Jump to content

Need help with an annoying rootkit problem


Recommended Posts

First of all, my English is not perfect so if I do make any mistakes, I sincerely apologize.

Well, here's my problem. I currently have this annoying rootkit that kinds of mess up with the performance of my compouter. Frankly quite annoyed by it, mainly because I can't play games, watch videos, or surf the internet without having constant lag/stuttering/hiccups.

It can't seem be detected with AVG or Malwarebytes. The only program that seems to detect malicious activity is ComboFix, but then that still doesn't seem to fix the rootkit problem even after it restarted and scanned my computer

I'm

Also, I noticed the "System" process in my task manager seems to be eating 104,068k of memory (the numbers dosen't seem to move). Could that be the problem?

Any help would be very much appreciated. :P

Here's my Hijackthis log if it's any helpful

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:22:33 PM, on 8/29/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"

O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24\RivaTuner.exe" /S

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 6856 bytes

Link to post
Share on other sites

Hello ,

And :P My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the runscanbutton.png button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

Hi, Elise!

THanks for taking your time helping me trying to solve my problem. I won't be updating any new information since I've already made it clear in my first post.

Well, here are the logs you requested. :)

OTL.txt LOG

----------------------------------------------------------------------------------------------------------------------------------

OTL logfile created on: 8/30/2010 10:52:02 AM - Run 1

OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\daniel2\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free

3.00 Gb Paging File | 1.00 Gb Available in Paging File | 49.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 18.51 Gb Total Space | 4.78 Gb Free Space | 25.82% Space Free | Partition Type: NTFS

Drive D: | 3.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ASDF099

Current User Name: daniel2

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/30 10:48:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\daniel2\Desktop\OTL.exe

PRC - [2010/08/09 23:26:56 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe

PRC - [2010/08/09 23:26:56 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe

PRC - [2010/08/09 23:26:53 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe

PRC - [2010/08/09 23:26:24 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe

PRC - [2010/08/09 23:25:48 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe

PRC - [2010/08/09 23:25:47 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe

PRC - [2010/08/09 23:25:36 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe

PRC - [2010/08/09 23:25:25 | 000,755,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgscanx.exe

PRC - [2010/08/07 21:34:57 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/04/07 13:30:21 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

PRC - [2010/04/07 13:19:51 | 044,814,336 | ---- | M] (Adobe Systems, Incorporated) -- C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe

PRC - [2009/09/30 18:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe

PRC - [2009/02/02 15:00:37 | 002,610,608 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe

PRC - [2008/11/10 06:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2007/07/19 23:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

PRC - [2006/05/25 04:31:06 | 000,372,736 | ---- | M] () -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/08/30 10:48:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\daniel2\Desktop\OTL.exe

MOD - [2007/01/15 22:18:31 | 000,034,488 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll

MOD - [2004/08/04 00:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

MOD - [2004/08/03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®

SRV - [2010/08/09 23:25:47 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)

SRV - [2010/08/09 23:25:36 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2010/04/07 13:30:21 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008/11/10 06:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2007/07/19 23:42:30 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)

SRV - [2007/07/19 23:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2007/07/19 23:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)

SRV - [2006/05/25 04:31:06 | 000,372,736 | ---- | M] () [Auto | Running] -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe -- (StyleXPService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rootrepeal2.sys -- (rootrepeal2)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RKHit.sys -- (RkHit)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\1A1.tmp -- (MEMSWEEP2)

DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\daniel2\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2010/08/09 23:29:20 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2010/08/09 23:29:09 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2010/08/09 23:29:04 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks)

DRV - [2010/02/07 19:10:00 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)

DRV - [2009/10/07 11:03:13 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)

DRV - [2009/10/07 11:03:11 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2009/05/16 13:58:45 | 004,069,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)

DRV - [2009/02/26 03:55:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\RivaTuner v2.24\RivaTuner32.sys -- (RivaTuner32)

DRV - [2008/07/07 17:40:49 | 000,056,108 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2008/07/03 05:38:14 | 000,089,600 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV - [2007/07/19 23:39:50 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)

DRV - [2007/07/19 23:37:56 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap)

DRV - [2007/07/19 10:44:22 | 003,599,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 5000(UVC)

DRV - [2007/07/19 10:44:22 | 000,022,296 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)

DRV - [2007/07/19 10:44:00 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2007/07/19 10:42:28 | 001,920,920 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)

DRV - [2007/07/18 16:42:42 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2007/03/20 11:33:26 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)

DRV - [2006/11/10 23:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SysTool.sys -- (SysTool)

DRV - [2006/06/19 19:05:34 | 000,081,792 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2006/06/01 11:08:16 | 000,185,116 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ET5Drv.sys -- (ET5Drv)

DRV - [2006/05/16 19:32:58 | 004,275,712 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2005/11/01 07:44:39 | 000,010,880 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe -- (StyleXPHelper)

DRV - [2005/01/08 11:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)

DRV - [2004/12/01 04:51:00 | 000,084,636 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksifdh.sys -- (AKSIFDH)

DRV - [2004/08/04 09:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-299502267-1788223648-725345543-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\S-1-5-21-299502267-1788223648-725345543-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Ask.com"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "google.com"

FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:5.7

FF - prefs.js..keyword.URL: ""

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/08/09 23:25:20 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/10 05:12:44 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/11 15:06:10 | 000,000,000 | ---D | M]

[2010/08/09 15:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daniel2\Application Data\Mozilla\Extensions

[2010/08/10 04:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daniel2\Application Data\Mozilla\Firefox\Profiles\6ig2b3ov.default\extensions

[2010/08/09 23:03:19 | 000,002,256 | ---- | M] () -- C:\Documents and Settings\daniel2\Application Data\Mozilla\Firefox\Profiles\6ig2b3ov.default\searchplugins\askcom.xml

[2010/08/30 00:02:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/08/24 01:56:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files\RivaTuner v2.24\RivaTuner.exe ()

O4 - HKU\S-1-5-21-299502267-1788223648-725345543-1010..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-299502267-1788223648-725345543-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-299502267-1788223648-725345543-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-299502267-1788223648-725345543-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-299502267-1788223648-725345543-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()

O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.31.138.11 211.29.132.12

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - CLSID or File not found.

O24 - Desktop WallPaper: C:\Documents and Settings\daniel2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\daniel2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/12/14 18:09:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/30 10:47:02 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\daniel2\Desktop\OTL.exe

[2010/08/26 19:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/08/24 04:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel2\My Documents\BFBC2

[2010/08/24 03:57:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel2\Desktop\ElectronicArts

[2010/08/24 03:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel2\Desktop\Crows Zero 2

[2010/08/24 02:53:48 | 000,000,000 | ---D | C] -- C:\ElectronicArts

[2010/08/24 02:52:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel2\My Documents\Green Street Hooligans

[2010/08/24 01:23:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/08/24 01:23:46 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/08/24 01:07:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\daniel2\Recent

[2010/08/23 02:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel2\Local Settings\Application Data\ATI

[2010/08/23 02:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel2\Application Data\ATI

[2010/08/18 17:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel2\Local Settings\Application Data\Identities

[2010/08/17 22:04:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel2\My Documents\AdobeStockPhotos

[2010/08/15 00:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\SpyDig

[2010/08/12 00:43:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel2\Application Data\dvdcss

[2010/08/10 06:34:14 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys

[2010/08/10 05:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos

[2010/08/10 05:38:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel2\Application Data\WinRAR

[2010/08/10 05:25:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel2\Application Data\Malwarebytes

[2010/08/10 05:25:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/08/10 05:25:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/08/10 05:25:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/08/10 05:25:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/08/10 04:05:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel2\Application Data\vlc

[2010/08/10 00:57:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\daniel2\My Documents\My Videos

[2010/08/09 23:38:38 | 000,000,000 | ---D | C] -- C:\$AVG

[2010/08/09 23:29:24 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2010/08/09 23:29:18 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2010/08/09 23:29:08 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2010/08/09 23:29:01 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2010/08/09 23:27:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg

[2010/08/09 23:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9

[2010/08/09 22:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel2\Application Data\Media Player Classic

[2010/08/09 22:39:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel2\Application Data\BitTorrent

[2010/08/09 20:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel2\Application Data\IDM

[2010/08/09 20:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel2\Application Data\DMCache

[2010/08/09 19:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel2\My Documents\My Received Files

[2010/08/09 19:06:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel2\Tracing

[2010/08/09 16:35:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel2\My Documents\Downloads

[2010/08/09 16:24:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel2\Local Settings\Application Data\Adobe

[2010/08/09 15:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel2\Application Data\Macromedia

[2010/08/09 15:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel2\Application Data\Adobe

[2010/08/09 15:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel2\Local Settings\Application Data\Mozilla

[2010/08/09 15:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel2\Application Data\Mozilla

[2010/08/09 15:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel2\Application Data\Identities

[2010/08/09 15:25:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\daniel2\My Documents\My Pictures

[2010/08/09 15:25:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\daniel2\My Documents\My Music

[2010/08/09 15:25:00 | 000,000,000 | --SD | C] -- C:\Documents and Settings\daniel2\Cookies

[2010/08/09 15:23:08 | 000,000,000 | --SD | C] -- C:\Documents and Settings\daniel2\Application Data\Microsoft

[2010/08/09 15:23:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\daniel2\Application Data

[2010/08/09 15:23:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\daniel2\Favorites

[2010/08/09 15:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel2\Local Settings\Application Data\Microsoft

[2010/08/09 15:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel2\Desktop

[2010/08/09 15:23:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\daniel2\SendTo

[2010/08/09 15:23:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\daniel2\Start Menu

[2010/08/09 15:23:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\daniel2\My Documents

[2010/08/09 15:23:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\daniel2\Templates

[2010/08/09 15:23:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\daniel2\PrintHood

[2010/08/09 15:23:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\daniel2\NetHood

[2010/08/09 15:23:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\daniel2\Local Settings

[2010/08/08 07:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack

[2010/08/08 07:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid

[2010/08/08 07:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter

[2010/08/06 21:49:02 | 000,000,000 | ---D | C] -- C:\Qoobox

[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/30 10:49:20 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\daniel2\NTUSER.DAT

[2010/08/30 10:48:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\daniel2\Desktop\OTL.exe

[2010/08/30 10:18:13 | 000,130,130 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\sig.jpg

[2010/08/30 10:16:50 | 000,130,130 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\asdasdasda.jpg

[2010/08/30 10:00:48 | 000,149,349 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\sdfsdfs.jpg

[2010/08/30 09:38:22 | 000,272,650 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\10 copy.jpg

[2010/08/30 09:35:50 | 000,383,425 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\recgonise me .jpg

[2010/08/30 09:23:39 | 064,063,911 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/08/30 09:20:03 | 002,330,334 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\10.psd

[2010/08/30 06:11:09 | 000,178,544 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap

[2010/08/30 04:21:05 | 000,015,497 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\asdas.jpg

[2010/08/30 03:26:39 | 000,220,947 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\Erza_scarlet_kawaii_ass_by_Bankai_no_jutsu.jpg

[2010/08/30 03:09:05 | 000,486,511 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\let__s_begin_aizen_by_bankai_no_jutsu-d2xgxcq.jpg

[2010/08/30 02:27:07 | 000,374,772 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\xpcuvc copy.jpg

[2010/08/30 01:34:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\daniel2\Local Settings\Application Data\prvlcl.dat

[2010/08/30 01:25:30 | 000,398,110 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\Ultimate rape face.jpg

[2010/08/30 01:21:06 | 003,225,225 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\xpcuvc.psd

[2010/08/29 21:22:08 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\daniel2\Desktop\HiJackThis.lnk

[2010/08/29 20:25:59 | 000,002,683 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\MsgPlus_Img2683.png

[2010/08/29 12:25:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/08/29 12:18:34 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/08/29 10:20:12 | 000,211,316 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\Ulquiorra_Schiffer_by_benderZz.jpg

[2010/08/29 10:12:47 | 000,490,300 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\Bleach_girls_by_benderZz.jpg

[2010/08/29 09:58:18 | 000,187,620 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\Vaizard_Ichigo_chapter_404_by_benderZz.jpg

[2010/08/29 07:58:54 | 000,055,050 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\2l946l1.jpg

[2010/08/29 06:41:08 | 000,164,101 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\Zz.png

[2010/08/29 06:40:06 | 000,226,325 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\Untitled-1.png

[2010/08/29 03:06:52 | 000,018,549 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\290px-Hollow_Ichigo.jpg

[2010/08/29 03:00:51 | 000,022,228 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\msign.jpg

[2010/08/28 23:11:29 | 000,108,105 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\obe.jpg

[2010/08/28 22:58:55 | 001,543,725 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\M7_Bleach_Ch374_09.psd

[2010/08/28 20:58:05 | 000,353,278 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\jkk copy.png

[2010/08/28 20:38:24 | 000,309,548 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\jkk.png

[2010/08/28 16:53:05 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job

[2010/08/28 05:07:04 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/08/28 05:06:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/08/28 05:06:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs

[2010/08/28 05:04:00 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\daniel2\ntuser.ini

[2010/08/28 04:06:23 | 000,117,275 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\dgsds.jpg

[2010/08/28 02:44:49 | 000,284,365 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\53fjv6rf copy.jpg

[2010/08/28 02:31:43 | 000,285,898 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\manliness knows no boundries.jpg

[2010/08/28 01:42:38 | 001,267,383 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\asd6rf.psd

[2010/08/27 22:05:44 | 001,018,659 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\asdasd.png

[2010/08/27 21:50:33 | 001,683,523 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\Maya3.png

[2010/08/27 19:16:55 | 000,070,289 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\avatar.jpg

[2010/08/27 18:00:56 | 000,825,283 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\M7_Bleach_Ch377_01.psd

[2010/08/27 17:33:13 | 000,329,239 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\M7_Bleach_Ch377_01.png

[2010/08/27 16:56:51 | 000,478,172 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\M7_Bleach_Ch377_03.psd

[2010/08/27 02:16:51 | 000,287,511 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\vk5edlxe.psd

[2010/08/26 18:17:13 | 000,156,992 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\zoro.jpg

[2010/08/26 18:15:10 | 001,648,116 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\oVgmh.psd

[2010/08/26 06:38:25 | 000,180,581 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\1263416854887.gif

[2010/08/26 06:15:00 | 000,085,021 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\favo03.jpg

[2010/08/26 05:48:03 | 000,435,980 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\xpascuvc.png

[2010/08/26 04:12:21 | 000,174,797 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\oVgmh.jpg

[2010/08/26 04:10:35 | 000,839,213 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\yoona's request.psd

[2010/08/26 00:27:59 | 000,241,622 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\M7_Bleach_Ch374_09.png

[2010/08/25 22:18:39 | 000,225,631 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\hitsugaya copy copy copy.jpg

[2010/08/25 22:12:13 | 000,845,125 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\San's request.psd

[2010/08/25 17:20:26 | 000,410,387 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\1_bleachichigo020fx.png

[2010/08/25 16:56:18 | 000,038,493 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\Dro4200-Aizen2.jpg

[2010/08/25 16:38:44 | 000,451,872 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\bleachichigo15bx.png

[2010/08/25 16:33:09 | 000,371,944 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\shihouinyoruichirender1.png

[2010/08/25 15:41:24 | 000,959,489 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\4126rukia.png

[2010/08/25 01:25:09 | 000,255,249 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\M7_Bleach_Ch377_03.png

[2010/08/24 08:10:31 | 000,947,762 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\Tifa_Lockhart_by_timecross.jpg

[2010/08/24 06:17:04 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\daniel2\Desktop\BF Bad Company 2 Updater (TPTB).lnk

[2010/08/24 06:17:04 | 000,000,834 | ---- | M] () -- C:\Documents and Settings\daniel2\Desktop\Battlefield Bad Company 2 (TPTB).lnk

[2010/08/24 06:10:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\daniel2\Application Data\chrtmp

[2010/08/24 02:15:09 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\daniel2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/08/24 01:56:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/08/23 10:08:27 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\daniel2\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to vlc.lnk

[2010/08/23 04:11:25 | 000,043,508 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\n1295745880_30420001_7018080.jpg

[2010/08/23 00:40:54 | 001,211,548 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\2j4shuu.jpg

[2010/08/22 19:18:16 | 000,032,027 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\2zq6h5f.jpg.png

[2010/08/22 06:29:37 | 000,075,220 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\Gintama.332047.jpg

[2010/08/22 03:55:07 | 000,259,734 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\o8h7ucx20bnkl7610k39.png

[2010/08/21 17:35:15 | 001,713,724 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\IchigoRender.png

[2010/08/19 14:03:40 | 000,398,703 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\01.jpg

[2010/08/18 22:38:56 | 000,015,328 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\hichigosigpic.jpg

[2010/08/15 01:22:54 | 000,084,123 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\wallpaper_final_fantasy_x_09_1600_1024x768.jpg

[2010/08/15 00:27:25 | 000,000,021 | ---- | M] () -- C:\WINDOWS\sd

[2010/08/15 00:27:03 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\daniel2\Application Data\Microsoft\Internet Explorer\Quick Launch\Spydig.lnk

[2010/08/15 00:27:03 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\daniel2\Desktop\Spydig.lnk

[2010/08/15 00:12:47 | 000,000,822 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/08/15 00:12:47 | 000,000,293 | RHS- | M] () -- C:\boot.ini

[2010/08/14 23:52:48 | 000,135,681 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\death2fix.png

[2010/08/13 11:54:32 | 004,264,914 | -H-- | M] () -- C:\Documents and Settings\daniel2\Local Settings\Application Data\IconCache.db

[2010/08/11 17:10:44 | 000,029,424 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\snapshot20100811171041.jpg

[2010/08/11 15:06:11 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/08/10 05:25:12 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/08/10 01:43:13 | 000,068,818 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\snapshot20100810014306.jpg

[2010/08/09 23:32:30 | 000,059,405 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\snapshot20100809233226.jpg

[2010/08/09 23:29:26 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2010/08/09 23:29:26 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk

[2010/08/09 23:29:20 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2010/08/09 23:29:09 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2010/08/09 23:29:04 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2010/08/09 23:29:01 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm

[2010/08/09 23:27:24 | 000,055,541 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\snapshot20100809232714.jpg

[2010/08/09 22:54:43 | 000,051,497 | ---- | M] () -- C:\Documents and Settings\daniel2\My Documents\snapshot20100809225437.jpg

[2010/08/09 22:39:52 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\daniel2\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk

[2010/08/09 22:39:52 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk

[2010/08/09 16:23:49 | 000,013,304 | ---- | M] () -- C:\Documents and Settings\daniel2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/08/09 16:14:02 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\daniel2\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2010/08/09 15:25:36 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\daniel2\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

[2010/08/08 02:43:41 | 003,816,629 | R--- | M] () -- C:\Documents and Settings\daniel2\My Documents\Combo2Fix.exe

[2010/07/31 16:52:43 | 000,215,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr

[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/30 10:18:13 | 000,130,130 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\sig.jpg

[2010/08/30 10:16:48 | 000,130,130 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\asdasdasda.jpg

[2010/08/30 10:00:45 | 000,149,349 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\sdfsdfs.jpg

[2010/08/30 09:35:49 | 000,383,425 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\recgonise me .jpg

[2010/08/30 09:33:13 | 000,272,650 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\10 copy.jpg

[2010/08/30 06:24:21 | 002,330,334 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\10.psd

[2010/08/30 03:13:07 | 000,220,947 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\Erza_scarlet_kawaii_ass_by_Bankai_no_jutsu.jpg

[2010/08/30 03:09:03 | 000,486,511 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\let__s_begin_aizen_by_bankai_no_jutsu-d2xgxcq.jpg

[2010/08/30 02:01:00 | 000,374,772 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\xpcuvc copy.jpg

[2010/08/30 01:22:40 | 000,398,110 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\Ultimate rape face.jpg

[2010/08/29 22:59:37 | 003,225,225 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\xpcuvc.psd

[2010/08/29 20:25:57 | 000,002,683 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\MsgPlus_Img2683.png

[2010/08/29 10:20:10 | 000,211,316 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\Ulquiorra_Schiffer_by_benderZz.jpg

[2010/08/29 10:02:18 | 000,490,300 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\Bleach_girls_by_benderZz.jpg

[2010/08/29 09:50:58 | 000,187,620 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\Vaizard_Ichigo_chapter_404_by_benderZz.jpg

[2010/08/29 09:46:40 | 000,015,497 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\asdas.jpg

[2010/08/29 07:58:53 | 000,055,050 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\2l946l1.jpg

[2010/08/29 06:41:06 | 000,164,101 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\Zz.png

[2010/08/29 06:37:34 | 000,226,325 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\Untitled-1.png

[2010/08/29 03:06:50 | 000,018,549 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\290px-Hollow_Ichigo.jpg

[2010/08/29 03:00:47 | 000,022,228 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\msign.jpg

[2010/08/28 23:04:04 | 000,108,105 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\obe.jpg

[2010/08/28 20:58:01 | 000,353,278 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\jkk copy.png

[2010/08/28 20:36:36 | 000,309,548 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\jkk.png

[2010/08/28 18:07:34 | 001,543,725 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\M7_Bleach_Ch374_09.psd

[2010/08/28 04:06:23 | 000,117,275 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\dgsds.jpg

[2010/08/28 02:44:47 | 000,284,365 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\53fjv6rf copy.jpg

[2010/08/28 02:31:41 | 000,285,898 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\manliness knows no boundries.jpg

[2010/08/28 00:30:28 | 001,267,383 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\asd6rf.psd

[2010/08/27 22:05:40 | 001,018,659 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\asdasd.png

[2010/08/27 21:49:36 | 001,683,523 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\Maya3.png

[2010/08/27 19:14:31 | 000,070,289 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\avatar.jpg

[2010/08/27 18:00:53 | 000,825,283 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\M7_Bleach_Ch377_01.psd

[2010/08/27 17:33:10 | 000,329,239 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\M7_Bleach_Ch377_01.png

[2010/08/27 02:16:50 | 000,287,511 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\vk5edlxe.psd

[2010/08/26 22:20:28 | 000,478,172 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\M7_Bleach_Ch377_03.psd

[2010/08/26 19:36:33 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\daniel2\Desktop\HiJackThis.lnk

[2010/08/26 18:14:05 | 000,156,992 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\zoro.jpg

[2010/08/26 06:38:24 | 000,180,581 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\1263416854887.gif

[2010/08/26 06:14:58 | 000,085,021 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\favo03.jpg

[2010/08/26 05:48:02 | 000,435,980 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\xpascuvc.png

[2010/08/26 04:12:26 | 001,648,116 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\oVgmh.psd

[2010/08/26 04:12:19 | 000,174,797 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\oVgmh.jpg

[2010/08/26 00:27:57 | 000,241,622 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\M7_Bleach_Ch374_09.png

[2010/08/25 22:35:53 | 000,839,213 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\yoona's request.psd

[2010/08/25 22:18:37 | 000,225,631 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\hitsugaya copy copy copy.jpg

[2010/08/25 20:33:20 | 000,845,125 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\San's request.psd

[2010/08/25 17:20:02 | 000,410,387 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\1_bleachichigo020fx.png

[2010/08/25 16:56:16 | 000,038,493 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\Dro4200-Aizen2.jpg

[2010/08/25 16:38:42 | 000,451,872 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\bleachichigo15bx.png

[2010/08/25 16:33:07 | 000,371,944 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\shihouinyoruichirender1.png

[2010/08/25 15:41:17 | 000,959,489 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\4126rukia.png

[2010/08/25 01:25:07 | 000,255,249 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\M7_Bleach_Ch377_03.png

[2010/08/24 06:10:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\daniel2\Application Data\chrtmp

[2010/08/24 05:14:38 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\daniel2\Desktop\BF Bad Company 2 Updater (TPTB).lnk

[2010/08/24 05:14:38 | 000,000,834 | ---- | C] () -- C:\Documents and Settings\daniel2\Desktop\Battlefield Bad Company 2 (TPTB).lnk

[2010/08/24 01:23:48 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/08/23 23:24:05 | 000,947,762 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\Tifa_Lockhart_by_timecross.jpg

[2010/08/23 10:08:27 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\daniel2\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to vlc.lnk

[2010/08/23 04:11:22 | 000,043,508 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\n1295745880_30420001_7018080.jpg

[2010/08/23 00:40:51 | 001,211,548 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\2j4shuu.jpg

[2010/08/22 19:18:15 | 000,032,027 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\2zq6h5f.jpg.png

[2010/08/22 06:29:35 | 000,075,220 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\Gintama.332047.jpg

[2010/08/22 03:55:06 | 000,259,734 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\o8h7ucx20bnkl7610k39.png

[2010/08/21 17:35:13 | 001,713,724 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\IchigoRender.png

[2010/08/19 14:03:34 | 000,398,703 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\01.jpg

[2010/08/18 22:38:54 | 000,015,328 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\hichigosigpic.jpg

[2010/08/15 01:22:50 | 000,084,123 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\wallpaper_final_fantasy_x_09_1600_1024x768.jpg

[2010/08/15 00:27:25 | 000,000,021 | ---- | C] () -- C:\WINDOWS\sd

[2010/08/15 00:27:03 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\daniel2\Application Data\Microsoft\Internet Explorer\Quick Launch\Spydig.lnk

[2010/08/15 00:27:03 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\daniel2\Desktop\Spydig.lnk

[2010/08/14 23:52:47 | 000,135,681 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\death2fix.png

[2010/08/11 17:10:42 | 000,029,424 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\snapshot20100811171041.jpg

[2010/08/11 14:55:33 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/08/10 05:25:12 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/08/10 01:43:09 | 000,068,818 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\snapshot20100810014306.jpg

[2010/08/10 00:30:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\daniel2\Local Settings\Application Data\prvlcl.dat

[2010/08/09 23:32:28 | 000,059,405 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\snapshot20100809233226.jpg

[2010/08/09 23:29:26 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk

[2010/08/09 23:29:00 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm

[2010/08/09 23:27:54 | 064,063,911 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/08/09 23:27:22 | 000,055,541 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\snapshot20100809232714.jpg

[2010/08/09 22:54:42 | 000,051,497 | ---- | C] () -- C:\Documents and Settings\daniel2\My Documents\snapshot20100809225437.jpg

[2010/08/09 22:39:52 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\daniel2\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk

[2010/08/09 16:14:02 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\daniel2\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2010/08/09 16:12:51 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\daniel2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/08/09 15:25:36 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\daniel2\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

[2010/08/09 15:23:20 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\daniel2\ntuser.ini

[2010/08/09 15:23:07 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\daniel2\NTUSER.DAT.LOG

[2010/08/09 15:23:06 | 002,097,152 | -H-- | C] () -- C:\Documents and Settings\daniel2\NTUSER.DAT

[2010/08/08 07:01:58 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010/08/08 07:01:58 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax

[2010/08/08 07:01:42 | 000,497,664 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.acm

[2010/08/08 02:42:39 | 003,816,629 | R--- | C] () -- C:\Documents and Settings\daniel2\My Documents\Combo2Fix.exe

[2010/07/06 23:36:54 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2010/02/07 19:17:56 | 000,093,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/01/05 16:23:41 | 000,058,163 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2009/12/04 14:12:16 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini

[2009/10/17 17:05:43 | 000,000,099 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009/09/01 15:46:46 | 000,138,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2009/08/16 18:21:09 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini

[2009/07/24 17:08:42 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009/04/22 00:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2009/02/02 06:26:25 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2009/02/02 06:26:23 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2009/01/09 12:12:43 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2009/01/08 10:11:52 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll

[2009/01/08 10:11:50 | 004,762,112 | ---- | C] () -- C:\WINDOWS\System32\NCMedia.dll

[2009/01/05 16:19:25 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys

[2008/12/17 06:47:10 | 000,000,155 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/12/15 09:26:44 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2008/12/15 08:59:53 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2008/12/14 19:55:09 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini

[2008/12/14 18:29:19 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2007/07/18 16:42:42 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2007/01/11 01:44:26 | 001,457,024 | R--- | C] () -- C:\WINDOWS\System32\SSCProt.dll

[2006/11/10 23:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\SysTool.sys

[2004/08/24 06:34:56 | 000,001,008 | ---- | C] () -- C:\WINDOWS\System32\etpass.ini

[2004/08/04 00:56:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

[2004/07/17 11:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[1996/04/04 05:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

< End of report >

------------------------------------------------------------------------------------------------------------------------------------------

Extras.txt LOG

OTL Extras logfile created on: 8/30/2010 10:52:02 AM - Run 1

OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\daniel2\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free

3.00 Gb Paging File | 1.00 Gb Available in Paging File | 49.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 18.51 Gb Total Space | 4.78 Gb Free Space | 25.82% Space Free | Partition Type: NTFS

Drive D: | 3.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ASDF099

Current User Name: daniel2

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE File not found

[HKEY_USERS\S-1-5-21-299502267-1788223648-725345543-1010\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome File not found

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 File not found

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome File not found

https [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 File not found

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"\\JIMMY-PC\PUBLIC\Ubisoft\SCDA\SCDA-Offline\system\SplinterCell4.exe" = \\JIMMY-PC\PUBLIC\Ubisoft\SCDA\SCDA-Offline\system\SplinterCell4.exe:*:Enabled:SplinterCell4.exe

"\\JIMMY-PC\PUBLIC\Ubisoft\Far Cry 2\bin\FarCry2.exe" = \\JIMMY-PC\PUBLIC\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:FarCry2.exe

"C:\Program Files\Zone.com Deluxe Games\Hexic Deluxe\HexicDeluxe.exe" = C:\Program Files\Zone.com Deluxe Games\Hexic Deluxe\HexicDeluxe.exe:*:Enabled:Hexic Deluxe -- (Microsoft Corporation)

"\\JIMMY-PC\PUBLIC\Grid\GRID.exe" = \\JIMMY-PC\PUBLIC\Grid\GRID.exe:*:Enabled:GRID.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"\\JIMMY-PC\Public\PES 2009\pes2009.exe" = \\JIMMY-PC\Public\PES 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009

"\\BONG\SHAREDDOCS\PES 2009\pes2009.exe" = \\BONG\SHAREDDOCS\PES 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009

"C:\Program Files\Internet Download Manager\IDMan.exe" = C:\Program Files\Internet Download Manager\IDMan.exe:*:Enabled:Internet Download Manager (IDM) -- (Tonec Inc.)

"\\BONG\SHAREDDOCS\Rockstar Games\Grand Theft Auto IV\GTAIV.exe" = \\BONG\SHAREDDOCS\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:GTAIV.exe

"\\BONG\SHAREDDOCS\PC Games\Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe" = \\BONG\SHAREDDOCS\PC Games\Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:*:Enabled:R6Vegas2_Game.exe

"\\JIMMY-PC\PUBLIC\PC Games\Ubisoft\Far Cry 2\bin\FarCry2.exe" = \\JIMMY-PC\PUBLIC\PC Games\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:FarCry2.exe

"\\JIMMY-PC\PUBLIC\PC Games\TimeShift\bin\TimeShift.exe" = \\JIMMY-PC\PUBLIC\PC Games\TimeShift\bin\TimeShift.exe:*:Enabled:TimeShift.exe

"\\JIMMY-PC\PUBLIC\PC Games\Crysis\Bin32\Crysis.exe" = \\JIMMY-PC\PUBLIC\PC Games\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis.exe

"\\JIMMY-PC\PUBLIC\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe" = \\JIMMY-PC\PUBLIC\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe:*:Enabled:BattlefrontII.exe

"C:\Program Files\iPhoneBrowser\iPhoneBrowser.exe" = C:\Program Files\iPhoneBrowser\iPhoneBrowser.exe:*:Enabled:iPhoneBrowser -- (Cranium Consulting and Custom Software)

"\\JIMMY-PC\USERS\Public\wormsarm\WA.exe" = \\JIMMY-PC\USERS\Public\wormsarm\WA.exe:*:Enabled:WA.exe

"\\JIMMY-PC\PUBLIC\PC Games\Grid\GRID.exe" = \\JIMMY-PC\PUBLIC\PC Games\Grid\GRID.exe:*:Enabled:GRID.exe

"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)

"\\JIMMY-PC\PUBLIC\Rockstar Games\Grand Theft Auto IV\GTAIV.exe" = \\JIMMY-PC\PUBLIC\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:GTAIV.exe

"\\JIMMY-PC\PUBLIC\Mass Effect 2\Binaries\MassEffect2.exe" = \\JIMMY-PC\PUBLIC\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:MassEffect2.exe

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"\\JIMMY-PC\PUBLIC\PC Games\PES 2009\pes2009.exe" = \\JIMMY-PC\PUBLIC\PC Games\PES 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009

"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0E3CCCDC-3BB2-B5D5-A547-5F157E1BADB8}" = Catalyst Control Center Core Implementation

"{131C976E-E991-40FA-163F-B29022346F01}" = CCC Help English

"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR

"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11

"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer

Link to post
Share on other sites

I don't see evidence of a rootkit here; I think Combofix detected CD emulating software and reported that as rootkit. The RKU log confirms this.

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Thanks, but I do believe I have some kind of malware/trojan or virus that is ridiculously good at hiding itself.

I still get the message "presence of a rootkit detected" even after I disabled it using defrogger. Not to mention, I don't have any kind of cd emulation drives currently activated. I removed Daemon tools a while ago. The only other program that has the ability to create virtual drives is PowerISO, which I don't usually create virtual drives with.

Here's the combofix log. :)

ComboFix 10-08-28.02 - daniel2 08/30/2010 20:00:58.11.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1571 [GMT 10:00]

Running from: c:\documents and settings\daniel2\Desktop\ComboF31.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\daniel2\Application Data\chrtmp

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_RkHit

((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))))

.

2010-08-26 09:36 . 2010-08-26 09:36 388096 ----a-r- c:\documents and settings\daniel2\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-08-22 16:35 . 2010-08-22 16:35 -------- d-----w- c:\documents and settings\daniel2\Application Data\ATI

2010-08-11 14:43 . 2010-08-19 16:11 -------- d-----w- c:\documents and settings\daniel2\Application Data\dvdcss

2010-08-09 19:25 . 2010-08-09 19:25 -------- d-----w- c:\documents and settings\daniel2\Application Data\Malwarebytes

2010-08-09 19:25 . 2010-08-09 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-09 18:05 . 2010-08-09 18:11 -------- d-----w- c:\documents and settings\daniel2\Application Data\vlc

2010-08-09 13:23 . 2010-08-09 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-08-09 12:48 . 2010-08-09 12:48 -------- d-----w- c:\documents and settings\daniel2\Application Data\Media Player Classic

2010-08-09 12:39 . 2010-08-30 07:03 -------- d-----w- c:\documents and settings\daniel2\Application Data\BitTorrent

2010-08-09 10:52 . 2010-08-09 10:52 120240 ----a-w- c:\documents and settings\daniel2\Application Data\IDM\idmmzcc2\components\idmmzcc.dll

2010-08-09 10:52 . 2010-08-30 09:35 -------- d-----w- c:\documents and settings\daniel2\Application Data\IDM

2010-08-09 10:52 . 2010-08-30 10:23 -------- d-----w- c:\documents and settings\daniel2\Application Data\DMCache

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-30 10:16 . 2009-01-09 02:52 0 -c--a-w- c:\windows\system32\drivers\lvuvc.hs

2010-08-30 09:54 . 2008-12-14 08:44 -------- d-----w- c:\program files\BitTorrent

2010-08-30 09:34 . 2010-08-09 14:30 0 ----a-w- c:\documents and settings\daniel2\Local Settings\Application Data\prvlcl.dat

2010-08-28 09:02 . 2009-05-18 06:40 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet

2010-08-26 09:36 . 2010-08-26 09:36 -------- d-----w- c:\program files\Trend Micro

2010-08-14 15:07 . 2010-08-14 14:26 -------- d-----w- c:\program files\SpyDig

2010-08-11 05:03 . 2008-12-18 22:11 -------- d-----w- c:\program files\Common Files\Adobe

2010-08-09 19:43 . 2010-08-09 19:43 -------- d-----w- c:\program files\Sophos

2010-08-09 19:25 . 2010-08-09 19:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-09 13:29 . 2010-08-09 13:29 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-08-09 13:29 . 2010-08-09 13:29 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-08-09 13:29 . 2010-08-09 13:29 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-08-09 13:29 . 2010-08-09 13:29 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-08-09 13:23 . 2009-07-01 08:37 -------- d-----w- c:\program files\AVG

2010-08-09 06:23 . 2010-08-09 06:23 13304 ----a-w- c:\documents and settings\daniel2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-07 21:02 . 2010-08-07 21:02 -------- d-----w- c:\program files\Combined Community Codec Pack

2010-08-07 21:01 . 2010-08-07 21:01 -------- d-----w- c:\program files\Xvid

2010-08-07 21:01 . 2010-08-07 21:01 -------- d-----w- c:\program files\AC3Filter

2010-08-01 12:40 . 2008-12-14 08:20 -------- d-----w- c:\program files\Yahoo!

2010-07-31 06:51 . 2009-09-01 05:46 215104 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-07-07 13:44 . 2009-10-28 08:13 -------- d-----w- c:\program files\Common Files\Macromedia

2010-07-07 13:43 . 2008-12-14 08:27 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-07-07 13:36 . 2009-06-06 10:27 -------- d-----w- c:\program files\QuickTime

2010-07-07 13:34 . 2009-12-28 08:12 -------- d-----w- c:\program files\Text2PDF v1.5

2010-07-03 06:52 . 2010-07-03 06:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Age of Empires 3

2010-07-02 19:35 . 2009-09-04 07:08 -------- d-----w- c:\program files\iTunes

2010-07-02 19:29 . 2009-03-13 01:51 -------- d-----w- c:\program files\DAEMON Tools Toolbar

2010-06-23 10:02 . 2010-06-23 10:03 720896 ----a-w- c:\windows\iun6002.exe

2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AdobeARM.exe

2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AdobeExtractFiles.dll

2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\ReaderUpdater.exe

2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AcrobatUpdater.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-02-02 2610608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24\RivaTuner.exe" [2009-02-25 2781184]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-09 2065760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-08-09 13:29 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ASDF099.pif]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ASDF099.pif

backup=c:\windows\pss\ASDF099.pifCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Daniel.ASDF099^Start Menu^Programs^Startup^ASDF099.pif]

path=c:\documents and settings\Daniel.ASDF099\Start Menu\Programs\Startup\ASDF099.pif

backup=c:\windows\pss\ASDF099.pifStartup

[HKLM\~\startupfolder\C:^Documents and Settings^daniel^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]

path=c:\documents and settings\daniel\Start Menu\Programs\Startup\Stardock ObjectDock.lnk

backup=c:\windows\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

C:\WINDOWS [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 10:43 69632 -c----r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

2008-12-14 08:44 342848 -c--a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]

2009-02-02 05:00 2610608 ----a-w- c:\program files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

2007-07-25 05:02 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2007-07-25 05:06 2027792 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2010-03-19 07:27 5248312 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-08-04 09:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 05:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2008-07-07 07:34 167936 -c--a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2006-05-18 06:27 16207872 -c----r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]

2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

2006-05-16 10:04 2879488 -c----r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2009-05-20 06:24 98304 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]

2006-05-24 18:31 1372160 -c--a-w- c:\program files\TGTSoft\StyleXP\StyleXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-01-09 00:54 136600 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]

2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"\\\\JIMMY-PC\\PUBLIC\\Ubisoft\\SCDA\\SCDA-Offline\\system\\SplinterCell4.exe"=

"\\\\JIMMY-PC\\PUBLIC\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=

"c:\\Program Files\\Zone.com Deluxe Games\\Hexic Deluxe\\HexicDeluxe.exe"=

"\\\\JIMMY-PC\\PUBLIC\\Grid\\GRID.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"\\\\JIMMY-PC\\Public\\PES 2009\\pes2009.exe"=

"\\\\BONG\\SHAREDDOCS\\PES 2009\\pes2009.exe"=

"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=

"\\\\BONG\\SHAREDDOCS\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=

"\\\\BONG\\SHAREDDOCS\\PC Games\\Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=

"\\\\JIMMY-PC\\PUBLIC\\PC Games\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=

"\\\\JIMMY-PC\\PUBLIC\\PC Games\\TimeShift\\bin\\TimeShift.exe"=

"\\\\JIMMY-PC\\PUBLIC\\PC Games\\Crysis\\Bin32\\Crysis.exe"=

"\\\\JIMMY-PC\\PUBLIC\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iPhoneBrowser\\iPhoneBrowser.exe"=

"\\\\JIMMY-PC\\USERS\\Public\\wormsarm\\WA.exe"=

"\\\\JIMMY-PC\\PUBLIC\\PC Games\\Grid\\GRID.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"\\\\JIMMY-PC\\PUBLIC\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=

"\\\\JIMMY-PC\\PUBLIC\\Mass Effect 2\\Binaries\\MassEffect2.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"\\\\JIMMY-PC\\PUBLIC\\PC Games\\PES 2009\\pes2009.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/9/2010 11:29 PM 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/9/2010 11:29 PM 243024]

R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [8/10/2010 6:34 AM 18816]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [8/9/2010 11:25 PM 921952]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [8/9/2010 11:25 PM 308136]

S1 SysTool;SysTool Overclocking Utility;c:\windows\system32\drivers\SysTool.sys [11/10/2006 11:08 PM 24064]

S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [6/3/2009 2:27 PM 28672]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1A1.tmp --> c:\windows\system32\1A1.tmp [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 rootrepeal2;rootrepeal2;\??\c:\windows\system32\drivers\rootrepeal2.sys --> c:\windows\system32\drivers\rootrepeal2.sys [?]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/15/2008 11:34 AM 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

2010-08-30 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2010-01-05 11:18]

.

.

------- Supplementary Scan -------

.

uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"

IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm

IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm

IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm

LSP: c:\windows\system32\idmmbc.dll

FF - ProfilePath - c:\documents and settings\daniel2\Application Data\Mozilla\Firefox\Profiles\6ig2b3ov.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: keyword.URL -

FF - component: c:\documents and settings\daniel2\Application Data\IDM\idmmzcc2\components\idmmzcc.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

.

**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\1A1.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):ac,7c,e7,f1,64,5f,36,59,8a,c1,9a,7e,bd,b3,f6,3f,5a,fa,98,74,55,

79,17,12,42,8c,8f,55,96,0f,0a,78,76,bc,11,73,19,60,8b,97,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):ce,bd,d5,4e,1b,79,59,3c,cc,8c,fb,2e,89,bd,2d,28,85,06,e7,6e,dd,

39,08,87,96,b4,93,4f,7b,52,46,38,90,7b,fa,a7,25,a9,a4,ba,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ade8dbd1-43d3-40e5-89df-521bd91a18ac}]

@Denied: (Full) (Everyone)

"Model"=dword:0000003c

"Therad"=dword:00000014

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f1c684b9-ed8f-4394-8fbc-2dce71c8588b}]

@Denied: (Full) (Everyone)

"Model"=dword:0000000e

"Therad"=dword:00000021

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\

Link to post
Share on other sites

Lets do some moer checking here.

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

  • Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  • Copy and paste the contents of that log in your next reply.

Link to post
Share on other sites

Here it is. :)

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0000000d

Kernel Drivers (total 140):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806E4000 \WINDOWS\system32\hal.dll

0xBA5A8000 \WINDOWS\system32\KDCOM.DLL

0xBA4B8000 \WINDOWS\system32\BOOTVID.dll

0xB9F79000 ACPI.sys

0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xB9F68000 pci.sys

0xBA0A8000 isapnp.sys

0xBA670000 pciide.sys

0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xBA0B8000 MountMgr.sys

0xB9F49000 ftdisk.sys

0xBA5AC000 dmload.sys

0xB9F23000 dmio.sys

0xBA330000 PartMgr.sys

0xBA0C8000 VolSnap.sys

0xB9F0B000 atapi.sys

0xBA0D8000 disk.sys

0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xB9EEC000 fltMgr.sys

0xB9EDA000 sr.sys

0xB9EC3000 KSecDD.sys

0xB9E36000 Ntfs.sys

0xB9E09000 NDIS.sys

0xBA0F8000 Combo-Fix.sys

0xB9DEE000 Mup.sys

0xBA188000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xB8840000 \SystemRoot\system32\DRIVERS\ati2mtag.sys

0xB882C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xB87F6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xB87E2000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys

0xBA410000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xB87BF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xBA420000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xBA428000 \SystemRoot\system32\DRIVERS\fdc.sys

0xBA198000 \SystemRoot\system32\DRIVERS\serial.sys

0xBA57C000 \SystemRoot\system32\DRIVERS\serenum.sys

0xB87AB000 \SystemRoot\system32\DRIVERS\parport.sys

0xBA1A8000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xBA438000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xBA1B8000 \SystemRoot\system32\DRIVERS\imapi.sys

0xBA1C8000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xBA1D8000 \SystemRoot\system32\DRIVERS\redbook.sys

0xB8788000 \SystemRoot\system32\DRIVERS\ks.sys

0xBA498000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0xBA79B000 \SystemRoot\system32\DRIVERS\audstub.sys

0xBA268000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xBA598000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xB81B8000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xBA308000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xBA318000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xBA370000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xB81A7000 \SystemRoot\system32\DRIVERS\psched.sys

0xBA2C8000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xBA450000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xBA470000 \SystemRoot\system32\DRIVERS\raspti.sys

0xB7A7A000 \SystemRoot\system32\DRIVERS\rdpdr.sys

0xBA128000 \SystemRoot\system32\DRIVERS\termdd.sys

0xBA480000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xBA600000 \SystemRoot\system32\DRIVERS\swenum.sys

0xB7A46000 \SystemRoot\system32\DRIVERS\update.sys

0xB9DB6000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xB8767000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xAB658000 \SystemRoot\system32\drivers\AtiHdmi.sys

0xAB636000 \SystemRoot\system32\drivers\portcls.sys

0xB86E7000 \SystemRoot\system32\drivers\drmk.sys

0xAB1FB000 \SystemRoot\system32\drivers\RtkHDAud.sys

0xBA2A8000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xBA624000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xBA3B0000 \SystemRoot\system32\DRIVERS\flpydisk.sys

0xBA468000 \??\C:\WINDOWS\system32\SAVRKBootTasks.sys

0xBA626000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xBA6D5000 \SystemRoot\System32\Drivers\Null.SYS

0xBA628000 \SystemRoot\System32\Drivers\Beep.SYS

0xBA478000 \SystemRoot\System32\drivers\vga.sys

0xBA62A000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xBA62C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xBA3C0000 \SystemRoot\System32\Drivers\Msfs.SYS

0xBA3C8000 \SystemRoot\System32\Drivers\Npfs.SYS

0xBA5A4000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xAB1C8000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xAB16F000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xAB14E000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xAB114000 \SystemRoot\System32\Drivers\avgtdix.sys

0xBA2D8000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xAB0EC000 \SystemRoot\system32\DRIVERS\netbt.sys

0xB7906000 \SystemRoot\System32\drivers\ws2ifsl.sys

0xAB0CA000 \SystemRoot\System32\drivers\afd.sys

0xBA2E8000 \SystemRoot\system32\DRIVERS\netbios.sys

0xB7902000 \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe

0xBA1F8000 \SystemRoot\System32\Drivers\SCDEmu.SYS

0xAB076000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xAB006000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xBA278000 \SystemRoot\System32\Drivers\Fips.SYS

0xBA490000 \SystemRoot\System32\Drivers\avgmfx86.sys

0xAAFD2000 \SystemRoot\System32\Drivers\avgldx86.sys

0xAB67F000 \SystemRoot\system32\DRIVERS\lvuvcflt.sys

0xBA440000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xAAD28000 \SystemRoot\system32\DRIVERS\LVMVDrv.sys

0xBA238000 \SystemRoot\system32\drivers\LVUSBSta.sys

0xAA9BA000 \SystemRoot\system32\DRIVERS\lvuvc.sys

0xAA7E6000 \SystemRoot\system32\DRIVERS\lvpopflt.sys

0xBA148000 \SystemRoot\system32\drivers\usbaudio.sys

0xAB67B000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xAAFC2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xBA3E8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xAB677000 \SystemRoot\system32\DRIVERS\mouhid.sys

0xAA7AD000 \SystemRoot\System32\Drivers\Udfs.SYS

0xAA795000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xBA648000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xB8C7E000 \SystemRoot\System32\drivers\Dxapi.sys

0xBA430000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xBA74C000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF012000 \SystemRoot\System32\ati2dvag.dll

0xBF068000 \SystemRoot\System32\ati2cqag.dll

0xBF107000 \SystemRoot\System32\atikvmag.dll

0xBF18C000 \SystemRoot\System32\atiok3x2.dll

0xBF1EC000 \SystemRoot\System32\ati3duag.dll

0xBF4C6000 \SystemRoot\System32\ativvaxx.dll

0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

0xA6D12000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xA6991000 \SystemRoot\system32\drivers\wdmaud.sys

0xBA158000 \SystemRoot\system32\drivers\sysaudio.sys

0xA6877000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xBA66A000 \SystemRoot\System32\Drivers\ParVdm.SYS

0xA671A000 \SystemRoot\system32\DRIVERS\atksgt.sys

0xAA001000 \SystemRoot\system32\DRIVERS\lirsgt.sys

0xA628B000 \SystemRoot\system32\DRIVERS\srv.sys

0xA60B0000 \SystemRoot\System32\Drivers\Fastfat.SYS

0xBA340000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys

0xBA460000 \??\C:\DOCUME~1\daniel2\LOCALS~1\Temp\mbr.sys

0xA5A33000 \SystemRoot\System32\Drivers\HTTP.sys

0xA5EEC000 \??\C:\Program Files\RivaTuner v2.24\RivaTuner32.sys

0xBA4B0000 \??\C:\ComboF31\catchme.sys

0xBA61A000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS

0xBA3D8000 \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

0xA4783000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 49):

0 System Idle Process

4 System

644 C:\WINDOWS\system32\smss.exe

692 csrss.exe

724 C:\WINDOWS\system32\winlogon.exe

768 C:\WINDOWS\system32\services.exe

780 C:\WINDOWS\system32\lsass.exe

952 C:\WINDOWS\system32\ati2evxx.exe

972 C:\WINDOWS\system32\svchost.exe

1040 svchost.exe

1156 C:\WINDOWS\system32\svchost.exe

1180 C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

1240 svchost.exe

1416 C:\WINDOWS\system32\ati2evxx.exe

1424 C:\Program Files\AVG\AVG9\avgchsvx.exe

1432 C:\Program Files\AVG\AVG9\avgrsx.exe

1572 C:\Program Files\AVG\AVG9\avgcsrvx.exe

1580 svchost.exe

1892 C:\WINDOWS\system32\spoolsv.exe

1924 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

320 svchost.exe

500 C:\Program Files\AVG\AVG9\avgwdsvc.exe

532 C:\Program Files\Bonjour\mDNSResponder.exe

1108 C:\Program Files\Java\jre6\bin\jqs.exe

1456 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

904 C:\WINDOWS\system32\PnkBstrA.exe

1960 C:\WINDOWS\system32\PnkBstrB.exe

448 C:\WINDOWS\system32\svchost.exe

484 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

1872 C:\Program Files\AVG\AVG9\avgemc.exe

1552 C:\Program Files\AVG\AVG9\avgnsx.exe

2592 C:\Program Files\AVG\AVG9\avgcsrvx.exe

3128 C:\WINDOWS\system32\wbem\wmiapsrv.exe

3136 C:\WINDOWS\system32\wscntfy.exe

3176 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

3216 alg.exe

556 C:\PROGRA~1\AVG\AVG9\avgtray.exe

1772 C:\Program Files\Internet Download Manager\IDMan.exe

252 C:\WINDOWS\system32\osk.exe

3016 C:\WINDOWS\system32\msswchx.exe

1024 C:\Program Files\Internet Download Manager\IEMonitor.exe

6748 C:\WINDOWS\explorer.exe

6572 C:\WINDOWS\system32\notepad.exe

7712 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

9680 C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe

5476 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

9644 C:\Program Files\Mozilla Firefox\firefox.exe

1088 C:\WINDOWS\system32\notepad.exe

4612 C:\Documents and Settings\daniel2\Desktop\MBRCheck.exe

\\.\C: --> error 1

PhysicalDrive0 Model Number: ST320014A, Rev: 3.07

Size Device Name MBR Status

--------------------------------------------

18 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.