- C:\Program Files\JUN2008_d3dx10_38_x64.cab
    [2009-03-16 14:36:36 | 000,849,919 | -H-- | M] () -- C:\Program Files\JUN2008_d3dx10_38_x86.cab
    [2009-03-16 14:36:46 | 001,792,600 | -H-- | M] () -- C:\Program Files\JUN2008_d3dx9_38_x64.cab
    [2009-03-16 14:36:38 | 001,463,878 | -H-- | M] () -- C:\Program Files\JUN2008_d3dx9_38_x86.cab
    [2009-03-16 14:36:14 | 000,055,154 | -H-- | M] () -- C:\Program Files\JUN2008_X3DAudio_x64.cab
    [2009-03-16 14:36:12 | 000,021,897 | -H-- | M] () -- C:\Program Files\JUN2008_X3DAudio_x86.cab
    [2009-03-16 14:36:20 | 000,121,046 | -H-- | M] () -- C:\Program Files\JUN2008_XACT_x64.cab
    [2009-03-16 14:36:20 | 000,093,120 | -H-- | M] () -- C:\Program Files\JUN2008_XACT_x86.cab
    [2009-03-16 14:36:32 | 000,269,620 | -H-- | M] () -- C:\Program Files\JUN2008_XAudio_x64.cab
    [2009-03-16 14:36:32 | 000,269,016 | -H-- | M] () -- C:\Program Files\JUN2008_XAudio_x86.cab
    [2009-03-16 14:36:34 | 000,844,884 | -H-- | M] () -- C:\Program Files\Mar2008_d3dx10_37_x64.cab
    [2009-03-16 14:36:34 | 000,818,252 | -H-- | M] () -- C:\Program Files\Mar2008_d3dx10_37_x86.cab
    [2009-03-16 14:36:46 | 001,769,854 | -H-- | M] () -- C:\Program Files\Mar2008_d3dx9_37_x64.cab
    [2009-03-16 14:36:38 | 001,443,282 | -H-- | M] () -- C:\Program Files\Mar2008_d3dx9_37_x86.cab
    [2009-03-16 14:36:14 | 000,055,058 | -H-- | M] () -- C:\Program Files\Mar2008_X3DAudio_x64.cab
    [2009-03-16 14:36:12 | 000,021,867 | -H-- | M] () -- C:\Program Files\Mar2008_X3DAudio_x86.cab
    [2009-03-16 14:36:20 | 000,122,328 | -H-- | M] () -- C:\Program Files\Mar2008_XACT_x64.cab
    [2009-03-16 14:36:20 | 000,093,726 | -H-- | M] () -- C:\Program Files\Mar2008_XACT_x86.cab
    [2009-03-16 14:36:30 | 000,251,194 | -H-- | M] () -- C:\Program Files\Mar2008_XAudio_x64.cab
    [2009-03-16 14:36:30 | 000,226,242 | -H-- | M] () -- C:\Program Files\Mar2008_XAudio_x86.cab
    [2009-03-16 14:36:42 | 001,067,160 | -H-- | M] () -- C:\Program Files\Mar2009_d3dx10_41_x64.cab
    [2009-03-16 14:36:42 | 001,040,745 | -H-- | M] () -- C:\Program Files\Mar2009_d3dx10_41_x86.cab
    [2009-03-16 14:36:48 | 001,973,694 | -H-- | M] () -- C:\Program Files\Mar2009_d3dx9_41_x64.cab
    [2009-03-16 14:36:38 | 001,612,446 | -H-- | M] () -- C:\Program Files\Mar2009_d3dx9_41_x86.cab
    [2009-03-16 14:36:12 | 000,054,592 | -H-- | M] () -- C:\Program Files\Mar2009_X3DAudio_x64.cab
    [2009-03-16 14:36:10 | 000,021,298 | -H-- | M] () -- C:\Program Files\Mar2009_X3DAudio_x86.cab
    [2009-03-16 14:36:20 | 000,121,498 | -H-- | M] () -- C:\Program Files\Mar2009_XACT_x64.cab
    [2009-03-16 14:36:16 | 000,092,732 | -H-- | M] () -- C:\Program Files\Mar2009_XACT_x86.cab
    [2009-03-16 14:36:30 | 000,275,036 | -H-- | M] () -- C:\Program Files\Mar2009_XAudio_x64.cab
    [2009-03-16 14:36:30 | 000,273,010 | -H-- | M] () -- C:\Program Files\Mar2009_XAudio_x86.cab
    [2009-03-16 14:36:36 | 000,864,592 | -H-- | M] () -- C:\Program Files\Nov2007_d3dx10_36_x64.cab
    [2009-03-16 14:36:34 | 000,803,884 | -H-- | M] () -- C:\Program Files\Nov2007_d3dx10_36_x86.cab
    [2009-03-16 14:36:46 | 001,802,050 | -H-- | M] () -- C:\Program Files\Nov2007_d3dx9_36_x64.cab
    [2009-03-16 14:36:44 | 001,709,352 | -H-- | M] () -- C:\Program Files\Nov2007_d3dx9_36_x86.cab
    [2009-03-16 14:36:12 | 000,046,144 | -H-- | M] () -- C:\Program Files\NOV2007_X3DAudio_x64.cab
    [2009-03-16 14:36:12 | 000,018,488 | -H-- | M] () -- C:\Program Files\NOV2007_X3DAudio_x86.cab
    [2009-03-16 14:36:28 | 000,196,754 | -H-- | M] () -- C:\Program Files\NOV2007_XACT_x64.cab
    [2009-03-16 14:36:22 | 000,148,264 | -H-- | M] () -- C:\Program Files\NOV2007_XACT_x86.cab
    [2009-03-16 14:36:42 | 000,994,146 | -H-- | M] () -- C:\Program Files\Nov2008_d3dx10_40_x64.cab
    [2009-03-16 14:36:38 | 000,965,413 | -H-- | M] () -- C:\Program Files\Nov2008_d3dx10_40_x86.cab
    [2009-03-16 14:36:48 | 001,906,870 | -H-- | M] () -- C:\Program Files\Nov2008_d3dx9_40_x64.cab
    [2009-03-16 14:36:38 | 001,550,796 | -H-- | M] () -- C:\Program Files\Nov2008_d3dx9_40_x86.cab
    [2009-03-16 14:36:12 | 000,055,110 | -H-- | M] () -- C:\Program Files\Nov2008_X3DAudio_x64.cab
    [2009-03-16 14:36:12 | 000,021,836 | -H-- | M] () -- C:\Program Files\Nov2008_X3DAudio_x86.cab
    [2009-03-16 14:36:20 | 000,121,746 | -H-- | M] () -- C:\Program Files\Nov2008_XACT_x64.cab
    [2009-03-16 14:36:18 | 000,092,688 | -H-- | M] () -- C:\Program Files\Nov2008_XACT_x86.cab
    [2009-03-16 14:36:34 | 000,273,990 | -H-- | M] () -- C:\Program Files\Nov2008_XAudio_x64.cab
    [2009-03-16 14:36:32 | 000,273,203 | -H-- | M] () -- C:\Program Files\Nov2008_XAudio_x86.cab
    [2009-03-16 14:36:16 | 000,086,029 | -H-- | M] () -- C:\Program Files\Oct2005_xinput_x64.cab
    [2009-03-16 14:36:12 | 000,045,359 | -H-- | M] () -- C:\Program Files\Oct2005_xinput_x86.cab
    [2009-03-16 14:36:38 | 001,412,894 | -H-- | M] () -- C:\Program Files\OCT2006_d3dx9_31_x64.cab
    [2009-03-16 14:36:42 | 001,127,209 | -H-- | M] () -- C:\Program Files\OCT2006_d3dx9_31_x86.cab
    [2009-03-16 14:36:28 | 000,182,361 | -H-- | M] () -- C:\Program Files\OCT2006_XACT_x64.cab
    [2009-03-16 14:36:22 | 000,138,017 | -H-- | M] () -- C:\Program Files\OCT2006_XACT_x86.cab

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Update\*.* >

    < %PROGRAMFILES%\*. >
    [2009-12-12 14:38:28 | 000,000,000 | ---D | M] -- C:\Program Files\1964
    [2009-12-12 14:48:20 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
    [2010-04-13 18:39:43 | 000,000,000 | ---D | M] -- C:\Program Files\Acoustica Shared Effects
    [2009-12-18 12:01:24 | 000,000,000 | ---D | M] -- C:\Program Files\Activision Value
    [2009-10-30 12:57:43 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
    [2009-03-25 15:18:51 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
    [2009-04-11 12:23:36 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
    [2003-07-21 01:09:41 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
    [2009-03-25 22:34:55 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
    [2010-07-27 15:29:33 | 000,000,000 | ---D | M] -- C:\Program Files\Artweaver 1.0
    [2003-07-27 19:18:10 | 000,000,000 | ---D | M] -- C:\Program Files\AskBarDis
    [2010-01-15 17:19:35 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
    [2003-07-26 07:46:54 | 000,000,000 | ---D | M] -- C:\Program Files\AviSynth 2.5
    [2009-06-10 23:32:16 | 000,000,000 | ---D | M] -- C:\Program Files\Bethesda Softworks
    [2010-07-18 09:03:47 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
    [2010-07-01 18:43:29 | 000,000,000 | ---D | M] -- C:\Program Files\Carambis
    [2010-06-15 08:44:09 | 000,000,000 | ---D | M] -- C:\Program Files\City of Heroes
    [2010-08-09 16:27:49 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
    [2003-07-21 01:01:53 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
    [2009-03-25 15:06:40 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
    [2009-03-25 15:27:17 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
    [2009-08-06 09:34:49 | 000,000,000 | ---D | M] -- C:\Program Files\DebugMode
    [2010-06-15 11:35:10 | 000,000,000 | ---D | M] -- C:\Program Files\Disk Space Visualizer
    [2009-03-25 21:19:57 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
    [2009-12-26 15:14:31 | 000,000,000 | ---D | M] -- C:\Program Files\DOSBox-0.73
    [2009-08-01 17:45:20 | 000,000,000 | ---D | M] -- C:\Program Files\DVDFab 6
    [2009-08-01 17:43:53 | 000,000,000 | ---D | M] -- C:\Program Files\DVDFab Platinum 4
    [2009-03-26 10:50:57 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft
    [2010-04-15 23:18:01 | 000,000,000 | ---D | M] -- C:\Program Files\E.M. Youtube Video Download Tool
    [2003-07-26 07:42:45 | 000,000,000 | ---D | M] -- C:\Program Files\eRightSoft
    [2009-03-26 10:25:32 | 000,000,000 | ---D | M] -- C:\Program Files\ffdshow
    [2010-04-12 20:28:11 | 000,000,000 | ---D | M] -- C:\Program Files\Firaxis Games
    [2009-12-03 11:48:23 | 000,000,000 | ---D | M] -- C:\Program Files\FLVPlayer4Free
    [2010-04-17 12:17:43 | 000,000,000 | ---D | M] -- C:\Program Files\Free Fire Screensaver
    [2010-01-13 18:04:30 | 000,000,000 | ---D | M] -- C:\Program Files\GamersFirst
    [2010-04-15 23:18:27 | 000,000,000 | ---D | M] -- C:\Program Files\GameSpy Arcade
    [2003-07-21 01:26:13 | 000,000,000 | ---D | M] -- C:\Program Files\Google
    [2009-12-10 00:38:22 | 000,000,000 | ---D | M] -- C:\Program Files\GStudio7
    [2009-05-17 11:01:22 | 000,000,000 | ---D | M] -- C:\Program Files\ImTOO
    [2010-06-15 10:45:21 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
    [2010-08-08 15:20:14 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
    [2010-07-18 09:08:21 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
    [2009-06-30 11:04:03 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
    [2010-07-18 09:09:20 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
    [2009-12-15 18:44:51 | 000,000,000 | ---D | M] -- C:\Program Files\Java
    [2009-03-25 16:53:22 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
    [2003-07-24 22:37:04 | 000,000,000 | ---D | M] -- C:\Program Files\LG Electronics
    [2009-07-25 15:25:38 | 000,000,000 | ---D | M] -- C:\Program Files\LightWave [8]
    [2009-06-30 10:57:51 | 000,000,000 | ---D | M] -- C:\Program Files\Macromedia
    [2010-07-06 11:44:26 | 000,000,000 | ---D | M] -- C:\Program Files\Magelo
    [2009-12-18 11:59:06 | 000,000,000 | ---D | M] -- C:\Program Files\MAGIX
    [2010-08-08 18:29:33 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010-04-15 23:18:47 | 000,000,000 | ---D | M] -- C:\Program Files\MathType
    [2010-08-09 11:32:59 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
    [2009-03-25 14:52:19 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
    [2009-03-25 22:22:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
    [2003-07-21 01:04:57 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
    [2003-08-11 05:09:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
    [2009-06-10 11:41:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games for Windows - LIVE
    [2010-07-28 14:11:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Help Viewer
    [2009-03-25 22:21:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
    [2010-07-28 14:11:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs
    [2010-03-15 14:33:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
    [2010-07-28 14:15:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
    [2010-07-28 14:15:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
    [2010-07-28 14:15:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
    [2010-07-28 14:17:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 10.0
    [2010-07-28 13:30:54 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
    [2010-03-10 04:07:27 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
    [2010-08-08 18:11:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
    [2009-08-08 03:05:38 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
    [2003-07-21 01:00:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
    [2003-07-21 01:01:02 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
    [2009-04-02 08:15:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
    [2003-07-21 01:02:49 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
    [2010-07-28 13:19:13 | 000,000,000 | ---D | M] -- C:\Program Files\Notepad++
    [2003-07-21 01:01:11 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
    [2010-07-28 13:34:51 | 000,000,000 | ---D | M] -- C:\Program Files\OpenAL
    [2009-03-25 16:53:18 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
    [2010-06-11 03:33:48 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
    [2003-08-11 07:37:14 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
    [2009-10-30 12:57:38 | 000,000,000 | ---D | M] -- C:\Program Files\Pinnacle
    [2009-12-18 11:59:27 | 000,000,000 | ---D | M] -- C:\Program Files\Project64 1.6
    [2009-08-06 09:31:32 | 000,000,000 | ---D | M] -- C:\Program Files\Pure Motion
    [2010-04-15 23:04:24 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
    [2009-03-25 21:19:20 | 000,000,000 | ---D | M] -- C:\Program Files\Real
    [2009-08-08 03:05:25 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
    [2009-03-29 16:31:38 | 000,000,000 | ---D | M] -- C:\Program Files\Research In Motion
    [2009-05-17 11:18:07 | 000,000,000 | ---D | M] -- C:\Program Files\RMVB Converter
    [2009-03-29 16:40:36 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
    [2009-12-18 12:01:14 | 000,000,000 | ---D | M] -- C:\Program Files\rpg2003
    [2010-01-15 15:06:46 | 000,000,000 | ---D | M] -- C:\Program Files\Sierra
    [2009-08-06 09:31:31 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic Foundry
    [2009-10-07 22:35:31 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Setup
    [2010-07-03 17:00:46 | 000,000,000 | ---D | M] -- C:\Program Files\System Spec Analyser
    [2010-07-17 11:50:27 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
    [2010-07-28 21:10:34 | 000,000,000 | ---D | M] -- C:\Program Files\Torque
    [2009-08-06 09:50:37 | 000,000,000 | ---D | M] -- C:\Program Files\Total Video Converter
    [2010-04-15 22:24:54 | 000,000,000 | ---D | M] -- C:\Program Files\Ubi Soft
    [2010-01-15 18:30:00 | 000,000,000 | ---D | M] -- C:\Program Files\Ubisoft
    [2003-07-21 01:10:31 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
    [2003-07-24 22:54:15 | 000,000,000 | ---D | M] -- C:\Program Files\V CAST Music with Rhapsody
    [2009-07-08 20:49:56 | 000,000,000 | ---D | M] -- C:\Program Files\Watchtower
    [2003-07-29 21:14:51 | 000,000,000 | ---D | M] -- C:\Program Files\WinAVI MP4 Converter
    [2009-06-11 03:09:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
    [2009-03-25 14:50:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
    [2009-03-25 14:50:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
    [2003-07-21 01:00:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
    [2003-07-21 01:03:21 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
    [2009-03-25 21:19:29 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
    [2010-02-16 10:24:53 | 000,000,000 | ---D | M] -- C:\Program Files\Wizards of the Coast
    [2010-07-28 08:22:42 | 000,000,000 | ---D | M] -- C:\Program Files\World of Warcraft
    [2003-07-21 01:04:57 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
    [2003-07-26 00:12:17 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!


    < MD5 for: WINLOGON.EXE >
    [2008-04-14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=314B7A22B03FA4ED61625A95BB1D5D0A -- C:\WINDOWS\system32\winlogon.exe

    < MD5 for: WINLOGON.EXE.20090408-201805-00.HDMP >
    [2009-04-08 15:18:21 | 014,323,422 | ---- | M] () MD5=36F1B7A60D47D6DC39C10E560AE6BA2E -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\winlogon.exe.20090408-201805-00.hdmp

    < MD5 for: WINLOGON.EXE.20090408-201805-00.MDMP >
    [2009-04-08 15:18:11 | 000,097,125 | ---- | M] () MD5=091258837473F193B238FEA847AE31E2 -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\winlogon.exe.20090408-201805-00.mdmp

    < MD5 for: WINLOGON.EXE.20100808-225430-00.HDMP >
    [2010-08-08 17:54:36 | 006,813,879 | ---- | M] () MD5=6A7F7BAB7BB11EB3F9D8D0AB92FC7C1C -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\winlogon.exe.20100808-225430-00.hdmp

    < MD5 for: WINLOGON.EXE.20100808-225430-00.MDMP >
    [2010-08-08 17:54:32 | 000,066,414 | ---- | M] () MD5=CEE323DBD448E02F1BE09B4C8F3B7395 -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\winlogon.exe.20100808-225430-00.mdmp

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
    "AutoInstallMinorUpdates" = 1

    < set /c >
    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Owner\Application Data
    asl.log=Destination=file;OnFirstLog=command,environment
    CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=OWNER_PC
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Owner
    LOGONSERVER=\\OWNER_PC
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\Common Files\Adobe\AGL
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0209
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
    SESSIONNAME=Console
    sfxcmd="C:\Documents and Settings\Owner\Desktop\ComboFix.exe" "C:\Documents and Settings\Owner\Desktop\CFScript.txt"
    sfxname=C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
    TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
    USERDOMAIN=OWNER_PC
    USERNAME=Owner
    USERPROFILE=C:\Documents and Settings\Owner
    windir=C:\WINDOWS

    < %PROGRAMFILES%|bak;true;false;false /fp >
    [2009-03-25 21:54:20 | 000,000,000 | ---D | M] -- C:\Program Files\LightWave [8]\Content\Classic Content\Images\MeniThings\Bots\BakedImages_Lorez

    < %systemroot%\system32|bak;true;false;false /fp >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48A9EADC
    < End of report >

    This is the Extras.Txt File:

    OTL Extras logfile created on: 2010-08-09 17:53:37 - Run 1
    OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 71.34 Gb Total Space | 28.40 Gb Free Space | 39.81% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive X: | 149.05 Gb Total Space | 87.66 Gb Free Space | 58.82% Space Free | Partition Type: NTFS

    Computer Name: OWNER_PC
    Current User Name: Owner
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "58879:TCP" = 58879:TCP:*:Enabled:pando Media Booster
    "58879:UDP" = 58879:UDP:*:Enabled:pando Media Booster
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "58879:TCP" = 58879:TCP:*:Enabled:pando Media Booster
    "58879:UDP" = 58879:UDP:*:Enabled:pando Media Booster
    "6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
    "1120:TCP" = 1120:TCP:*:Enabled:Blizzard Downloader
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
    "C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
    "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster -- ()
    "C:\Program Files\World of Warcraft\Repair.exe" = C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:World of Warcraft - Repair -- (Blizzard Entertainment, Inc.)
    "C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe" = C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe:*:Enabled:World of Warcraft - Uninstall -- ()
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
    "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
    "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
    "{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
    "{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
    "{542068F1-9AAE-4E1B-8ACA-094FE03728BE}" = Carambis Driver Updater
    "{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
    "{5A447CFB-B64E-4D3C-9744-2EA44EFB8F97}" = BlackBerry Device Software Updater
    "{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
    "{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}" = Roxio Media Manager
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{765E50AF-5550-4F7E-84F4-524D1BF2C49D}" = MSM2MSI_gstudio
    "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
    "{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
    "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{A025CFB8-64E7-4432-824F-11E7C5ED2ECE}_is1" = Artweaver 1.0
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
    "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
    "{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
    "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C178B38F-613A-4EFE-B718-A675BD27A1E1}" = BlackBerry Desktop Software 4.3
    "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
    "{C3BDF1C8-66EF-4A0F-B427-A99E39706F45}_is1" = RMVB Converter 1.8
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{DE5BFF9C-84D1-4B09-9C20-54633044CB85}" = Watchtower Library 2008 - English
    "{E5D52570-5EF1-4576-A434-6CCD92268F0F}" = Google SketchUp 7
    "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
    "{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
    "{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
    "7-Zip" = 7-Zip 4.65
    "Acoustica Effects Pack" = Acoustica Effects Pack
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "Ask Toolbar_is1" = Ask Toolbar
    "AVG9Uninstall" = AVG Free 9.0
    "BlackBerry_{C178B38F-613A-4EFE-B718-A675BD27A1E1}" = BlackBerry Desktop Software 4.3
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2702" = Conexant SmartHSFi V.9x 56K Speakerphone PCI Modem
    "COH" = City of Villains/City of Heroes (remove only)
    "DVDFab 6_is1" = DVDFab 6.0.4.0 (28/07/2009)
    "ffdshow" = ffdshow
    "Firebird SQL Server US" = Firebird SQL Server - MAGIX Edition
    "FLVPlayer4Free Free FLV Player_is1" = FLVPlayer4Free Free FLV Player 3.8.0.0
    "Free Fire Screensaver" = Free Fire Screensaver
    "Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.1
    "ImTOO iPod Movie Converter" = ImTOO iPod Movie Converter
    "IrfanView" = IrfanView (remove only)
    "Magelo Sync" = Magelo Sync (uninstall only)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
    "Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
    "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NeroMultiInstaller!UninstallKey" = Nero Suite
    "Notepad++" = Notepad++
    "NVIDIA Drivers" = NVIDIA Drivers
    "OpenAL" = OpenAL
    "RealPlayer 6.0" = RealPlayer
    "SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
    "SystemRequirementsLab" = System Requirements Lab
    "Torque Game Builder 1.7.5" = Torque Game Builder 1.7.5 (remove only)
    "Uninstall_is1" = Uninstall 1.0.0.1
    "V CAST Music with Rhapsody" = V CAST Music with Rhapsody
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "World of Warcraft" = World of Warcraft
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Zero Assumption Disk Space Visualizer_is1" = Zero Assumption Disk Space Visualizer 1.2

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "f031ef6ac137efc5" = Dell Driver Download Manager

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2010-08-09 17:29:06 | Computer Name = OWNER_PC | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\COMBOFIX\TEMP4602> in the hash map cannot be updated.
    Context:
    Application, SystemIndex Catalog Details: A device attached to the system is not
    functioning. (0x8007001f)

    Error - 2010-08-09 17:29:06 | Computer Name = OWNER_PC | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\COMBOFIX\TEMP4601> in the hash map cannot be updated.
    Context:
    Application, SystemIndex Catalog Details: A device attached to the system is not
    functioning. (0x8007001f)

    Error - 2010-08-09 17:29:26 | Computer Name = OWNER_PC | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\COMBOFIX\TEMP5001> in the hash map cannot be updated.
    Context:
    Application, SystemIndex Catalog Details: A device attached to the system is not
    functioning. (0x8007001f)

    Error - 2010-08-09 17:32:31 | Computer Name = OWNER_PC | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\COMBOFIX\TOOLB-00> in the hash map cannot be updated.
    Context:
    Application, SystemIndex Catalog Details: A device attached to the system is not
    functioning. (0x8007001f)

    Error - 2010-08-09 17:32:32 | Computer Name = OWNER_PC | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\COMBOFIX\TEMP02> in the hash map cannot be updated. Context:
    Application, SystemIndex Catalog Details: A device attached to the system is not
    functioning. (0x8007001f)

    Error - 2010-08-09 17:32:32 | Computer Name = OWNER_PC | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\COMBOFIX\TEMP02> in the hash map cannot be updated. Context:
    Application, SystemIndex Catalog Details: A device attached to the system is not
    functioning. (0x8007001f)

    Error - 2010-08-09 17:32:32 | Computer Name = OWNER_PC | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\COMBOFIX\TEMP03> in the hash map cannot be updated. Context:
    Application, SystemIndex Catalog Details: A device attached to the system is not
    functioning. (0x8007001f)

    Error - 2010-08-09 17:32:32 | Computer Name = OWNER_PC | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\COMBOFIX\TEMP02> in the hash map cannot be updated. Context:
    Application, SystemIndex Catalog Details: A device attached to the system is not
    functioning. (0x8007001f)

    Error - 2010-08-09 17:32:32 | Computer Name = OWNER_PC | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\COMBOFIX\TEMP03> in the hash map cannot be updated. Context:
    Application, SystemIndex Catalog Details: A device attached to the system is not
    functioning. (0x8007001f)

    Error - 2010-08-09 17:40:49 | Computer Name = OWNER_PC | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 7.0.6000.17055, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    [ System Events ]
    Error - 2010-07-29 17:04:45 | Computer Name = OWNER_PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume C:.

    Error - 2010-08-08 19:26:24 | Computer Name = OWNER_PC | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.

    Error - 2010-08-09 12:36:06 | Computer Name = OWNER_PC | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.

    Error - 2010-08-09 12:40:37 | Computer Name = OWNER_PC | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.

    Error - 2010-08-09 12:41:11 | Computer Name = OWNER_PC | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.

    Error - 2010-08-09 12:43:54 | Computer Name = OWNER_PC | Source = PlugPlayManager | ID = 11
    Description = The device Root\LEGACY_NPF\0000 disappeared from the system without
    first being prepared for removal.

    Error - 2010-08-09 12:46:28 | Computer Name = OWNER_PC | Source = Service Control Manager | ID = 7023
    Description = The HID Input Service service terminated with the following error:
    %%126

    Error - 2010-08-09 17:24:19 | Computer Name = OWNER_PC | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.

    Error - 2010-08-09 17:27:12 | Computer Name = OWNER_PC | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.

    Error - 2010-08-09 17:27:49 | Computer Name = OWNER_PC | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.


    < End of report >
     
  10. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
      IE - HKCU\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
      O2 - BHO: () - {A4F43FBC-F9F9-45B7-B009-192EF77E33FA} - C:\WINDOWS\System32\tzcoapu.dll File not found
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      [2009-04-10 00:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\zojzlpyk
      
      :Services
      
      :Reg
      
      :Files
      ipconfig /flushdns /c
      
      :Commands
      [purity]
      [resethosts]
      [emptytemp]
      [EMPTYFLASH]
      [CREATERESTOREPOINT]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done



    Download TFC to your desktop
    • Open the file and close any other windows.
    • It will close all programs itself when run, make sure to let it run uninterrupted.
    • Click the Start button to begin the process. The program should not take long to finish its job
    • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




    Please download Malwarebytes' Anti-Malware from Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






    Go to Kaspersky website and perform an online antivirus scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.


    * Go here to run an online scannner from ESET.
    • Note: You will need to use Internet explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Check next options: Remove found threats and Scan unwanted applications.
    • Click Scan
    • Wait for the scan to finish
    • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
    • Copy and paste that log as a reply to this topic
     
  11. rrod93

    rrod93 Thread Starter

    Joined:
    Aug 8, 2010
    Messages:
    11
    Here is the log from MBAM:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org
    Database version: 4412
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13
    2010-08-10 08:23:29
    mbam-log-2010-08-10 (08-23-29).txt
    Scan type: Quick scan
    Objects scanned: 152941
    Time elapsed: 6 minute(s), 54 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_CURRENT_USER\Software\WinServers (Malware.Trace) -> Quarantined and deleted successfully.
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)

    Here are the results from Kaspersky:

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Tuesday, August 10, 2010
    Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Tuesday, August 10, 2010 08:52:02
    Records in database: 4131149
    --------------------------------------------------------------------------------
    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes
    Scan area - My Computer:
    A:\
    C:\
    D:\
    E:\
    X:\
    Scan statistics:
    Objects scanned: 95292
    Threats found: 0
    Infected objects found: 0
    Suspicious objects found: 0
    Scan duration: 02:41:12
    No threats found. Scanned area is clean.
    Selected area has been scanned.

    Here is the ESET log:

    [email protected] as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=7.00.6000.17055 (vista_gdr.100414-0533)
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=0cdd208ac6d97d40a71df458cd813346
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-08-10 09:36:08
    # local_time=2010-08-10 04:36:08 (-0600, Central Daylight Time)
    # country="United States"
    # lang=9
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=768 16777215 100 0 41080565 41080565 0 0
    # compatibility_mode=1024 16777191 100 0 17796006 17796006 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=96881
    # found=0
    # cleaned=0
    # scan_time=3388
     
  12. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    • Make sure to use Internet Explorer for this
    • Please go to VirSCAN.org FREE on-line scan service
    • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
      • C:\WINDOWS\system32\winlogon.exe
    • Click on the Upload button
    • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
    • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
    • Paste the contents of the Clipboard in your next reply.
     
  13. rrod93

    rrod93 Thread Starter

    Joined:
    Aug 8, 2010
    Messages:
    11
    VirSCAN.org Scanned Report :
    Scanned time : 2010/08/10 16:58:42 (CDT)
    Scanner results: 19% Scanner(s) (7/36) found malware!
    File Name : winlogon.exe
    File Size : 507904 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : 314b7a22b03fa4ed61625a95bb1d5d0a
    SHA1 : e71a140366724092014bd2566f50b93f85e89eb6
    Online report : http://virscan.org/report/417438d78ef967cca984745ae735b36d.html
    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 5.0.0.18 20100811050659 2010-08-11 0.43 -
    AhnLab V3 2010.08.07.00 2010.08.07 2010-08-07 1.42 -
    AntiVir 8.2.4.34 7.10.10.144 2010-08-10 0.27 TR/Spy.507904.8
    Antiy 2.0.18 20100810.4923669 2010-08-10 0.02 -
    Arcavir 2009 201006281601 2010-06-28 0.00 -
    Authentium 5.1.1 201008101319 2010-08-10 1.29 -
    AVAST! 4.7.4 100810-1 2010-08-10 0.03 -
    AVG 8.5.793 271.1.1/3063 2010-08-11 0.25 -
    BitDefender 7.90123.6146252 7.33289 2010-08-11 4.36 Gen:[email protected]
    ClamAV 0.96.1 11525 2010-08-10 0.11 -
    Comodo 4.0 5707 2010-08-10 1.16 -
    CP Secure 1.3.0.5 2010.08.11 2010-08-11 0.09 -
    Dr.Web 5.0.2.3300 2010.08.10 2010-08-10 8.95 Trojan.Starter.1510
    F-Prot 4.4.4.56 20100810 2010-08-10 1.28 -
    F-Secure 7.02.73807 2010.08.10.07 2010-08-10 10.66 -
    Fortinet 4.1.143 12.232 2010-08-10 0.19 -
    GData 21.652/21.248 20100810 2010-08-10 7.32 -
    ViRobot 20100810 2010.08.10 2010-08-10 0.38 Win32.Patched.AF
    Ikarus T3. 2010.08.10.76465 2010-08-10 4.98 -
    JiangMin 13.0.900 2010.08.10 2010-08-10 1.32 -
    Kaspersky 5.5.10 2010.08.10 2010-08-10 0.14 -
    KingSoft 2009.2.5.15 2010.8.10.18 2010-08-10 0.70 -
    McAfee 5400.1158 6070 2010-08-10 17.44 -
    Microsoft 1.6004 2010.08.10 2010-08-10 5.84 -
    Norman 6.05.11 6.05.00 2010-08-10 8.01 -
    Panda 9.05.01 2010.08.08 2010-08-08 2.79 -
    Trend Micro 9.120-1004 7.374.15 2010-08-10 0.03 -
    Quick Heal 11.00 2010.08.10 2010-08-10 2.25 -
    Rising 20.0 22.60.01.04 2010-08-10 0.83 Trojan.Win32.Generic.5222CCBB
    Sophos 3.10.0 4.56 2010-08-11 3.86 Troj/Patched-O
    Sunbelt 3.9.2432.2 6710 2010-08-09 9.50 Trojan.Win32.Generic!BT
    Symantec 1.3.0.24 20100810.002 2010-08-10 0.06 -
    nProtect 20100808.01 8813262 2010-08-08 8.49 -
    The Hacker 6.5.2.1 v00341 2010-08-09 0.36 -
    VBA32 3.12.14.0 20100810.0802 2010-08-10 3.05 -
    VirusBuster 4.5.11.10 10.127.50/2027477 2010-08-10 2.64 -
     
  14. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    got your windows cd ?
     
  15. rrod93

    rrod93 Thread Starter

    Joined:
    Aug 8, 2010
    Messages:
    11
    I have a copy
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/941704

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice