Jump to content

Redirect Virus and Can't run MBAM


Recommended Posts

Hi,

I recently obtained a virus that whenever I go to google and search for something it will redirect me to some fake site. I tried to see if I could run mbam to find or fix the problem but whenever I tried to run it, it would start then disappear. When i would try to run the program again it said that I don't have access to the program anymore. I looked on the forums and ran a few of the workarounds to get it running, but no luck. I have had a similar problem before and I had used combofix to fix the problem and it did. So I was wondering if this would be the same solution to fix this problem? Thanks for taking the time to read.

-Stipli

Link to post
Share on other sites

hi :welcome:

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

  • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

Step 1

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs

Things I would like to see in your reply:

  • aswMBR log
  • OTL.txt and Extras.txt

Link to post
Share on other sites

Hi,

Thank you for your reply! I have ran aswMBR successfully and the log will be posted below. I tried running OTL and it opens notepad and freezes, it seems that when it downloads, it apparently downloads as an autoCAD LT script which does not sound right, is there any solution to it?

aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software

Run date: 2011-07-11 15:16:11

-----------------------------

15:16:11.609 OS Version: Windows 5.1.2600 Service Pack 3

15:16:11.609 Number of processors: 1 586 0x204

15:16:11.609 ComputerName: GATEWAY_SYSTEM UserName: Owner

15:16:13.421 Initialize success

15:16:34.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

15:16:34.796 Disk 0 Vendor: WDC_WD1600JB-00GVA0 08.02D08 Size: 152627MB BusType: 3

15:16:34.796 Disk 0 MBR read error 0

15:16:34.796 Disk 0 MBR scan

15:16:34.796 Disk 0 unknown MBR code

15:16:34.796 MBR BIOS signature not found 0

15:16:34.796 Disk 0 scanning sectors +268430085

15:16:34.796 Disk 0 scanning C:\WINDOWS\system32\drivers

15:16:43.859 Service scanning

15:16:45.265 Disk 0 trace - called modules:

15:16:45.265 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xf85ac890]<<

15:16:45.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f03ab8]

15:16:45.265 3 CLASSPNP.SYS[f8516fd7] -> nt!IofCallDriver -> [0x82b86030]

15:16:45.265 \Driver\Disk[0x82aa2928] -> IRP_MJ_CREATE -> 0xf85ac890

15:16:45.796 Scan finished successfully

15:17:16.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"

15:17:16.187 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

Link to post
Share on other sites

hi

Step 1

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 2

Download ComboFix here :

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them
    Click me
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Things I would like to see in your reply:

  • TDSSKiller log
  • Combofix log

Link to post
Share on other sites

Hi,

I had a quick question cause i was running combofix and it came across rootkit called ZeroAccess and said this is a very troublesome rootkit, it also found another one (or it could be the same one) and wanted to reboot the computer. So, i was wondering how bad is this ZeroAccess rootkit? i had read another previous post where a guy had similar problems like me and the person helping him mentioned a backdoor virus. Is this possibly a similar virus? I will post the logs in my next reply, but I'm just starting to worry this is a very troublesome virus?

Link to post
Share on other sites

here are the logs:

TDDSKiller:

2011/07/12 10:21:02.0484 1832 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56

2011/07/12 10:21:02.0625 1832 ================================================================================

2011/07/12 10:21:02.0625 1832 SystemInfo:

2011/07/12 10:21:02.0625 1832

2011/07/12 10:21:02.0625 1832 OS Version: 5.1.2600 ServicePack: 3.0

2011/07/12 10:21:02.0625 1832 Product type: Workstation

2011/07/12 10:21:02.0625 1832 ComputerName: GATEWAY_SYSTEM

2011/07/12 10:21:02.0625 1832 UserName: Owner

2011/07/12 10:21:02.0625 1832 Windows directory: C:\WINDOWS

2011/07/12 10:21:02.0640 1832 System windows directory: C:\WINDOWS

2011/07/12 10:21:02.0640 1832 Processor architecture: Intel x86

2011/07/12 10:21:02.0640 1832 Number of processors: 1

2011/07/12 10:21:02.0640 1832 Page size: 0x1000

2011/07/12 10:21:02.0640 1832 Boot type: Normal boot

2011/07/12 10:21:02.0640 1832 ================================================================================

2011/07/12 10:21:03.0890 1832 Initialize success

2011/07/12 10:21:05.0218 2196 ================================================================================

2011/07/12 10:21:05.0218 2196 Scan started

2011/07/12 10:21:05.0218 2196 Mode: Manual;

2011/07/12 10:21:05.0218 2196 ================================================================================

2011/07/12 10:21:06.0046 2196 Suspicious service (NoAccess): 1233872438

2011/07/12 10:21:06.0156 2196 1233872438 (6d69f8e6284502cd29f9e1694f3d8fad) C:\WINDOWS\system32\drivers\1233872438.sys

2011/07/12 10:21:06.0156 2196 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\1233872438.sys. md5: 6d69f8e6284502cd29f9e1694f3d8fad

2011/07/12 10:21:06.0171 2196 1233872438 - detected LockedService.Multi.Generic (1)

2011/07/12 10:21:06.0265 2196 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/07/12 10:21:06.0328 2196 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/07/12 10:21:06.0421 2196 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/07/12 10:21:06.0484 2196 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/07/12 10:21:06.0546 2196 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/07/12 10:21:06.0765 2196 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/07/12 10:21:06.0906 2196 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/07/12 10:21:06.0953 2196 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/07/12 10:21:07.0015 2196 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/07/12 10:21:07.0078 2196 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/07/12 10:21:07.0187 2196 BCMModem (2d39d498108c4810ef8cc1103a2a5b73) C:\WINDOWS\system32\DRIVERS\BCMDM.sys

2011/07/12 10:21:07.0265 2196 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/07/12 10:21:07.0328 2196 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/07/12 10:21:07.0421 2196 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/07/12 10:21:07.0453 2196 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/07/12 10:21:07.0500 2196 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/07/12 10:21:07.0750 2196 ctac32k (7c395aacd44725643225c0cb488f80ff) C:\WINDOWS\system32\drivers\ctac32k.sys

2011/07/12 10:21:07.0812 2196 ctaud2k (500447cf9b47daa4be833b3d21dd0d78) C:\WINDOWS\system32\drivers\ctaud2k.sys

2011/07/12 10:21:07.0906 2196 ctprxy2k (da5939a5e819deebf6fab1186a02d3f6) C:\WINDOWS\system32\drivers\ctprxy2k.sys

2011/07/12 10:21:07.0937 2196 ctsfm2k (570b31e1c50cfb9f451746fb83749918) C:\WINDOWS\system32\drivers\ctsfm2k.sys

2011/07/12 10:21:08.0015 2196 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

2011/07/12 10:21:08.0140 2196 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/07/12 10:21:08.0218 2196 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/07/12 10:21:08.0312 2196 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/07/12 10:21:08.0359 2196 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/07/12 10:21:08.0406 2196 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/07/12 10:21:08.0468 2196 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\WINDOWS\system32\DRIVERS\dne2000.sys

2011/07/12 10:21:08.0546 2196 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/07/12 10:21:08.0625 2196 E100B (fe9cb643a034285031502d3369e5a869) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/07/12 10:21:09.0078 2196 emupia (cd073735c44f931c2b8fea6bda121761) C:\WINDOWS\system32\drivers\emupia2k.sys

2011/07/12 10:21:09.0281 2196 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/07/12 10:21:09.0343 2196 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/07/12 10:21:09.0390 2196 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/07/12 10:21:09.0437 2196 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/07/12 10:21:09.0500 2196 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/07/12 10:21:09.0562 2196 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/07/12 10:21:09.0593 2196 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/07/12 10:21:09.0640 2196 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/07/12 10:21:09.0687 2196 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/07/12 10:21:09.0796 2196 GTWModem (bf6e564f88ffc7809a9147e9381d4e50) C:\WINDOWS\system32\DRIVERS\GWMDM.sys

2011/07/12 10:21:09.0921 2196 ha10kx2k (4e296353ff2039d089d71c453459f7c0) C:\WINDOWS\system32\drivers\ha10kx2k.sys

2011/07/12 10:21:10.0015 2196 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/07/12 10:21:10.0156 2196 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/07/12 10:21:10.0265 2196 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/07/12 10:21:10.0312 2196 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/07/12 10:21:10.0390 2196 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/07/12 10:21:10.0453 2196 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/07/12 10:21:10.0500 2196 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/07/12 10:21:10.0546 2196 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/07/12 10:21:10.0578 2196 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/07/12 10:21:10.0625 2196 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/07/12 10:21:10.0703 2196 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/07/12 10:21:10.0750 2196 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/07/12 10:21:10.0796 2196 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/07/12 10:21:10.0859 2196 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/07/12 10:21:10.0921 2196 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/07/12 10:21:10.0968 2196 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/07/12 10:21:11.0093 2196 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/07/12 10:21:11.0140 2196 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/07/12 10:21:11.0187 2196 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

2011/07/12 10:21:11.0250 2196 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\WINDOWS\system32\DRIVERS\motccgp.sys

2011/07/12 10:21:11.0281 2196 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys

2011/07/12 10:21:11.0328 2196 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys

2011/07/12 10:21:11.0359 2196 motport (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motport.sys

2011/07/12 10:21:11.0406 2196 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/07/12 10:21:11.0453 2196 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/07/12 10:21:11.0484 2196 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/07/12 10:21:11.0546 2196 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/07/12 10:21:11.0671 2196 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/07/12 10:21:11.0781 2196 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/07/12 10:21:11.0828 2196 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/07/12 10:21:11.0859 2196 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/07/12 10:21:11.0890 2196 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/07/12 10:21:11.0953 2196 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/07/12 10:21:12.0000 2196 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/07/12 10:21:12.0156 2196 NAVENG (78d629767dbcdbb1ee888f4fda841acd) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100203.004\NAVENG.Sys

2011/07/12 10:21:12.0234 2196 NAVEX15 (6176ce576509ee71bac1b61fc8f1f138) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100203.004\NavEx15.Sys

2011/07/12 10:21:12.0312 2196 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/07/12 10:21:12.0359 2196 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/07/12 10:21:12.0390 2196 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/07/12 10:21:12.0437 2196 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/07/12 10:21:12.0515 2196 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/07/12 10:21:12.0562 2196 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/07/12 10:21:12.0593 2196 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/12 10:21:12.0687 2196 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/07/12 10:21:12.0750 2196 NMSCFG (419f4d80fe7e34e2626c84b3c6035955) C:\WINDOWS\system32\drivers\NMSCFG.SYS

2011/07/12 10:21:12.0828 2196 NPDriver (0aff8ad6bee50ff4505599aff92c8ad7) C:\WINDOWS\System32\Drivers\NPDRIVER.SYS

2011/07/12 10:21:12.0875 2196 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/07/12 10:21:12.0937 2196 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/07/12 10:21:13.0000 2196 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/07/12 10:21:13.0468 2196 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/07/12 10:21:13.0875 2196 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/07/12 10:21:13.0906 2196 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/07/12 10:21:13.0953 2196 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/07/12 10:21:14.0015 2196 ossrv (0ee11c769501701e3f108e47b2831268) C:\WINDOWS\system32\drivers\ctoss2k.sys

2011/07/12 10:21:14.0093 2196 Parport (c76bf99b594cb723d7ce0014486f05ee) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/07/12 10:21:14.0109 2196 Parport - detected Rootkit.Win32.ZAccess.c (0)

2011/07/12 10:21:14.0125 2196 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/07/12 10:21:14.0171 2196 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/07/12 10:21:14.0203 2196 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/07/12 10:21:14.0312 2196 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/07/12 10:21:14.0546 2196 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys

2011/07/12 10:21:14.0734 2196 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/07/12 10:21:14.0765 2196 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/07/12 10:21:14.0812 2196 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/07/12 10:21:14.0890 2196 PsSdk41 (0c234a4a2fbab98e5e1bafaf3e3e403a) C:\WINDOWS\system32\Drivers\pssdk41.sys

2011/07/12 10:21:14.0953 2196 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/07/12 10:21:15.0015 2196 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/07/12 10:21:15.0187 2196 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/07/12 10:21:15.0234 2196 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/07/12 10:21:15.0265 2196 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/07/12 10:21:15.0312 2196 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/07/12 10:21:15.0343 2196 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/07/12 10:21:15.0390 2196 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/07/12 10:21:15.0453 2196 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/07/12 10:21:15.0515 2196 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/07/12 10:21:15.0734 2196 SAVRT (3d2eb85b0a130cba0cd08bcdd2b2e485) C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRT.SYS

2011/07/12 10:21:15.0765 2196 SAVRTPEL (a5d09f85b8717bbf67520b1cc71d641f) C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRTPEL.SYS

2011/07/12 10:21:15.0859 2196 SDdriver (074da08e844ded21731c38e8395ebd3b) C:\WINDOWS\System32\Drivers\sddriver.sys

2011/07/12 10:21:15.0906 2196 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/07/12 10:21:15.0968 2196 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/07/12 10:21:16.0015 2196 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/07/12 10:21:16.0093 2196 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/07/12 10:21:16.0296 2196 SPBBCDrv (924e82d6dec26f82036e69b8d3f04216) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

2011/07/12 10:21:16.0359 2196 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/07/12 10:21:16.0453 2196 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys

2011/07/12 10:21:16.0453 2196 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

2011/07/12 10:21:16.0468 2196 sptd - detected LockedFile.Multi.Generic (1)

2011/07/12 10:21:16.0515 2196 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/07/12 10:21:16.0609 2196 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/07/12 10:21:16.0687 2196 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/07/12 10:21:16.0734 2196 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/07/12 10:21:16.0875 2196 SYMDNS (ee912e097aeece377574a6237aee8bf0) C:\WINDOWS\System32\Drivers\SYMDNS.SYS

2011/07/12 10:21:16.0984 2196 SymEvent (c9b8f325b2a22cda1bda7b25181b1389) C:\Program Files\Symantec\SYMEVENT.SYS

2011/07/12 10:21:17.0031 2196 SYMFW (c8054d5c05251b0878817e72e0a410f9) C:\WINDOWS\System32\Drivers\SYMFW.SYS

2011/07/12 10:21:17.0078 2196 SYMIDS (e6104e41ea83bae13f305441b171162d) C:\WINDOWS\System32\Drivers\SYMIDS.SYS

2011/07/12 10:21:17.0234 2196 SYMIDSCO (2133d1f879b280121b0e6a7d34b24a02) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20110629.001\symidsco.sys

2011/07/12 10:21:17.0296 2196 symlcbrd (6596892dd5abbe48f5876a551867a166) C:\WINDOWS\System32\drivers\symlcbrd.sys

2011/07/12 10:21:17.0343 2196 SYMNDIS (9e46285fdfa4cf9c2db45da570796b55) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS

2011/07/12 10:21:17.0390 2196 SYMREDRV (ed5f0c723c496d7fe3a5008377be41a9) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS

2011/07/12 10:21:17.0437 2196 SYMTDI (6557f9879548f1d7a9a059e037820408) C:\WINDOWS\System32\Drivers\SYMTDI.SYS

2011/07/12 10:21:17.0562 2196 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/07/12 10:21:17.0609 2196 tap0901 (5c7c939bbd03784fe58c80578d065cc9) C:\WINDOWS\system32\DRIVERS\tap0901.sys

2011/07/12 10:21:17.0703 2196 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/07/12 10:21:17.0796 2196 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/07/12 10:21:17.0828 2196 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/07/12 10:21:17.0859 2196 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/07/12 10:21:17.0968 2196 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/07/12 10:21:18.0093 2196 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/07/12 10:21:18.0187 2196 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/07/12 10:21:18.0234 2196 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/07/12 10:21:18.0281 2196 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/07/12 10:21:18.0328 2196 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/07/12 10:21:18.0375 2196 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/07/12 10:21:18.0406 2196 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/07/12 10:21:18.0453 2196 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/07/12 10:21:18.0484 2196 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/07/12 10:21:18.0531 2196 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/07/12 10:21:18.0562 2196 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/07/12 10:21:18.0625 2196 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/07/12 10:21:18.0703 2196 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/07/12 10:21:18.0796 2196 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/07/12 10:21:18.0859 2196 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2011/07/12 10:21:18.0953 2196 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/07/12 10:21:19.0140 2196 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/07/12 10:21:19.0203 2196 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/07/12 10:21:19.0265 2196 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/07/12 10:21:19.0453 2196 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2

2011/07/12 10:21:19.0578 2196 Boot (0x1200) (61f8db737f3c13d836daa52569da503b) \Device\Harddisk0\DR0\Partition0

2011/07/12 10:21:19.0593 2196 Boot (0x1200) (151b7342138fb49cc332ca74918ab6f9) \Device\Harddisk1\DR2\Partition0

2011/07/12 10:21:19.0609 2196 ================================================================================

2011/07/12 10:21:19.0609 2196 Scan finished

2011/07/12 10:21:19.0609 2196 ================================================================================

2011/07/12 10:21:19.0640 1040 Detected object count: 3

2011/07/12 10:21:19.0640 1040 Actual detected object count: 3

2011/07/12 10:21:40.0468 1040 LockedService.Multi.Generic(1233872438) - User select action: Skip

2011/07/12 10:21:40.0593 1040 Parport (c76bf99b594cb723d7ce0014486f05ee) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/07/12 10:21:43.0109 1040 Backup copy found, using it..

2011/07/12 10:21:43.0140 1040 C:\WINDOWS\system32\DRIVERS\parport.sys - will be cured after reboot

2011/07/12 10:21:43.0140 1040 Rootkit.Win32.ZAccess.c(Parport) - User select action: Cure

2011/07/12 10:21:43.0140 1040 LockedFile.Multi.Generic(sptd) - User select action: Skip

2011/07/12 10:21:49.0125 3768 Deinitialize success

Link to post
Share on other sites

Combofix:

ComboFix 11-07-12.05 - Owner 07/12/2011 11:24:34.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.255 [GMT -5:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Owner\System

c:\documents and settings\Owner\System\win_qs8.jqx

c:\documents and settings\Owner\WINDOWS

c:\windows\jestertb.dll

c:\windows\system32\c_62121.nls

c:\windows\system32\config\akygdmgo

c:\windows\system32\drivers\1233872438.sys

c:\windows\system32\zlibwapi.dll

.

Infected copy of c:\windows\system32\DRIVERS\parport.sys was found and disinfected

Restored copy from - The cat found it :)

Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected

Restored copy from - c:\windows\system32\dllcache\wuauclt.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_1233872438

.

.

((((((((((((((((((((((((( Files Created from 2011-06-12 to 2011-07-12 )))))))))))))))))))))))))))))))

.

.

2011-07-11 01:42 . 2011-05-29 14:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-11 01:42 . 2011-05-29 14:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-10 04:52 . 2011-07-10 04:53 -------- d-----w- c:\windows\system32\NtmsData

2011-07-10 04:14 . 2011-07-11 01:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-09 15:56 . 2011-07-09 15:56 -------- d-----w- c:\documents and settings\Administrator

2011-07-08 23:43 . 2011-07-11 17:48 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp

2011-07-08 23:43 . 2011-07-08 23:43 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Facebook

2011-07-08 12:37 . 2011-07-08 12:37 -------- d-----w- c:\program files\Apple Software Update

2011-07-08 12:32 . 2011-07-08 12:32 -------- d-----w- c:\program files\iPod

2011-06-28 02:18 . 2011-06-28 02:18 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-06-28 02:18 . 2011-06-28 02:18 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-06-16 15:02 . 2011-06-17 01:57 -------- d-----w- c:\windows\SxsCaPendDel

2011-06-15 22:00 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-06-15 22:00 . 2011-04-29 19:07 852480 -c----w- c:\windows\system32\dllcache\vgx.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-10 03:52 . 1980-01-01 00:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2011-06-15 17:27 . 2011-05-18 14:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-25 06:09 . 2011-04-08 03:15 54272 ----a-w- c:\windows\system32\nvwddi.dll

2011-05-25 06:09 . 2011-04-08 03:15 111208 ----a-w- c:\windows\system32\nvmctray.dll

2011-05-25 06:09 . 2011-04-08 03:15 154728 ----a-w- c:\windows\system32\nvsvc32.exe

2011-05-25 06:09 . 2011-04-08 03:15 13895272 ----a-w- c:\windows\system32\nvcpl.dll

2011-05-25 06:09 . 2011-06-01 20:04 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll

2011-05-25 06:09 . 2011-06-01 20:04 865896 ----a-w- c:\windows\system32\nvgenco322090.dll

2011-05-25 06:09 . 2011-04-08 03:15 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll

2011-05-25 06:09 . 2011-04-08 03:15 145000 ----a-w- c:\windows\system32\nvcolor.exe

2011-05-25 06:09 . 2010-11-22 00:00 61440 ----a-w- c:\windows\system32\OpenCL.dll

2011-05-25 06:09 . 2010-11-21 23:59 2808936 ----a-w- c:\windows\system32\nvcuvid.dll

2011-05-25 06:09 . 2010-11-21 23:59 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-05-25 06:09 . 2006-10-22 18:22 16068608 ----a-w- c:\windows\system32\nvoglnt.dll

2011-05-25 06:09 . 2010-11-21 23:59 13004800 ----a-w- c:\windows\system32\nvcompiler.dll

2011-05-25 06:09 . 2008-10-07 05:33 5332992 ----a-w- c:\windows\system32\nvcuda.dll

2011-05-25 06:09 . 2006-10-22 18:22 4198272 ----a-w- c:\windows\system32\nv4_disp.dll

2011-05-25 06:09 . 2006-10-22 18:22 2328576 ----a-w- c:\windows\system32\nvapi.dll

2011-05-25 06:09 . 2006-10-22 18:22 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2011-05-04 20:59 . 2011-04-21 20:20 138264 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-05-04 20:58 . 2011-04-21 21:03 234768 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-05-04 20:58 . 2011-04-21 20:20 234768 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-05-02 15:31 . 2009-02-06 04:25 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 1980-01-01 00:00 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 1980-01-01 00:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 14:47 . 2004-08-04 07:56 81920 ------w- c:\windows\system32\ieencode.dll

2011-04-25 14:47 . 1980-01-01 00:00 667136 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 14:47 . 1980-01-01 00:00 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-04-25 12:56 . 2004-08-04 05:59 369664 ------w- c:\windows\system32\html.iec

2011-04-21 20:20 . 2009-11-01 17:52 138056 ----a-w- c:\documents and settings\Owner\Application Data\PnkBstrK.sys

2011-04-21 13:37 . 1980-01-01 00:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-06-28 02:18 . 2011-05-21 14:42 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Norton SystemWorks"="c:\program files\Norton SystemWorks\cfgwiz.exe" [2004-09-10 132248]

"Steam"="c:\program files\steam\steam.exe" [2010-11-17 1242448]

"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-12-18 427328]

"Facebook Update"="c:\documents and settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2011-07-08 137536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WINDVDPatch"="CTHELPER.EXE" [2002-02-08 40960]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 28672]

"GWMDMMSG"="GWMDMMSG.exe" [2002-05-07 65536]

"PROMon.exe"="PROMon.exe" [2002-04-19 73728]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-17 58728]

"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2009-02-06 100056]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]

"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

AutoCAD LT Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-2-25 10872]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-9-24 282624]

Install Pending Files.LNK - c:\program files\SIFXINST\SIFXINST.EXE [2009-2-5 569344]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\53128416.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\76518095.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Steam\\steamapps\\stipli33\\source sdk base\\hl2.exe"=

"c:\\Program Files\\Steam\\steamapps\\stipli33\\source sdk base 2007\\hl2.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Steam\\steamapps\\stipli33\\insurgency\\hl2.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Diablo\\diablo.exe"=

"c:\\Documents and Settings\\Owner\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\WINDOWS\\system32\\winver.exe"=

"c:\\Program Files\\Steam\\steam.exe"=

"c:\\Program Files\\Steam\\steamapps\\vlada822002@yahoo.com\\team fortress classic\\hl.exe"=

"c:\\Program Files\\Steam\\steamapps\\vlada822002@yahoo.com\\half-life\\hl.exe"=

"c:\\UDK\\UDK-2009-12\\Binaries\\Win32\\UDK.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Steam\\steamapps\\vlada822002@yahoo.com\\counter-strike\\hl.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\portal 2\\bin\\SDKLauncher.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\portal 2\\portal2.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\system32\\HPZinw12.exe"=

"c:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe"=

"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=

"c:\\Program Files\\Norton SystemWorks\\CfgWiz.exe"=

"c:\\Program Files\\Common Files\\Symantec Shared\\NMain.exe"=

"c:\\Program Files\\DAEMON Tools Pro\\DTProAgent.exe"=

"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Product Assistant\\bin\\hprbUpdate.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\jonfo.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\johnfoo.exe"=

"c:\\Program Files\\DAEMON Tools Pro\\DTProShellHlp.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\johndoe.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\magnum.com.exe"=

"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Facebook\\Update\\FacebookUpdate.exe"=

"c:\\Program Files\\Common Files\\Java\\Java Update\\jaucheck.exe"=

.

R2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]

R3 iscFlash;iscFlash;c:\windows\SYSTEM32\DRIVERS\iscflash.sys [x]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-22 18688]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]

R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-19 23680]

R3 PsSdk41;PsSdk41;c:\windows\system32\Drivers\pssdk41.sys [2010-11-28 36928]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-14 691696]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 NProtectService;Norton Unerase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [2004-08-31 95328]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-04 c:\windows\Tasks\AdobeAAMUpdater-1.0-GATEWAY_SYSTEM-Owner.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-11-09 09:44]

.

2011-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]

.

2011-07-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-2139871995-725345543-1003Core.job

- c:\documents and settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-08 23:43]

.

2011-07-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-2139871995-725345543-1003UA.job

- c:\documents and settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-08 23:43]

.

2011-07-09 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Owner.job

- c:\progra~1\NORTON~1\NORTON~3\Navw32.exe [2009-02-06 18:54]

.

2011-07-11 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job

- c:\program files\Norton SystemWorks\OBC.exe [2004-11-04 05:19]

.

2011-07-12 c:\windows\Tasks\SDMsgUpdate (TE).job

- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2011-04-29 17:29]

.

2011-07-11 c:\windows\Tasks\Symantec Drmc.job

- c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2004-10-27 18:48]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.gateway.net/

mStart Page = hxxp://www.gateway.net

uInternet Settings,ProxyOverride = <local>;*.local

uInternet Settings,ProxyServer = http=127.0.0.1:5555

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} - hxxps://am.hrblock.com/ActivexComponent/CheckFileStatus.CAB

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\pchp5nbj.default\

.

.

------- File Associations -------

.

.scr=AutoCADLTScriptFile

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-12 11:50

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\windows\$NtUninstallKB63049$:SummaryInformation 0 bytes hidden from API

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3708)

c:\windows\system32\AcSignIcon.dll

c:\program files\Autodesk\Inventor Fusion 2012\AcSignCore16.dll

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\system32\CTHELPER.EXE

c:\windows\GWMDMMSG.exe

c:\windows\system32\PROMon.exe

c:\windows\system32\RunDLL32.exe

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\System32\NMSSvc.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

c:\windows\system32\nvsvc32.exe

c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe

c:\progra~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\windows\system32\wscntfy.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\dumprep.exe

c:\windows\system32\dwwin.exe

c:\program files\Messenger\msmsgs.exe

.

**************************************************************************

.

Completion time: 2011-07-12 11:58:16 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-12 16:57

.

Pre-Run: 12,253,892,608 bytes free

Post-Run: 13,321,265,152 bytes free

.

- - End Of File - - 084952456A98320EF1504F57E263FACB

Link to post
Share on other sites

hi

Step 1

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs

Things I would like to see in your reply:

  • aswMBR log
  • OTL.txt and Extras.txt

Link to post
Share on other sites

Hi,

aswMBR:

aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software

Run date: 2011-07-12 17:20:09

-----------------------------

17:20:09.468 OS Version: Windows 5.1.2600 Service Pack 3

17:20:09.468 Number of processors: 1 586 0x204

17:20:09.468 ComputerName: GATEWAY_SYSTEM UserName: Owner

17:20:10.156 Initialize success

17:20:19.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

17:20:19.796 Disk 0 Vendor: WDC_WD1600JB-00GVA0 08.02D08 Size: 152627MB BusType: 3

17:20:19.796 Disk 0 MBR read error 0

17:20:19.796 Disk 0 MBR scan

17:20:19.796 Disk 0 unknown MBR code

17:20:19.796 MBR BIOS signature not found 0

17:20:19.796 Disk 0 scanning sectors +268430085

17:20:19.796 Disk 0 scanning C:\WINDOWS\system32\drivers

17:20:28.765 Service scanning

17:20:29.750 Disk 0 trace - called modules:

17:20:29.750 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sppa.sys >>UNKNOWN [0x82f8f938]<<

17:20:29.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82ec5ab8]

17:20:29.750 3 CLASSPNP.SYS[f8547fd7] -> nt!IofCallDriver -> \Device\00000070[0x82fd41b0]

17:20:29.750 5 ACPI.sys[f8393620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82fd3940]

17:20:30.281 Scan finished successfully

17:20:50.328 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"

17:20:50.328 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

OTL.txt:

OTL logfile created on: 7/12/2011 5:36:17 PM - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.30 Mb Total Physical Memory | 223.29 Mb Available Physical Memory | 43.67% Memory free

1.22 Gb Paging File | 0.92 Gb Available in Paging File | 75.51% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 128.00 Gb Total Space | 12.40 Gb Free Space | 9.68% Space Free | Partition Type: NTFS

Drive D: | 325.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: GATEWAY_SYSTEM | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/12 17:33:15 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

PRC - [2011/05/25 01:09:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011/03/21 16:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/03/04 15:08:20 | 000,099,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2009/12/18 05:24:34 | 000,107,840 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe

PRC - [2009/02/06 00:29:54 | 000,819,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/01/17 12:42:04 | 000,181,608 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE

PRC - [2008/01/17 12:42:02 | 000,197,992 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE

PRC - [2008/01/17 12:42:02 | 000,058,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE

PRC - [2005/10/19 13:54:52 | 000,046,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMNTOR.EXE

PRC - [2005/03/14 14:39:06 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZinw12.exe

PRC - [2004/08/31 00:52:10 | 000,095,328 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

PRC - [2004/08/31 00:50:38 | 000,181,416 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe

PRC - [2002/05/06 19:12:00 | 000,065,536 | ---- | M] (GTW) -- C:\WINDOWS\GWMDMMSG.exe

PRC - [2002/05/03 13:36:24 | 001,118,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\NMSSvc.Exe

PRC - [2002/04/18 19:32:36 | 000,073,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\PROMon.exe

PRC - [2002/02/07 19:01:24 | 000,040,960 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE

========== Modules (SafeList) ==========

MOD - [2011/07/12 17:33:15 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PnkBstrA)

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2011/05/25 01:09:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011/05/12 15:09:31 | 000,074,360 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)

SRV - [2011/04/28 21:59:37 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)

SRV - [2010/03/04 15:08:20 | 002,106,760 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)

SRV - [2010/03/04 15:08:20 | 000,099,720 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2009/02/06 00:29:54 | 000,819,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)

SRV - [2009/02/05 23:34:03 | 000,045,056 | ---- | M] (LANovation) [On_Demand | Stopped] -- C:\WINDOWS\system32\PCTKRNT.SYS -- (PictureTaker)

SRV - [2008/01/17 12:42:04 | 000,181,608 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)

SRV - [2008/01/17 12:42:04 | 000,079,208 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)

SRV - [2008/01/17 12:42:02 | 000,197,992 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)

SRV - [2007/03/28 19:41:56 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)

SRV - [2005/10/19 13:55:00 | 000,067,184 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.EXE -- (SBService)

SRV - [2005/10/19 13:54:52 | 000,046,704 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMNTOR.EXE -- (NPFMntor)

SRV - [2005/10/19 13:54:14 | 000,177,264 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe -- (navapsvc)

SRV - [2005/03/14 13:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2005/03/07 15:59:36 | 000,198,368 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVSCAN.EXE -- (SAVScan)

SRV - [2004/08/31 00:52:10 | 000,095,328 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService)

SRV - [2004/08/31 00:50:38 | 000,181,416 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service)

SRV - [2004/07/21 11:24:03 | 000,173,160 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)

SRV - [2002/05/03 13:36:24 | 001,118,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\NMSSvc.Exe -- (NMSSvc) Intel®

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)

DRV - [2010/11/28 11:24:03 | 000,036,928 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdk41.sys -- (PsSdk41)

DRV - [2010/09/15 13:07:08 | 000,270,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20110709.001\SymIDSCo.sys -- (SYMIDSCO)

DRV - [2010/02/14 01:25:29 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009/12/14 10:16:26 | 001,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100203.004\NAVEX15.SYS -- (NAVEX15)

DRV - [2009/12/14 10:16:26 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100203.004\NAVENG.SYS -- (NAVENG)

DRV - [2009/12/11 18:48:04 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)

DRV - [2009/02/06 00:29:54 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)

DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)

DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)

DRV - [2008/03/29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)

DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)

DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)

DRV - [2007/03/28 19:41:26 | 000,266,552 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)

DRV - [2007/03/28 19:41:24 | 000,018,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)

DRV - [2007/03/28 19:41:20 | 000,037,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)

DRV - [2007/03/28 19:41:18 | 000,047,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)

DRV - [2007/03/28 19:41:14 | 000,171,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)

DRV - [2007/03/28 19:41:12 | 000,011,480 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)

DRV - [2007/01/18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006/09/15 23:52:12 | 000,124,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)

DRV - [2005/03/07 15:59:50 | 000,050,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRTPEL.SYS -- (SAVRTPEL)

DRV - [2005/03/07 15:59:44 | 000,338,056 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRT.SYS -- (SAVRT)

DRV - [2004/08/31 00:38:36 | 000,081,748 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS -- (NPDriver)

DRV - [2004/08/31 00:23:22 | 000,090,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SdDriver.SYS -- (SDdriver)

DRV - [2004/07/21 11:24:02 | 000,341,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)

DRV - [2002/05/06 19:13:00 | 001,106,464 | ---- | M] (GTW) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GWMDM.sys -- (GTWModem)

DRV - [2002/05/03 13:36:44 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NMSCFG.SYS -- (NMSCFG)

DRV - [2002/02/28 10:18:06 | 000,991,672 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)

DRV - [2002/02/28 10:17:24 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)

DRV - [2002/02/28 10:17:14 | 000,211,724 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - [2002/02/28 10:16:58 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV - [2002/02/28 10:16:56 | 000,195,268 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

DRV - [2002/02/28 10:16:44 | 000,834,100 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative EMU10K1/EMU10K2 Audio Driver (WDM)

DRV - [2002/02/28 10:15:12 | 000,114,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)

DRV - [2001/08/17 08:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem)

DRV - [1999/12/17 02:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1202660629-2139871995-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net/

IE - HKU\S-1-5-21-1202660629-2139871995-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1202660629-2139871995-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\S-1-5-21-1202660629-2139871995-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-21-1202660629-2139871995-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071301000019

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2

FF - prefs.js..extensions.enabledItems: sr-RS@dictionaries.addons.mozilla.org:0.18

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKLM\Software\MozillaPlugins\@onlive.com/OlGameDetect,version=1.1.0.69034: C:\Program Files\OnLive\FirefoxPlugin\npolgdet.dll (OnLive)

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/27 21:18:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/23 21:39:39 | 000,000,000 | ---D | M]

[2009/02/05 23:58:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

[2011/05/20 17:04:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pchp5nbj.default\extensions

[2010/04/27 21:53:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pchp5nbj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/02/12 09:10:56 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pchp5nbj.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}

[2009/11/03 21:42:08 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pchp5nbj.default\extensions\battlefieldheroespatcher@ea.com

[2011/04/21 15:06:01 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pchp5nbj.default\extensions\battlefieldplay4free@ea.com

[2009/06/02 13:38:53 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pchp5nbj.default\extensions\moveplayer@movenetworks.com

[2011/03/13 14:40:33 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pchp5nbj.default\extensions\personas@christopher.beard

[2010/02/25 03:13:59 | 000,000,000 | ---D | M] (Serbian Dictionary) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pchp5nbj.default\extensions\sr-RS@dictionaries.addons.mozilla.org

[2011/05/21 09:42:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/06/15 19:59:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/09/30 18:44:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/10/14 09:46:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/12/30 23:14:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/04/19 18:22:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

File not found (No name found) --

[2010/06/15 19:59:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/06/27 21:18:36 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll

[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/12 11:47:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

O3 - HKU\S-1-5-21-1202660629-2139871995-725345543-1003\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [GWMDMMSG] C:\WINDOWS\GWMDMMSG.exe (GTW)

O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\Program\ADGJDet.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [PROMon.exe] C:\WINDOWS\System32\PROMon.exe (Intel Corporation)

O4 - HKLM..\Run: [symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)

O4 - HKLM..\Run: [updReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)

O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)

O4 - HKU\S-1-5-21-1202660629-2139871995-725345543-1003..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-1202660629-2139871995-725345543-1003..\Run: [Facebook Update] C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\S-1-5-21-1202660629-2139871995-725345543-1003..\Run: [Norton SystemWorks] C:\Program Files\Norton SystemWorks\cfgwiz.exe (Symantec Corporation)

O4 - HKU\S-1-5-21-1202660629-2139871995-725345543-1003..\Run: [steam] c:\program files\steam\steam.exe (Valve Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE (LANovation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1202660629-2139871995-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1202660629-2139871995-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1202660629-2139871995-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-1202660629-2139871995-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1202660629-2139871995-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1202660629-2139871995-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-1202660629-2139871995-725345543-1003\..Trusted Domains: ([]msn in My Computer)

O16 - DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} https://am.hrblock.com/ActivexComponent/CheckFileStatus.CAB (CheckFileStatus.UserControl1)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module)

O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Desktop Background.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Desktop Background.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/04/28 21:26:24 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O32 - AutoRun File - [2009/02/05 23:26:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2002/02/22 12:35:36 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - File not found

NetSvcs: HidServ - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/12 17:33:20 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2011/07/12 11:48:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/07/12 11:12:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/07/12 11:12:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/07/12 11:12:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/07/12 11:12:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/07/12 11:11:03 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/07/12 10:20:29 | 004,149,228 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe

[2011/07/12 10:20:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\tdsskiller

[2011/07/11 15:13:32 | 001,925,512 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe

[2011/07/11 00:57:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools

[2011/07/09 23:52:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[2011/07/09 23:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/07/09 22:41:33 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\johndoe.exe

[2011/07/09 10:50:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Symantec

[2011/07/08 18:43:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Temp

[2011/07/08 18:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook

[2011/07/08 07:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2011/07/08 07:33:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes

[2011/07/08 07:32:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/06/16 10:02:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel

[2009/02/05 23:39:26 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/12 17:33:15 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2011/07/12 17:20:50 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat

[2011/07/12 15:48:06 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-2139871995-725345543-1003UA.job

[2011/07/12 11:50:39 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job

[2011/07/12 11:47:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/07/12 11:47:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/07/12 11:46:30 | 000,010,588 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-0000000C-00001102-00000004-00581102}.rfx

[2011/07/12 11:46:30 | 000,010,588 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-0000000C-00001102-00000004-00581102}.rfx

[2011/07/12 11:46:30 | 000,006,456 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-0000000C-00001102-00000004-00581102}.rfx

[2011/07/12 11:46:30 | 000,006,456 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-0000000C-00001102-00000004-00581102}.rfx

[2011/07/12 08:41:48 | 004,149,228 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe

[2011/07/11 18:48:01 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-2139871995-725345543-1003Core.job

[2011/07/11 15:14:25 | 001,925,512 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe

[2011/07/11 12:52:35 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job

[2011/07/11 00:00:00 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\Symantec Drmc.job

[2011/07/09 22:41:33 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\johndoe.exe

[2011/07/09 09:06:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/07/09 00:55:39 | 000,000,548 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Owner.job

[2011/07/08 07:37:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/07/08 07:33:47 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/07/04 02:00:01 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-GATEWAY_SYSTEM-Owner.job

[2011/06/26 01:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2011/06/16 10:40:41 | 000,493,944 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/06/16 10:40:41 | 000,084,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/06/16 10:29:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/12 11:12:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/07/12 11:12:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/07/12 11:12:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/07/12 11:12:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/07/12 11:12:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/07/11 15:17:16 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat

[2011/07/08 18:43:36 | 000,000,998 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-2139871995-725345543-1003UA.job

[2011/07/08 18:43:34 | 000,000,976 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-2139871995-725345543-1003Core.job

[2011/07/08 07:36:50 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/07/08 07:33:47 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/06/01 15:04:00 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

[2011/04/30 02:07:09 | 000,339,314 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2011/04/29 10:07:23 | 000,339,314 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1202660629-2139871995-725345543-1003-0.dat

[2011/04/28 22:01:02 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc

[2011/04/21 15:20:31 | 000,138,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2011/04/21 15:20:09 | 000,234,768 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe

[2010/11/25 00:32:09 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/11/21 19:00:55 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2010/11/21 19:00:48 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2010/11/21 19:00:48 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2010/11/20 03:16:56 | 000,156,552 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/05/03 10:21:06 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2010/03/06 20:47:21 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini

[2009/12/29 22:27:11 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2009/12/29 21:25:52 | 000,066,936 | -HS- | C] () -- C:\WINDOWS\dlinfo_0.drv

[2009/12/29 21:25:32 | 000,061,440 | ---- | C] () -- C:\WINDOWS\diabunin.exe

[2009/11/01 12:52:01 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PnkBstrK.sys

[2009/10/21 23:01:44 | 000,077,784 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2009/10/05 07:43:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\MPMapTrace.dll

[2009/10/05 07:07:52 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\mpPathan.dll

[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2009/05/05 19:07:27 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat

[2009/03/29 20:08:30 | 000,000,097 | ---- | C] () -- C:\WINDOWS\studt.ini

[2009/03/29 19:49:06 | 000,086,528 | ---- | C] () -- C:\WINDOWS\bnetunin.exe

[2009/02/24 17:04:29 | 000,000,580 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2009/02/15 17:46:18 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat

[2009/02/15 13:30:14 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2009/02/12 09:49:00 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll

[2009/02/12 09:48:54 | 000,000,162 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini

[2009/02/12 09:44:41 | 000,000,681 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini

[2009/02/12 09:36:47 | 000,105,044 | ---- | C] () -- C:\WINDOWS\HPFins09.dat

[2009/02/12 09:36:47 | 000,003,732 | ---- | C] () -- C:\WINDOWS\hpfmdl09.dat

[2009/02/10 20:06:58 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/02/07 14:15:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009/02/06 18:40:24 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009/02/06 00:25:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/02/06 00:08:58 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat

[2009/02/06 00:07:43 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-0000000C-00001102-00000004-00581102}.dat

[2009/02/06 00:07:43 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-0000000C-00001102-00000004-00581102}.dat

[2009/02/05 23:58:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/02/05 23:43:23 | 000,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL

[2009/02/05 23:43:23 | 000,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll

[2009/02/05 23:43:23 | 000,109,056 | ---- | C] () -- C:\WINDOWS\UNWISE32.EXE

[2009/02/05 23:43:23 | 000,082,864 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE

[2009/02/05 23:43:23 | 000,004,052 | ---- | C] () -- C:\WINDOWS\unwise32.ini

[2009/02/05 23:43:23 | 000,004,052 | ---- | C] () -- C:\WINDOWS\unwise.ini

[2009/02/05 23:40:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SBWIN.INI

[2009/02/05 23:39:28 | 000,034,917 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini

[2009/02/05 23:39:28 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2009/02/05 23:39:27 | 000,179,669 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat

[2009/02/05 23:39:27 | 000,163,933 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat

[2009/02/05 23:39:27 | 000,112,396 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT

[2009/02/05 23:39:27 | 000,112,296 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat

[2009/02/05 23:39:27 | 000,044,055 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat

[2009/02/05 23:39:26 | 000,176,128 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE

[2009/02/05 23:39:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE

[2009/02/05 23:39:26 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE

[2009/02/05 23:39:26 | 000,000,166 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI

[2009/02/05 23:30:13 | 000,000,208 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2009/02/05 23:30:07 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\unzdll.dll

[2009/02/05 23:28:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/02/05 23:25:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/02/05 17:21:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/02/05 17:21:15 | 000,361,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/11/05 13:42:45 | 000,062,400 | ---- | C] () -- C:\WINDOWS\System32\IFC.dll

[2008/11/05 13:41:56 | 000,422,848 | ---- | C] () -- C:\WINDOWS\System32\PPL.dll

[2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2002/03/26 10:36:48 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll

[2002/02/06 10:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll

[2001/08/05 00:00:00 | 000,000,136 | ---- | C] () -- C:\WINDOWS\winvdx.dll

[2001/07/06 17:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

[1979/12/31 19:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[1979/12/31 19:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[1979/12/31 19:00:00 | 000,493,944 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[1979/12/31 19:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[1979/12/31 19:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[1979/12/31 19:00:00 | 000,084,488 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[1979/12/31 19:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[1979/12/31 19:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[1979/12/31 19:00:00 | 000,005,114 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[1979/12/31 19:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[1979/12/31 19:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/05/12 15:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk

[2010/10/02 17:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software

[2010/02/14 01:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro

[2011/04/28 19:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dassault Systemes

[2009/11/21 17:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo

[2010/05/03 09:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

[2010/11/22 02:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy

[2009/05/05 19:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games

[2010/11/09 17:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe

[2011/04/25 17:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/04/16 17:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/09/24 19:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2011/04/21 20:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\111 Pix Ltd

[2011/05/12 15:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Autodesk

[2010/01/17 21:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Bioshock

[2009/04/14 16:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Braid

[2010/02/14 09:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Pro

[2009/03/03 15:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dev-Cpp

[2011/04/28 19:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DraftSight

[2010/05/03 10:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FreeAudioPack

[2009/12/29 20:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GameRanger

[2011/04/24 21:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IMSIDesign

[2009/04/16 08:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\McGraw-HillLicensing

[2009/11/27 22:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Microchip

[2010/05/03 09:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound

[2010/12/02 23:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OnLive App

[2009/12/06 03:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org

[2010/11/22 02:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PACE Anti-Piracy

[2009/08/29 15:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Petroglyph

[2011/04/28 20:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SmartDraw

[2010/11/22 02:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity

[2010/11/27 02:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\XLink Kai

[2011/07/11 18:48:01 | 000,000,976 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-2139871995-725345543-1003Core.job

[2011/07/12 15:48:06 | 000,000,998 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-2139871995-725345543-1003UA.job

[2011/07/12 11:50:39 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

[1998/10/13 09:25:14 | 000,005,248 | ---- | M] () -- C:\BRCDFIND.EXE

[2000/04/20 06:48:26 | 000,002,592 | ---- | M] () -- C:\CDEJECT.EXE

[2001/11/08 11:00:52 | 000,462,848 | ---- | M] (Gateway, Inc.) -- C:\INSERTCD.EXE

[1998/05/11 07:31:00 | 000,045,379 | ---- | M] () -- C:\SMARTDRV.EXE

< MD5 for: EXPLORER.EXE >

[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe

[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >

[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe

[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe

[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

[2004/08/04 02:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >

[2004/08/04 02:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe

[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >

[2004/08/04 02:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe

[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/27 21:18:33 | 000,712,976 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/27 21:18:33 | 000,712,976 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/27 21:18:33 | 000,712,976 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/27 21:18:36 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/27 21:18:36 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/27 21:18:36 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2001/08/30 05:30:00 | 000,090,112 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/27 21:18:33 | 000,712,976 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/27 21:18:33 | 000,712,976 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/27 21:18:33 | 000,712,976 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/27 21:18:36 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/27 21:18:36 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/27 21:18:36 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2001/08/30 05:30:00 | 000,090,112 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\WINDOWS\$NtUninstallKB63049$] -> -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 500 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F34493AA

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:449B81FC

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E138854D

@Alternate Data Stream - 1111 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:B6p8fxB0z2r2CCeDE9lnKFZY

@Alternate Data Stream - 1055 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:8xNRneHyrbOIvVvCqbWKTHJZnQ9S

< End of report >

Link to post
Share on other sites

Extras.txt:

OTL Extras logfile created on: 7/12/2011 5:36:17 PM - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.30 Mb Total Physical Memory | 223.29 Mb Available Physical Memory | 43.67% Memory free

1.22 Gb Paging File | 0.92 Gb Available in Paging File | 75.51% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 128.00 Gb Total Space | 12.40 Gb Free Space | 9.68% Space Free | Partition Type: NTFS

Drive D: | 325.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: GATEWAY_SYSTEM | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1202660629-2139871995-725345543-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Steam\steamapps\stipli33\source sdk base\hl2.exe" = C:\Program Files\Steam\steamapps\stipli33\source sdk base\hl2.exe:*:Enabled:hl2 -- ()

"C:\Program Files\Steam\steamapps\stipli33\source sdk base 2007\hl2.exe" = C:\Program Files\Steam\steamapps\stipli33\source sdk base 2007\hl2.exe:*:Enabled:hl2 -- ()

"C:\Program Files\Steam\steamapps\stipli33\insurgency\hl2.exe" = C:\Program Files\Steam\steamapps\stipli33\insurgency\hl2.exe:*:Enabled:hl2 -- ()

"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Diablo\diablo.exe" = C:\Diablo\diablo.exe:*:Enabled:Diablo -- (Blizzard Entertainment)

"C:\Documents and Settings\Owner\Application Data\GameRanger\GameRanger\GameRanger.exe" = C:\Documents and Settings\Owner\Application Data\GameRanger\GameRanger\GameRanger.exe:*:Enabled:GameRanger -- (GameRanger Technologies)

"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)

"C:\WINDOWS\system32\winver.exe" = C:\WINDOWS\system32\winver.exe:*:Enabled:winver -- (Microsoft Corporation)

"C:\Program Files\Steam\steam.exe" = C:\Program Files\Steam\steam.exe:*:Enabled:steam -- (Valve Corporation)

"C:\Program Files\Steam\steamapps\vlada822002@yahoo.com\team fortress classic\hl.exe" = C:\Program Files\Steam\steamapps\vlada822002@yahoo.com\team fortress classic\hl.exe:*:Enabled:Team Fortress Classic -- (Valve)

"C:\Program Files\Steam\steamapps\vlada822002@yahoo.com\half-life\hl.exe" = C:\Program Files\Steam\steamapps\vlada822002@yahoo.com\half-life\hl.exe:*:Enabled:Half-Life -- (Valve)

"C:\UDK\UDK-2009-12\Binaries\Win32\UDK.exe" = C:\UDK\UDK-2009-12\Binaries\Win32\UDK.exe:*:Enabled:UDK -- (Epic Games, Inc.)

"C:\Program Files\Steam\steamapps\vlada822002@yahoo.com\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\vlada822002@yahoo.com\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)

"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)

"C:\Program Files\Steam\steamapps\common\portal 2\bin\SDKLauncher.exe" = C:\Program Files\Steam\steamapps\common\portal 2\bin\SDKLauncher.exe:*:Enabled:Portal 2 Authoring Tools - Beta -- ()

"C:\Program Files\Steam\steamapps\common\portal 2\portal2.exe" = C:\Program Files\Steam\steamapps\common\portal 2\portal2.exe:*:Enabled:Portal 2 -- ()

"C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)

"C:\WINDOWS\system32\HPZinw12.exe" = C:\WINDOWS\system32\HPZinw12.exe:*:Disabled:IEEE-1284.4-1999 Network Driver (Windows) -- (HP)

"C:\Program Files\DivX\DivX Update\DivXUpdate.exe" = C:\Program Files\DivX\DivX Update\DivXUpdate.exe:*:Disabled:DivX Update -- ()

"C:\Program Files\Common Files\Java\Java Update\jucheck.exe" = C:\Program Files\Common Files\Java\Java Update\jucheck.exe:*:Disabled:Java Update Checker -- (Sun Microsystems, Inc.)

"C:\Program Files\Norton SystemWorks\CfgWiz.exe" = C:\Program Files\Norton SystemWorks\CfgWiz.exe:*:Enabled:Symantec Internal Component -- (Symantec Corporation)

"C:\Program Files\Common Files\Symantec Shared\NMain.exe" = C:\Program Files\Common Files\Symantec Shared\NMain.exe:*:Enabled:Symantec Integrator -- (Symantec Corporation)

"C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" = C:\Program Files\DAEMON Tools Pro\DTProAgent.exe:*:Disabled:DAEMON Tools Pro Agent -- (DT Soft Ltd)

"C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbUpdate.exe" = C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbUpdate.exe:*:Disabled:Hewlett-Packard Product Assistant -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\Malwarebytes' Anti-Malware\jonfo.exe" = C:\Program Files\Malwarebytes' Anti-Malware\jonfo.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)

"C:\Program Files\Malwarebytes' Anti-Malware\johnfoo.exe" = C:\Program Files\Malwarebytes' Anti-Malware\johnfoo.exe:*:Enabled:Malwarebytes' Anti-Malware -- ()

"C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe" = C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe:*:Enabled:DAEMON Tools Pro Shell Extensions Helper -- (DT Soft Ltd)

"C:\Program Files\Malwarebytes' Anti-Malware\johndoe.exe" = C:\Program Files\Malwarebytes' Anti-Malware\johndoe.exe:*:Enabled:Malwarebytes' Anti-Malware -- ()

"C:\Program Files\Malwarebytes' Anti-Malware\magnum.com.exe" = C:\Program Files\Malwarebytes' Anti-Malware\magnum.com.exe:*:Enabled:Malwarebytes' Anti-Malware -- ()

"C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe:*:Disabled:Facebook Installer -- (Facebook Inc.)

"C:\Program Files\Common Files\Java\Java Update\jaucheck.exe" = C:\Program Files\Common Files\Java\Java Update\jaucheck.exe:*:Enabled:Java Update Client Checker -- (Sun Microsystems, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{07473686-FC3A-4825-9CA9-97D269145F62}" = Motorola Phone Tools

"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0F40754C-F1FD-43df-B73E-9DA38399CDD6}" = hpf_ProductContext

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{14A67CE0-4F30-4607-885B-43EE27BAC746}" = Readme

"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations

"{2551F009-358A-4EA3-93A6-4DA7C7309B38}" = Wine LabelMaker from Stoney Creek Wine Press

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 24

"{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}" = Internet Worm Protection

"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars Knights of the Old Republic

"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet

"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm

"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5783F2D7-0309-0409-0002-0060B0CE6BBA}" = AutoCAD LT 2005 - English

"{5783F2D7-A004-0409-0002-0060B0CE6BBA}" = AutoCAD Architecture 2012 - English

"{5783F2D7-A004-0409-1002-0060B0CE6BBA}" = AutoCAD Architecture 2012 Language Pack - English

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars® Knights of the Old Republic® II: The Sith Lords

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}" = Norton Utilities

"{6AEFC5D3-4B2F-4044-A4F9-E51F37820E70}" = MPLAB Tools v8.40

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71E7B3F5-CFAF-4C1E-B494-528E28707937}" = Norton SystemWorks 2005

"{75C023EC-64A0-44F7-9D99-C6F6E21EB6F0}" = Do More - Home

"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7ADE9F27-A175-447F-A4B4-B05FA82735E1}" = HP Deskjet 6900 series

"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes

"{8681B1E6-CD96-46EF-9065-CE0D1085ED99}" = Star Wars JK II Jedi Outcast

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{87F59A07-55EE-415E-A966-31F3D8B6B7AD}" = LP6940_Help

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C61886F-D069-46EF-A58A-76B17415D0B0}" = Facebook Video Calling 1.0.0.7153

"{8DC6CA16-9B4E-4C10-95EE-2BD91EB0290C}" = LP6940Trb

"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012

"{900B1884-2D6F-4a70-A3C7-C3F4DA873FDB}" = NSW_DRM_COLLECTION

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content

"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business

"{9115E7DB-3B29-445A-802D-11E0AA945B7F}" = Sound Blaster Audigy

"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58

"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C209B30-F71F-4c53-8D26-453208EC8E91}" = dj6940

"{9E23C48E-5483-4971-BA50-089F2FABCD66}" = Norton SystemWorks

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support

"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support

"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour

"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX

"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005

"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5

"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront

"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update

"{CB1F3886-AE9F-46fb-8325-6B0718989285}" = dj_taplugin

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}" = MSRedist

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D327AFC9-7BAA-473A-8319-6EB7A0D40138}" = Symantec Script Blocking Installer

"{D3D1D696-84A8-465A-BC61-CDAC852B24CD}_is1" = Pod to PC 2.6

"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life® 2

"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86

"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant

"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando

"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg

"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update

"{EE7D7509-CC19-4DED-A439-F50B191C9E37}" = DraftSight

"{EF2AA69F-67E4-4721-89F9-04F4A177F9C5}" = Motorola Phone Tools

"{F1FBF021-B965-42D3-BF63-D7A121B5490D}" = HelpSpot

"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012

"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack

"AC3Filter" = AC3Filter (remove only)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AutoCAD Architecture 2012 - English" = AutoCAD Architecture 2012 - English

"Autodesk DWF Viewer" = Autodesk DWF Viewer

"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012

"Battle.net" = Battle.net

"Call of Duty Dawnville Demo" = Call of Duty Dawnville Demo

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Coupon Printer for Windows4.0" = Coupon Printer for Windows

"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)

"Diablo" = Diablo

"Diablo II" = Diablo II

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup.divx.com" = DivX Setup

"FilmOn HDi Player" = FilmOn HDi Player

"Fraps" = Fraps

"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9

"Gateway Desktop Manager" = Gateway Desktop Manager

"Gateway IE Customizations" = Gateway IE Customizations

"GTW V.92 Voicemodem" = GTW V.92 Voicemodem

"Half-Life" = Half-Life

"HI-TIDE 3.15PL2" = HI-TIDE V3.15PL2

"HP Imaging Device Functions" = HP Imaging Device Functions 6.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.0

"InstallShield_{6AEFC5D3-4B2F-4044-A4F9-E51F37820E70}" = MPLAB Tools v8.40

"LiveReg" = LiveReg (Symantec Corporation)

"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)

"MPLAB C18 v3.34 Standard Evaluation" = MPLAB C18 v3.34 Standard Evaluation

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Natural Selection_is1" = Natural Selection 3.2

"nbi-alice-3.0.0.2.10" = Alice Application

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"OnLive" = OnLive

"PCDoctor" = PC-Doctor for Windows

"PICC-18 9.63PL3" = HI-TECH C PRO for the PIC18 MCU Family V9.63PL3

"Plants vs. Zombies" = Plants vs. Zombies

"PROSet" = Intel® PRO Ethernet Adapter and Software

"PunkBusterSvc" = PunkBuster Services

"Sierra Utilities" = Sierra Utilities

"SmartDraw VP" = SmartDraw VP

"Steam App 10" = Counter-Strike

"Steam App 130" = Half-Life: Blue Shift

"Steam App 17700" = Insurgency

"Steam App 20" = Team Fortress Classic

"Steam App 218" = Source SDK Base - Orange Box

"Steam App 260" = Counter-Strike: Source Beta

"Steam App 30" = Day of Defeat

"Steam App 320" = Half-Life 2: Deathmatch

"Steam App 340" = Half-Life 2: Lost Coast

"Steam App 620" = Portal 2

"Steam App 629" = Portal 2 Authoring Tools - Beta

"SymSetup.{71E7B3F5-CFAF-4C1E-B494-528E28707937}" = Norton SystemWorks 2005 (Symantec Corporation)

"The Extractor1.4.1" = The Extractor

"UDK-40817000-cfd9-4d91-80d0-2e9ec4da2025" = Unreal Development Kit: 2009-12

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1202660629-2139871995-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"GameRanger" = GameRanger

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 7/12/2011 11:26:05 AM | Computer Name = GATEWAY_SYSTEM | Source = .NET Runtime 4.0 Error Reporting | ID = 1000

Description = Faulting application connect.service.contentservice.exe, version 2.0.90.0,

stamp 4d49aaf8, faulting module kernel32.dll, version 5.1.2600.5781, stamp 49c4f482,

debug? 0, fault address 0x00012afb.

Error - 7/12/2011 12:12:42 PM | Computer Name = GATEWAY_SYSTEM | Source = Application Hang | ID = 1002

Description = Hanging application CSCRIPT.cfxxe, version 5.7.0.18066, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/12/2011 12:12:43 PM | Computer Name = GATEWAY_SYSTEM | Source = Application Hang | ID = 1002

Description = Hanging application CSCRIPT.cfxxe, version 5.7.0.18066, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/12/2011 12:22:02 PM | Computer Name = GATEWAY_SYSTEM | Source = .NET Runtime 4.0 Error Reporting | ID = 1000

Description = Faulting application connect.service.contentservice.exe, version 2.0.90.0,

stamp 4d49aaf8, faulting module kernel32.dll, version 5.1.2600.5781, stamp 49c4f482,

debug? 0, fault address 0x00012afb.

Error - 7/12/2011 12:50:40 PM | Computer Name = GATEWAY_SYSTEM | Source = .NET Runtime 4.0 Error Reporting | ID = 1000

Description = Faulting application connect.service.contentservice.exe, version 2.0.90.0,

stamp 4d49aaf8, faulting module kernel32.dll, version 5.1.2600.5781, stamp 49c4f482,

debug? 0, fault address 0x00012afb.

Error - 7/12/2011 12:54:54 PM | Computer Name = GATEWAY_SYSTEM | Source = Application Hang | ID = 1002

Description = Hanging application CSCRIPT.cfxxe, version 5.7.0.18066, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/12/2011 12:56:16 PM | Computer Name = GATEWAY_SYSTEM | Source = Application Hang | ID = 1002

Description = Hanging application CSCRIPT.cfxxe, version 5.7.0.18066, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/12/2011 1:00:22 PM | Computer Name = GATEWAY_SYSTEM | Source = Application Error | ID = 1000

Description = Faulting application hpqste08.exe, version 60.0.155.0, faulting module

hpzidr12.dll, version 10.1.1.2, fault address 0x00007019.

Error - 7/12/2011 1:48:06 PM | Computer Name = GATEWAY_SYSTEM | Source = Google Update | ID = 20

Description =

Error - 7/12/2011 4:48:05 PM | Computer Name = GATEWAY_SYSTEM | Source = Google Update | ID = 20

Description =

[ System Events ]

Error - 7/12/2011 11:26:10 AM | Computer Name = GATEWAY_SYSTEM | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 7/12/2011 12:09:50 PM | Computer Name = GATEWAY_SYSTEM | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 7/12/2011 12:10:52 PM | Computer Name = GATEWAY_SYSTEM | Source = Service Control Manager | ID = 7034

Description = The Speed Disk service service terminated unexpectedly. It has done

this 1 time(s).

Error - 7/12/2011 12:15:04 PM | Computer Name = GATEWAY_SYSTEM | Source = PlugPlayManager | ID = 11

Description = The device Root\*PNPd042\0000 disappeared from the system without

first being prepared for removal.

Error - 7/12/2011 12:20:32 PM | Computer Name = GATEWAY_SYSTEM | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Autodesk Content Service

service to connect.

Error - 7/12/2011 12:20:32 PM | Computer Name = GATEWAY_SYSTEM | Source = Service Control Manager | ID = 7000

Description = The Autodesk Content Service service failed to start due to the following

error: %%1053

Error - 7/12/2011 12:20:32 PM | Computer Name = GATEWAY_SYSTEM | Source = Service Control Manager | ID = 7000

Description = The PnkBstrA service failed to start due to the following error: %%2

Error - 7/12/2011 12:48:48 PM | Computer Name = GATEWAY_SYSTEM | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Autodesk Content Service

service to connect.

Error - 7/12/2011 12:48:48 PM | Computer Name = GATEWAY_SYSTEM | Source = Service Control Manager | ID = 7000

Description = The Autodesk Content Service service failed to start due to the following

error: %%1053

Error - 7/12/2011 12:48:48 PM | Computer Name = GATEWAY_SYSTEM | Source = Service Control Manager | ID = 7000

Description = The PnkBstrA service failed to start due to the following error: %%2

< End of report >

Link to post
Share on other sites

hi

Download aswMBR.exe to your desktop.

On completion of the scan

Click the FIXMBR

Save the log as before and post in your next reply

Next

Download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Link to post
Share on other sites

Hi,

aswMBR:

aswMBR version 0.9.7.707 Copyright© 2011 AVAST Software

Run date: 2011-07-13 07:52:14

-----------------------------

07:52:14.484 OS Version: Windows 5.1.2600 Service Pack 3

07:52:14.484 Number of processors: 1 586 0x204

07:52:14.484 ComputerName: GATEWAY_SYSTEM UserName: Owner

07:52:14.968 Initialize success

07:52:18.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

07:52:18.406 Disk 0 Vendor: WDC_WD1600JB-00GVA0 08.02D08 Size: 152627MB BusType: 3

07:52:18.406 Disk 0 MBR read error 0

07:52:18.406 Disk 0 MBR scan

07:52:18.406 Disk 0 unknown MBR code

07:52:18.406 MBR BIOS signature not found 0

07:52:18.406 Disk 0 scanning sectors +268430085

07:52:18.406 Disk 0 scanning C:\WINDOWS\system32\drivers

07:52:29.625 Service scanning

07:52:30.562 Disk 0 trace - called modules:

07:52:30.562 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spcx.sys >>UNKNOWN [0x82f90938]<<

07:52:30.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82ed5ab8]

07:52:30.562 3 CLASSPNP.SYS[f8516fd7] -> nt!IofCallDriver -> \Device\0000006e[0x82f003b8]

07:52:30.562 5 ACPI.sys[f8362620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f08d98]

07:52:30.562 Scan finished successfully

07:52:32.437 Disk 0 MBR fix error

07:52:33.468 Disk 0 MBR fix error

07:52:39.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"

07:52:39.328 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR3.txt"

MBRcheck:

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0000003d

Kernel Drivers (total 136):

0x804D7000 \WINDOWS\system32\ntoskrnl.exe

0x806EF000 \WINDOWS\system32\hal.dll

0xF89B6000 \WINDOWS\system32\KDCOM.DLL

0xF88C6000 \WINDOWS\system32\BOOTVID.dll

0xF83A2000 spcx.sys

0xF89B8000 \WINDOWS\System32\Drivers\WMILIB.SYS

0xF838A000 \WINDOWS\System32\Drivers\SCSIPORT.SYS

0xF835C000 ACPI.sys

0xF834B000 pci.sys

0xF84B6000 ohci1394.sys

0xF84C6000 \WINDOWS\System32\DRIVERS\1394BUS.SYS

0xF84D6000 isapnp.sys

0xF89BA000 intelide.sys

0xF8736000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS

0xF84E6000 MountMgr.sys

0xF832C000 ftdisk.sys

0xF873E000 PartMgr.sys

0xF84F6000 VolSnap.sys

0xF8314000 atapi.sys

0xF8506000 disk.sys

0xF8516000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS

0xF82F4000 fltmgr.sys

0xF82E2000 sr.sys

0xF8526000 PxHelp20.sys

0xF82CB000 KSecDD.sys

0xF823E000 Ntfs.sys

0xF8211000 NDIS.sys

0xF81F7000 Mup.sys

0xF8536000 agp440.sys

0xF8566000 \SystemRoot\System32\DRIVERS\nic1394.sys

0xF8696000 \SystemRoot\System32\DRIVERS\intelppm.sys

0xF6C48000 \SystemRoot\System32\DRIVERS\nv4_mini.sys

0xF6C34000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS

0xF889E000 \SystemRoot\System32\DRIVERS\usbohci.sys

0xF6C10000 \SystemRoot\System32\DRIVERS\USBPORT.SYS

0xF88A6000 \SystemRoot\System32\DRIVERS\usbehci.sys

0xF6BED000 \SystemRoot\System32\DRIVERS\e100b325.sys

0xF6B76000 \SystemRoot\system32\drivers\ctaud2k.sys

0xF6B52000 \SystemRoot\system32\drivers\portcls.sys

0xF86C6000 \SystemRoot\system32\drivers\drmk.sys

0xF6B2F000 \SystemRoot\system32\drivers\ks.sys

0xF6B16000 \SystemRoot\system32\drivers\ctoss2k.sys

0xF8A14000 \SystemRoot\System32\drivers\ctprxy2k.sys

0xF69AE000 \SystemRoot\System32\DRIVERS\GWMDM.sys

0xF88AE000 \SystemRoot\System32\Drivers\Modem.SYS

0xF86D6000 \SystemRoot\System32\DRIVERS\i8042prt.sys

0xF88B6000 \SystemRoot\System32\DRIVERS\mouclass.sys

0xF88BE000 \SystemRoot\System32\DRIVERS\kbdclass.sys

0xF8756000 \SystemRoot\System32\DRIVERS\fdc.sys

0xF86E6000 \SystemRoot\System32\DRIVERS\serial.sys

0xF7B3E000 \SystemRoot\System32\DRIVERS\serenum.sys

0xF699A000 \SystemRoot\System32\DRIVERS\parport.sys

0xF86F6000 \SystemRoot\System32\DRIVERS\cdrom.sys

0xF8706000 \SystemRoot\System32\DRIVERS\redbook.sys

0xF875E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0xF8716000 \SystemRoot\system32\DRIVERS\imapi.sys

0xF8766000 \SystemRoot\System32\DRIVERS\usbuhci.sys

0xF6961000 \SystemRoot\System32\Drivers\a8bhepl1.SYS

0xF8AC2000 \SystemRoot\System32\DRIVERS\audstub.sys

0xF8726000 \SystemRoot\System32\DRIVERS\rasl2tp.sys

0xF788E000 \SystemRoot\System32\DRIVERS\ndistapi.sys

0xF694A000 \SystemRoot\System32\DRIVERS\ndiswan.sys

0xF7BEA000 \SystemRoot\System32\DRIVERS\raspppoe.sys

0xF7BDA000 \SystemRoot\System32\DRIVERS\raspptp.sys

0xF87CE000 \SystemRoot\System32\DRIVERS\TDI.SYS

0xF6939000 \SystemRoot\System32\DRIVERS\psched.sys

0xF7BCA000 \SystemRoot\System32\DRIVERS\msgpc.sys

0xF87D6000 \SystemRoot\System32\DRIVERS\ptilink.sys

0xF87DE000 \SystemRoot\System32\DRIVERS\raspti.sys

0xF7BBA000 \SystemRoot\System32\DRIVERS\termdd.sys

0xF8A1A000 \SystemRoot\System32\DRIVERS\swenum.sys

0xF68DB000 \SystemRoot\System32\DRIVERS\update.sys

0xF7886000 \SystemRoot\System32\DRIVERS\mssmbios.sys

0xF7B9A000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF7B8A000 \SystemRoot\System32\DRIVERS\usbhub.sys

0xF8A1C000 \SystemRoot\System32\DRIVERS\USBD.SYS

0xF4736000 \SystemRoot\system32\drivers\ha10kx2k.sys

0xF4725000 \SystemRoot\System32\drivers\ctac32k.sys

0xF470C000 \SystemRoot\System32\drivers\emupia2k.sys

0xF46ED000 \SystemRoot\System32\drivers\ctsfm2k.sys

0xF8966000 \SystemRoot\system32\drivers\MODEMCSA.sys

0xF87EE000 \SystemRoot\System32\DRIVERS\flpydisk.sys

0xF8A22000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF8A9C000 \SystemRoot\System32\Drivers\Null.SYS

0xF8A24000 \SystemRoot\System32\Drivers\Beep.SYS

0xF87FE000 \SystemRoot\System32\drivers\vga.sys

0xF8A26000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF8A28000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF8806000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF880E000 \SystemRoot\System32\Drivers\Npfs.SYS

0xF897E000 \SystemRoot\System32\DRIVERS\rasacd.sys

0xF46BA000 \SystemRoot\System32\DRIVERS\ipsec.sys

0xF4661000 \SystemRoot\System32\DRIVERS\tcpip.sys

0xF4621000 \SystemRoot\System32\Drivers\SYMTDI.SYS

0xF4604000 \??\C:\Program Files\Symantec\SYMEVENT.SYS

0xF45DC000 \SystemRoot\System32\DRIVERS\netbt.sys

0xF45BA000 \SystemRoot\System32\drivers\afd.sys

0xF7B6A000 \SystemRoot\System32\DRIVERS\netbios.sys

0xF45A7000 \??\C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRTPEL.SYS

0xF457C000 \SystemRoot\System32\DRIVERS\rdbss.sys

0xF450C000 \SystemRoot\System32\DRIVERS\mrxsmb.sys

0xF8576000 \SystemRoot\System32\Drivers\Fips.SYS

0xF44E6000 \SystemRoot\System32\DRIVERS\ipnat.sys

0xF85E6000 \SystemRoot\System32\DRIVERS\wanarp.sys

0xF85F6000 \SystemRoot\System32\DRIVERS\arp1394.sys

0xF8616000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xF81CF000 \SystemRoot\System32\DRIVERS\hidusb.sys

0xF8626000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS

0xF8816000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS

0xF81CB000 \SystemRoot\System32\DRIVERS\mouhid.sys

0xF4406000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xF8A30000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xF7B4E000 \SystemRoot\System32\drivers\Dxapi.sys

0xF882E000 \SystemRoot\System32\watchdog.sys

0xBD000000 \SystemRoot\System32\drivers\dxg.sys

0xF8BFA000 \SystemRoot\System32\drivers\dxgthk.sys

0xBD012000 \SystemRoot\System32\nv4_disp.dll

0xBD413000 \SystemRoot\System32\ATMFD.DLL

0xB7F9A000 \SystemRoot\System32\DRIVERS\ndisuio.sys

0xB7D29000 \SystemRoot\System32\DRIVERS\mrxdav.sys

0xF8A54000 \SystemRoot\System32\Drivers\ParVdm.SYS

0xB7C24000 \SystemRoot\system32\drivers\wdmaud.sys

0xB7DCE000 \SystemRoot\system32\drivers\sysaudio.sys

0xB7533000 \SystemRoot\System32\DRIVERS\srv.sys

0xF8A04000 \??\C:\WINDOWS\System32\PfModNT.sys

0xF8896000 \??\C:\WINDOWS\System32\drivers\symlcbrd.sys

0xB71E3000 \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\aswMBR.sys

0xB6EE3000 \SystemRoot\System32\Drivers\HTTP.sys

0xB7393000 \??\C:\WINDOWS\system32\drivers\NMSCFG.SYS

0xB6FB4000 \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS

0xB6D79000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

0xB6E1F000 \SystemRoot\System32\Drivers\SYMREDRV.SYS

0xB6AA6000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

0x10000000 \Program Files\DAEMON Tools Pro\Engine.dll

Processes (total 51):

0 System Idle Process

4 System

528 C:\WINDOWS\system32\smss.exe

660 csrss.exe

684 C:\WINDOWS\system32\winlogon.exe

732 C:\WINDOWS\system32\services.exe

744 C:\WINDOWS\system32\lsass.exe

892 C:\WINDOWS\system32\svchost.exe

968 svchost.exe

1008 C:\WINDOWS\system32\svchost.exe

1052 svchost.exe

1116 svchost.exe

1372 C:\WINDOWS\explorer.exe

1408 C:\WINDOWS\system32\spoolsv.exe

1484 svchost.exe

1516 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1656 C:\WINDOWS\system32\CTHELPER.EXE

1684 C:\WINDOWS\GWMDMMSG.exe

1692 C:\WINDOWS\system32\PROMon.exe

1700 C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE

1720 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

1824 C:\Program Files\DivX\DivX Update\DivXUpdate.exe

1832 C:\Program Files\Common Files\Java\Java Update\jusched.exe

1848 C:\WINDOWS\system32\rundll32.exe

1872 C:\Program Files\iTunes\iTunesHelper.exe

176 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

336 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

404 C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe

924 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

1040 C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE

1188 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

1280 C:\Program Files\Java\jre6\bin\jqs.exe

1332 C:\WINDOWS\system32\NMSSvc.Exe

1448 C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMNTOR.EXE

856 C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE

1596 C:\WINDOWS\system32\nvsvc32.exe

2000 daemonu.exe

2204 C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.exe

2240 C:\WINDOWS\system32\svchost.exe

2264 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

2304 C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE

3088 C:\WINDOWS\system32\wscntfy.exe

3148 C:\Program Files\iPod\bin\iPodService.exe

3668 alg.exe

4092 C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe

900 <unknown>

2776 C:\Program Files\Mozilla Firefox\firefox.exe

4064 C:\WINDOWS\system32\svchost.exe

3256 C:\WINDOWS\system32\HPZinw12.exe

188 C:\WINDOWS\system32\HPZipm12.exe

2004 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600JB-00GVA0, Rev: 08.02D08

Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Link to post
Share on other sites

No when I last checked it did not redirect me from google so that is gone. I still don't have access to mbam but I don't know if that's because I haven't reinstalled it since I used combofix. But it says I still don't have access to it. Other than that I dont notice any other problems.

Link to post
Share on other sites

Nothing to worry about, this file is indeed a clean one, i was hoping to get a copy of the infected one before but I've already fixed it for you :P

Try reinstalling MBAM and see if that solves it.

Link to post
Share on other sites

I reinstalled MBAM and tried to run a quick scan ... and it worked!! YAY!!!!!! XD it ran and found one infection in the registry (PUM.Bad.Proxy) which it quarantined and deleted. So I have two questions do you want me to post the log on here? And that bad proxy is it a bad virus since it wasn't clean by combofix or am I overthinking it?

Link to post
Share on other sites

Sure! here it is!

OTL logfile created on: 7/14/2011 6:51:30 PM - Run 2

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.30 Mb Total Physical Memory | 194.19 Mb Available Physical Memory | 37.98% Memory free

1.22 Gb Paging File | 0.97 Gb Available in Paging File | 79.59% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 128.00 Gb Total Space | 12.51 Gb Free Space | 9.77% Space Free | Partition Type: NTFS

Drive D: | 325.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: GATEWAY_SYSTEM | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/12 17:33:15 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

PRC - [2011/05/25 01:09:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011/03/21 16:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/03/04 15:08:20 | 000,099,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2009/02/06 00:29:54 | 000,819,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/01/17 12:42:04 | 000,181,608 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE

PRC - [2008/01/17 12:42:02 | 000,197,992 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE

PRC - [2008/01/17 12:42:02 | 000,058,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE

PRC - [2005/10/19 13:54:52 | 000,046,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMNTOR.EXE

PRC - [2005/03/14 14:39:06 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZinw12.exe

PRC - [2005/03/14 13:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

PRC - [2004/08/31 00:52:10 | 000,095,328 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

PRC - [2004/08/31 00:50:38 | 000,181,416 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe

PRC - [2002/05/06 19:12:00 | 000,065,536 | ---- | M] (GTW) -- C:\WINDOWS\GWMDMMSG.exe

PRC - [2002/05/03 13:36:24 | 001,118,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\NMSSvc.Exe

PRC - [2002/04/18 19:32:36 | 000,073,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\PROMon.exe

PRC - [2002/02/07 19:01:24 | 000,040,960 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE

========== Modules (SafeList) ==========

MOD - [2011/07/12 17:33:15 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PnkBstrA)

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2011/05/25 01:09:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011/05/12 15:09:31 | 000,074,360 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)

SRV - [2011/04/28 21:59:37 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)

SRV - [2010/03/04 15:08:20 | 002,106,760 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)

SRV - [2010/03/04 15:08:20 | 000,099,720 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2009/02/06 00:29:54 | 000,819,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)

SRV - [2009/02/05 23:34:03 | 000,045,056 | ---- | M] (LANovation) [On_Demand | Stopped] -- C:\WINDOWS\system32\PCTKRNT.SYS -- (PictureTaker)

SRV - [2008/01/17 12:42:04 | 000,181,608 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)

SRV - [2008/01/17 12:42:04 | 000,079,208 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)

SRV - [2008/01/17 12:42:02 | 000,197,992 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)

SRV - [2007/03/28 19:41:56 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)

SRV - [2005/10/19 13:55:00 | 000,067,184 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.EXE -- (SBService)

SRV - [2005/10/19 13:54:52 | 000,046,704 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMNTOR.EXE -- (NPFMntor)

SRV - [2005/10/19 13:54:14 | 000,177,264 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe -- (navapsvc)

SRV - [2005/03/14 13:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2005/03/07 15:59:36 | 000,198,368 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVSCAN.EXE -- (SAVScan)

SRV - [2004/08/31 00:52:10 | 000,095,328 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService)

SRV - [2004/08/31 00:50:38 | 000,181,416 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service)

SRV - [2004/07/21 11:24:03 | 000,173,160 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)

SRV - [2002/05/03 13:36:24 | 001,118,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\NMSSvc.Exe -- (NMSSvc) Intel®

========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2010/11/28 11:24:03 | 000,036,928 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdk41.sys -- (PsSdk41)

DRV - [2010/09/15 13:07:08 | 000,270,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20110709.001\SymIDSCo.sys -- (SYMIDSCO)

DRV - [2010/02/14 01:25:29 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009/12/14 10:16:26 | 001,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100203.004\NAVEX15.SYS -- (NAVEX15)

DRV - [2009/12/14 10:16:26 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100203.004\NAVENG.SYS -- (NAVENG)

DRV - [2009/12/11 18:48:04 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)

DRV - [2009/02/06 00:29:54 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)

DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)

DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)

DRV - [2008/03/29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)

DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)

DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)

DRV - [2007/03/28 19:41:26 | 000,266,552 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)

DRV - [2007/03/28 19:41:24 | 000,018,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)

DRV - [2007/03/28 19:41:20 | 000,037,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)

DRV - [2007/03/28 19:41:18 | 000,047,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)

DRV - [2007/03/28 19:41:14 | 000,171,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)

DRV - [2007/03/28 19:41:12 | 000,011,480 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)

DRV - [2007/01/18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006/09/15 23:52:12 | 000,124,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)

DRV - [2005/03/07 15:59:50 | 000,050,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRTPEL.SYS -- (SAVRTPEL)

DRV - [2005/03/07 15:59:44 | 000,338,056 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRT.SYS -- (SAVRT)

DRV - [2004/08/31 00:38:36 | 000,081,748 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS -- (NPDriver)

DRV - [2004/08/31 00:23:22 | 000,090,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SdDriver.SYS -- (SDdriver)

DRV - [2004/07/21 11:24:02 | 000,341,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)

DRV - [2002/05/06 19:13:00 | 001,106,464 | ---- | M] (GTW) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GWMDM.sys -- (GTWModem)

DRV - [2002/05/03 13:36:44 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NMSCFG.SYS -- (NMSCFG)

DRV - [2002/02/28 10:18:06 | 000,991,672 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)

DRV - [2002/02/28 10:17:24 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)

DRV - [2002/02/28 10:17:14 | 000,211,724 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - [2002/02/28 10:16:58 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV - [2002/02/28 10:16:56 | 000,195,268 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

DRV - [2002/02/28 10:16:44 | 000,834,100 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative EMU10K1/EMU10K2 Audio Driver (WDM)

DRV - [2002/02/28 10:15:12 | 000,114,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)

DRV - [2001/08/17 08:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem)

DRV - [1999/12/17 02:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071301000019

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2

FF - prefs.js..extensions.enabledItems: sr-RS@dictionaries.addons.mozilla.org:0.18

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKLM\Software\MozillaPlugins\@onlive.com/OlGameDetect,version=1.1.0.69034: C:\Program Files\OnLive\FirefoxPlugin\npolgdet.dll (OnLive)

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/27 21:18:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/23 21:39:39 | 000,000,000 | ---D | M]

[2009/02/05 23:58:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

[2011/05/20 17:04:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pchp5nbj.default\extensions

[2010/04/27 21:53:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pchp5nbj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/02/12 09:10:56 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pchp5nbj.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}

[2009/11/03 21:42:08 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pchp5nbj.default\extensions\battlefieldheroespatcher@ea.com

[2011/04/21 15:06:01 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pchp5nbj.default\extensions\battlefieldplay4free@ea.com

[2009/06/02 13:38:53 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pchp5nbj.default\extensions\moveplayer@movenetworks.com

[2011/03/13 14:40:33 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pchp5nbj.default\extensions\personas@christopher.beard

[2010/02/25 03:13:59 | 000,000,000 | ---D | M] (Serbian Dictionary) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pchp5nbj.default\extensions\sr-RS@dictionaries.addons.mozilla.org

[2011/05/21 09:42:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/06/15 19:59:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/09/30 18:44:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/10/14 09:46:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/12/30 23:14:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/04/19 18:22:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

File not found (No name found) --

[2010/06/15 19:59:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/06/27 21:18:36 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll

[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/12 11:47:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [GWMDMMSG] C:\WINDOWS\GWMDMMSG.exe (GTW)

O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\Program\ADGJDet.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [PROMon.exe] C:\WINDOWS\System32\PROMon.exe (Intel Corporation)

O4 - HKLM..\Run: [symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)

O4 - HKLM..\Run: [updReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)

O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)

O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)

O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKCU..\Run: [Norton SystemWorks] C:\Program Files\Norton SystemWorks\cfgwiz.exe (Symantec Corporation)

O4 - HKCU..\Run: [steam] c:\program files\steam\steam.exe (Valve Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE (LANovation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: ([]msn in My Computer)

O16 - DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} https://am.hrblock.com/ActivexComponent/CheckFileStatus.CAB (CheckFileStatus.UserControl1)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module)

O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Desktop Background.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Desktop Background.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/04/28 21:26:24 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O32 - AutoRun File - [2009/02/05 23:26:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2002/02/22 12:35:36 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/14 07:58:55 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/07/14 07:58:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/14 07:58:51 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/07/14 07:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware2

[2011/07/12 17:33:20 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2011/07/12 11:48:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/07/12 11:12:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/07/12 11:12:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/07/12 11:12:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/07/12 11:12:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/07/12 11:11:03 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/07/12 10:20:29 | 004,149,228 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe

[2011/07/12 10:20:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\tdsskiller

[2011/07/11 15:13:32 | 001,905,664 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe

[2011/07/11 00:57:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools

[2011/07/09 23:52:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[2011/07/09 23:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/07/09 22:41:33 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\johndoe.exe

[2011/07/09 10:50:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Symantec

[2011/07/08 18:43:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Temp

[2011/07/08 18:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook

[2011/07/08 07:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2011/07/08 07:33:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes

[2011/07/08 07:32:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/06/16 10:02:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel

[2009/02/05 23:39:26 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/14 18:48:05 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-2139871995-725345543-1003UA.job

[2011/07/14 18:48:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-2139871995-725345543-1003Core.job

[2011/07/14 18:15:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job

[2011/07/14 18:12:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/07/14 09:29:55 | 000,010,588 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-0000000C-00001102-00000004-00581102}.rfx

[2011/07/14 09:29:55 | 000,010,588 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-0000000C-00001102-00000004-00581102}.rfx

[2011/07/14 09:29:55 | 000,006,456 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-0000000C-00001102-00000004-00581102}.rfx

[2011/07/14 09:29:55 | 000,006,456 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-0000000C-00001102-00000004-00581102}.rfx

[2011/07/14 07:58:55 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/14 00:00:00 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\Symantec Drmc.job

[2011/07/13 17:51:34 | 000,000,120 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.zip

[2011/07/13 07:52:39 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat

[2011/07/13 07:51:58 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

[2011/07/13 07:51:52 | 001,905,664 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe

[2011/07/12 17:33:15 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2011/07/12 11:47:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/07/12 08:41:48 | 004,149,228 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe

[2011/07/11 12:52:35 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job

[2011/07/09 22:41:33 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\johndoe.exe

[2011/07/09 09:06:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/07/09 00:55:39 | 000,000,548 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Owner.job

[2011/07/08 07:37:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/07/08 07:33:47 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/07/04 02:00:01 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-GATEWAY_SYSTEM-Owner.job

[2011/06/26 01:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2011/06/16 10:40:41 | 000,493,944 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/06/16 10:40:41 | 000,084,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/06/16 10:29:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/14 07:58:55 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/13 17:51:34 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.zip

[2011/07/13 07:52:02 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

[2011/07/12 11:12:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/07/12 11:12:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/07/12 11:12:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/07/12 11:12:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/07/12 11:12:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/07/11 15:17:16 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat

[2011/07/08 18:43:36 | 000,000,998 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-2139871995-725345543-1003UA.job

[2011/07/08 18:43:34 | 000,000,976 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-2139871995-725345543-1003Core.job

[2011/07/08 07:36:50 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/07/08 07:33:47 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/06/01 15:04:00 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

[2011/04/30 02:07:09 | 000,339,314 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2011/04/29 10:07:23 | 000,339,314 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1202660629-2139871995-725345543-1003-0.dat

[2011/04/28 22:01:02 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc

[2011/04/21 15:20:31 | 000,138,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2011/04/21 15:20:09 | 000,234,768 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe

[2010/11/25 00:32:09 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/11/21 19:00:55 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2010/11/21 19:00:48 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2010/11/21 19:00:48 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2010/11/20 03:16:56 | 000,156,552 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/05/03 10:21:06 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2010/03/06 20:47:21 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini

[2009/12/29 22:27:11 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2009/12/29 21:25:52 | 000,066,936 | -HS- | C] () -- C:\WINDOWS\dlinfo_0.drv

[2009/12/29 21:25:32 | 000,061,440 | ---- | C] () -- C:\WINDOWS\diabunin.exe

[2009/11/01 12:52:01 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PnkBstrK.sys

[2009/10/21 23:01:44 | 000,077,784 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2009/10/05 07:43:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\MPMapTrace.dll

[2009/10/05 07:07:52 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\mpPathan.dll

[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2009/05/05 19:07:27 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat

[2009/03/29 20:08:30 | 000,000,097 | ---- | C] () -- C:\WINDOWS\studt.ini

[2009/03/29 19:49:06 | 000,086,528 | ---- | C] () -- C:\WINDOWS\bnetunin.exe

[2009/02/24 17:04:29 | 000,000,580 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2009/02/15 17:46:18 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat

[2009/02/15 13:30:14 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2009/02/12 09:49:00 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll

[2009/02/12 09:48:54 | 000,000,162 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini

[2009/02/12 09:44:41 | 000,000,681 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini

[2009/02/12 09:36:47 | 000,105,044 | ---- | C] () -- C:\WINDOWS\HPFins09.dat

[2009/02/12 09:36:47 | 000,003,732 | ---- | C] () -- C:\WINDOWS\hpfmdl09.dat

[2009/02/10 20:06:58 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/02/07 14:15:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009/02/06 18:40:24 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009/02/06 00:25:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/02/06 00:08:58 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat

[2009/02/06 00:07:43 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-0000000C-00001102-00000004-00581102}.dat

[2009/02/06 00:07:43 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-0000000C-00001102-00000004-00581102}.dat

[2009/02/05 23:58:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/02/05 23:43:23 | 000,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL

[2009/02/05 23:43:23 | 000,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll

[2009/02/05 23:43:23 | 000,109,056 | ---- | C] () -- C:\WINDOWS\UNWISE32.EXE

[2009/02/05 23:43:23 | 000,082,864 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE

[2009/02/05 23:43:23 | 000,004,052 | ---- | C] () -- C:\WINDOWS\unwise32.ini

[2009/02/05 23:43:23 | 000,004,052 | ---- | C] () -- C:\WINDOWS\unwise.ini

[2009/02/05 23:40:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SBWIN.INI

[2009/02/05 23:39:28 | 000,034,917 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini

[2009/02/05 23:39:28 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2009/02/05 23:39:27 | 000,179,669 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat

[2009/02/05 23:39:27 | 000,163,933 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat

[2009/02/05 23:39:27 | 000,112,396 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT

[2009/02/05 23:39:27 | 000,112,296 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat

[2009/02/05 23:39:27 | 000,044,055 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat

[2009/02/05 23:39:26 | 000,176,128 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE

[2009/02/05 23:39:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE

[2009/02/05 23:39:26 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE

[2009/02/05 23:39:26 | 000,000,166 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI

[2009/02/05 23:30:13 | 000,000,208 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2009/02/05 23:30:07 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\unzdll.dll

[2009/02/05 23:28:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/02/05 23:25:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/02/05 17:21:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/02/05 17:21:15 | 000,361,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/11/05 13:42:45 | 000,062,400 | ---- | C] () -- C:\WINDOWS\System32\IFC.dll

[2008/11/05 13:41:56 | 000,422,848 | ---- | C] () -- C:\WINDOWS\System32\PPL.dll

[2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2002/03/26 10:36:48 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll

[2002/02/06 10:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll

[2001/08/05 00:00:00 | 000,000,136 | ---- | C] () -- C:\WINDOWS\winvdx.dll

[2001/07/06 17:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

[1979/12/31 19:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[1979/12/31 19:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[1979/12/31 19:00:00 | 000,493,944 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[1979/12/31 19:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[1979/12/31 19:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[1979/12/31 19:00:00 | 000,084,488 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[1979/12/31 19:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[1979/12/31 19:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[1979/12/31 19:00:00 | 000,005,114 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[1979/12/31 19:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[1979/12/31 19:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/05/12 15:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk

[2010/10/02 17:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software

[2010/02/14 01:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro

[2011/04/28 19:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dassault Systemes

[2009/11/21 17:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo

[2010/05/03 09:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

[2010/11/22 02:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy

[2009/05/05 19:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games

[2010/11/09 17:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe

[2011/04/25 17:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/04/16 17:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/09/24 19:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2011/04/21 20:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\111 Pix Ltd

[2011/05/12 15:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Autodesk

[2010/01/17 21:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Bioshock

[2009/04/14 16:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Braid

[2010/02/14 09:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Pro

[2009/03/03 15:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dev-Cpp

[2011/04/28 19:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DraftSight

[2010/05/03 10:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FreeAudioPack

[2009/12/29 20:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GameRanger

[2011/04/24 21:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IMSIDesign

[2009/04/16 08:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\McGraw-HillLicensing

[2009/11/27 22:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Microchip

[2010/05/03 09:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound

[2010/12/02 23:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OnLive App

[2009/12/06 03:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org

[2010/11/22 02:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PACE Anti-Piracy

[2009/08/29 15:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Petroglyph

[2011/04/28 20:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SmartDraw

[2010/11/22 02:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity

[2010/11/27 02:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\XLink Kai

[2011/07/14 18:48:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-2139871995-725345543-1003Core.job

[2011/07/14 18:48:05 | 000,000,998 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-2139871995-725345543-1003UA.job

[2011/07/14 18:15:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 500 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F34493AA

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:449B81FC

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E138854D

@Alternate Data Stream - 1111 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:B6p8fxB0z2r2CCeDE9lnKFZY

@Alternate Data Stream - 1055 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:8xNRneHyrbOIvVvCqbWKTHJZnQ9S

< End of report >

Link to post
Share on other sites

hi

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    @Alternate Data Stream - 1111 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:B6p8fxB0z2r2CCeDE9lnKFZY
    @Alternate Data Stream - 1055 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:8xNRneHyrbOIvVvCqbWKTHJZnQ9S

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Link to post
Share on other sites

Hi, here it is:

OTL logfile created on: 7/15/2011 8:26:32 AM - Run 3

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.30 Mb Total Physical Memory | 145.01 Mb Available Physical Memory | 28.36% Memory free

1.22 Gb Paging File | 0.86 Gb Available in Paging File | 70.22% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 128.00 Gb Total Space | 12.58 Gb Free Space | 9.83% Space Free | Partition Type: NTFS

Drive D: | 325.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: GATEWAY_SYSTEM | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/12 17:33:15 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

PRC - [2011/05/25 01:09:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011/03/21 16:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/11/17 11:07:23 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe

PRC - [2010/03/04 15:08:20 | 000,099,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2009/02/06 00:29:54 | 000,819,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/01/17 12:42:04 | 000,181,608 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE

PRC - [2008/01/17 12:42:02 | 000,197,992 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE

PRC - [2008/01/17 12:42:02 | 000,058,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE

PRC - [2005/10/19 13:54:52 | 000,046,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMNTOR.EXE

PRC - [2005/03/14 14:39:06 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZinw12.exe

PRC - [2005/03/14 13:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

PRC - [2004/08/31 00:52:10 | 000,095,328 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

PRC - [2004/08/31 00:50:38 | 000,181,416 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe

PRC - [2002/05/06 19:12:00 | 000,065,536 | ---- | M] (GTW) -- C:\WINDOWS\GWMDMMSG.exe

PRC - [2002/05/03 13:36:24 | 001,118,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\NMSSvc.Exe

PRC - [2002/04/18 19:32:36 | 000,073,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\PROMon.exe

PRC - [2002/02/07 19:01:24 | 000,040,960 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE

========== Modules (SafeList) ==========

MOD - [2011/07/12 17:33:15 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PnkBstrA)

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2011/05/25 01:09:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011/05/12 15:09:31 | 000,074,360 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)

SRV - [2011/04/28 21:59:37 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)

SRV - [2010/03/04 15:08:20 | 002,106,760 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)

SRV - [2010/03/04 15:08:20 | 000,099,720 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2009/02/06 00:29:54 | 000,819,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)

SRV - [2009/02/05 23:34:03 | 000,045,056 | ---- | M] (LANovation) [On_Demand | Stopped] -- C:\WINDOWS\system32\PCTKRNT.SYS -- (PictureTaker)

SRV - [2008/01/17 12:42:04 | 000,181,608 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)

SRV - [2008/01/17 12:42:04 | 000,079,208 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)

SRV - [2008/01/17 12:42:02 | 000,197,992 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)

SRV - [2007/03/28 19:41:56 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)

SRV - [2005/10/19 13:55:00 | 000,067,184 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.EXE -- (SBService)

SRV - [2005/10/19 13:54:52 | 000,046,704 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMNTOR.EXE -- (NPFMntor)

SRV - [2005/10/19 13:54:14 | 000,177,264 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe -- (navapsvc)

SRV - [2005/03/14 13:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2005/03/07 15:59:36 | 000,198,368 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVSCAN.EXE -- (SAVScan)

SRV - [2004/08/31 00:52:10 | 000,095,328 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService)

SRV - [2004/08/31 00:50:38 | 000,181,416 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service)

SRV - [2004/07/21 11:24:03 | 000,173,160 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)

SRV - [2002/05/03 13:36:24 | 001,118,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\NMSSvc.Exe -- (NMSSvc) Intel®

========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2010/11/28 11:24:03 | 000,036,928 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdk41.sys -- (PsSdk41)

DRV - [2010/09/15 13:07:08 | 000,270,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20110709.001\SymIDSCo.sys -- (SYMIDSCO)

DRV - [2010/02/14 01:25:29 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009/12/14 10:16:26 | 001,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100203.004\NAVEX15.SYS -- (NAVEX15)

DRV - [2009/12/14 10:16:26 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100203.004\NAVENG.SYS -- (NAVENG)

DRV - [2009/12/11 18:48:04 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)

DRV - [2009/02/06 00:29:54 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)

DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)

DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)

DRV - [2008/03/29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)

DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)

DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)

DRV - [2007/03/28 19:41:26 | 000,266,552 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)

DRV - [2007/03/28 19:41:24 | 000,018,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)

DRV - [2007/03/28 19:41:20 | 000,037,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)

DRV - [2007/03/28 19:41:18 | 000,047,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)

DRV - [2007/03/28 19:41:14 | 000,171,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)

DRV - [2007/03/28 19:41:12 | 000,011,480 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)

DRV - [2007/01/18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006/09/15 23:52:12 | 000,124,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)

DRV - [2005/03/07 15:59:50 | 000,050,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRTPEL.SYS -- (SAVRTPEL)

DRV - [2005/03/07 15:59:44 | 000,338,056 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRT.SYS -- (SAVRT)

DRV - [2004/08/31 00:38:36 | 000,081,748 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS -- (NPDriver)

DRV - [2004/08/31 00:23:22 | 000,090,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SdDriver.SYS -- (SDdriver)

DRV - [2004/07/21 11:24:02 | 000,341,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)

DRV - [2002/05/06 19:13:00 | 001,106,464 | ---- | M] (GTW) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GWMDM.sys -- (GTWModem)

DRV - [2002/05/03 13:36:44 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NMSCFG.SYS -- (NMSCFG)

DRV - [2002/02/28 10:18:06 | 000,991,672 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)

DRV - [2002/02/28 10:17:24 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)

DRV - [2002/02/28 10:17:14 | 000,211,724 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - [2002/02/28 10:16:58 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV - [2002/02/28 10:16:56 | 000,195,268 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

DRV - [2002/02/28 10:16:44 | 000,834,100 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative EMU10K1/EMU10K2 Audio Driver (WDM)

DRV - [2002/02/28 10:15:12 | 000,114,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)

DRV - [2001/08/17 08:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem)

DRV - [1999/12/17 02:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071301000019

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2

FF - prefs.js..extensions.enabledItems: sr-RS@dictionaries.addons.mozilla.org:0.18

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKLM\Software\MozillaPlugins\@onlive.com/OlGameDetect,version=1.1.0.69034: C:\Program Files\OnLive\FirefoxPlugin\npolgdet.dll (OnLive)

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/27 21:18:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/23 21:39:39 | 000,000,000 | ---D | M]

[2009/02/05 23:58:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

[2011/05/20 17:04:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pchp5nbj.default\extensions

[2010/04/27 21:53:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pchp5nbj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/02/12 09:10:56 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pchp5nbj.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}

[2009/11/03 21:42:08 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pchp5nbj.default\extensions\battlefieldheroespatcher@ea.com

[2011/04/21 15:06:01 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pchp5nbj.default\extensions\battlefieldplay4free@ea.com

[2009/06/02 13:38:53 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pchp5nbj.default\extensions\moveplayer@movenetworks.com

[2011/03/13 14:40:33 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pchp5nbj.default\extensions\personas@christopher.beard

[2010/02/25 03:13:59 | 000,000,000 | ---D | M] (Serbian Dictionary) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pchp5nbj.default\extensions\sr-RS@dictionaries.addons.mozilla.org

[2011/05/21 09:42:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/06/15 19:59:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/09/30 18:44:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/10/14 09:46:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/12/30 23:14:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/04/19 18:22:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

File not found (No name found) --

[2010/06/15 19:59:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/06/27 21:18:36 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll

[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/12 11:47:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [GWMDMMSG] C:\WINDOWS\GWMDMMSG.exe (GTW)

O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\Program\ADGJDet.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [PROMon.exe] C:\WINDOWS\System32\PROMon.exe (Intel Corporation)

O4 - HKLM..\Run: [symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)

O4 - HKLM..\Run: [updReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)

O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)

O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)

O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKCU..\Run: [Norton SystemWorks] C:\Program Files\Norton SystemWorks\cfgwiz.exe (Symantec Corporation)

O4 - HKCU..\Run: [steam] c:\program files\steam\steam.exe (Valve Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE (LANovation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: ([]msn in My Computer)

O16 - DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} https://am.hrblock.com/ActivexComponent/CheckFileStatus.CAB (CheckFileStatus.UserControl1)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module)

O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Desktop Background.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Desktop Background.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/04/28 21:26:24 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O32 - AutoRun File - [2009/02/05 23:26:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2002/02/22 12:35:36 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/15 08:19:37 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/07/14 07:58:55 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/07/14 07:58:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/14 07:58:51 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/07/14 07:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware2

[2011/07/12 17:33:20 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2011/07/12 11:48:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/07/12 11:12:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/07/12 11:12:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/07/12 11:12:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/07/12 11:12:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/07/12 11:11:03 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/07/12 10:20:29 | 004,149,228 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe

[2011/07/12 10:20:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\tdsskiller

[2011/07/11 15:13:32 | 001,905,664 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe

[2011/07/11 00:57:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools

[2011/07/09 23:52:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[2011/07/09 23:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/07/09 22:41:33 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\johndoe.exe

[2011/07/09 10:50:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Symantec

[2011/07/08 18:43:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Temp

[2011/07/08 18:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook

[2011/07/08 07:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2011/07/08 07:33:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes

[2011/07/08 07:32:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/06/16 10:02:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel

[2009/02/05 23:39:26 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2011/07/15 08:24:52 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job

[2011/07/15 08:22:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/07/15 08:21:13 | 000,010,588 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-0000000C-00001102-00000004-00581102}.rfx

[2011/07/15 08:21:13 | 000,010,588 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-0000000C-00001102-00000004-00581102}.rfx

[2011/07/15 08:21:13 | 000,006,456 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-0000000C-00001102-00000004-00581102}.rfx

[2011/07/15 08:21:13 | 000,006,456 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-0000000C-00001102-00000004-00581102}.rfx

[2011/07/15 00:48:05 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-2139871995-725345543-1003UA.job

[2011/07/15 00:00:00 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\Symantec Drmc.job

[2011/07/14 18:48:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-2139871995-725345543-1003Core.job

[2011/07/14 07:58:55 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/13 17:51:34 | 000,000,120 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.zip

[2011/07/13 07:52:39 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat

[2011/07/13 07:51:58 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

[2011/07/13 07:51:52 | 001,905,664 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe

[2011/07/12 17:33:15 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2011/07/12 11:47:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/07/12 08:41:48 | 004,149,228 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe

[2011/07/11 12:52:35 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job

[2011/07/09 22:41:33 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\johndoe.exe

[2011/07/09 09:06:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/07/09 00:55:39 | 000,000,548 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Owner.job

[2011/07/08 07:37:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/07/08 07:33:47 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/07/04 02:00:01 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-GATEWAY_SYSTEM-Owner.job

[2011/06/26 01:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2011/06/16 10:40:41 | 000,493,944 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/06/16 10:40:41 | 000,084,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/06/16 10:29:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2011/07/14 07:58:55 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/13 17:51:34 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.zip

[2011/07/13 07:52:02 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

[2011/07/12 11:12:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/07/12 11:12:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/07/12 11:12:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/07/12 11:12:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/07/12 11:12:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/07/11 15:17:16 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat

[2011/07/08 18:43:36 | 000,000,998 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-2139871995-725345543-1003UA.job

[2011/07/08 18:43:34 | 000,000,976 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-2139871995-725345543-1003Core.job

[2011/07/08 07:36:50 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/07/08 07:33:47 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/06/01 15:04:00 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

[2011/04/30 02:07:09 | 000,339,314 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2011/04/29 10:07:23 | 000,339,314 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1202660629-2139871995-725345543-1003-0.dat

[2011/04/28 22:01:02 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc

[2011/04/21 15:20:31 | 000,138,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2011/04/21 15:20:09 | 000,234,768 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe

[2010/11/25 00:32:09 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/11/21 19:00:55 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2010/11/21 19:00:48 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2010/11/21 19:00:48 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2010/11/20 03:16:56 | 000,156,552 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/05/03 10:21:06 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2010/03/06 20:47:21 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini

[2009/12/29 22:27:11 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2009/12/29 21:25:52 | 000,066,936 | -HS- | C] () -- C:\WINDOWS\dlinfo_0.drv

[2009/12/29 21:25:32 | 000,061,440 | ---- | C] () -- C:\WINDOWS\diabunin.exe

[2009/11/01 12:52:01 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PnkBstrK.sys

[2009/10/21 23:01:44 | 000,077,784 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2009/10/05 07:43:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\MPMapTrace.dll

[2009/10/05 07:07:52 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\mpPathan.dll

[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2009/05/05 19:07:27 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat

[2009/03/29 20:08:30 | 000,000,097 | ---- | C] () -- C:\WINDOWS\studt.ini

[2009/03/29 19:49:06 | 000,086,528 | ---- | C] () -- C:\WINDOWS\bnetunin.exe

[2009/02/24 17:04:29 | 000,000,580 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2009/02/15 17:46:18 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat

[2009/02/15 13:30:14 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2009/02/12 09:49:00 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll

[2009/02/12 09:48:54 | 000,000,162 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini

[2009/02/12 09:44:41 | 000,000,681 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini

[2009/02/12 09:36:47 | 000,105,044 | ---- | C] () -- C:\WINDOWS\HPFins09.dat

[2009/02/12 09:36:47 | 000,003,732 | ---- | C] () -- C:\WINDOWS\hpfmdl09.dat

[2009/02/10 20:06:58 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/02/07 14:15:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009/02/06 18:40:24 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009/02/06 00:25:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/02/06 00:08:58 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat

[2009/02/06 00:07:43 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-0000000C-00001102-00000004-00581102}.dat

[2009/02/06 00:07:43 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-0000000C-00001102-00000004-00581102}.dat

[2009/02/05 23:58:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/02/05 23:43:23 | 000,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL

[2009/02/05 23:43:23 | 000,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll

[2009/02/05 23:43:23 | 000,109,056 | ---- | C] () -- C:\WINDOWS\UNWISE32.EXE

[2009/02/05 23:43:23 | 000,082,864 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE

[2009/02/05 23:43:23 | 000,004,052 | ---- | C] () -- C:\WINDOWS\unwise32.ini

[2009/02/05 23:43:23 | 000,004,052 | ---- | C] () -- C:\WINDOWS\unwise.ini

[2009/02/05 23:40:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SBWIN.INI

[2009/02/05 23:39:28 | 000,034,917 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini

[2009/02/05 23:39:28 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2009/02/05 23:39:27 | 000,179,669 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat

[2009/02/05 23:39:27 | 000,163,933 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat

[2009/02/05 23:39:27 | 000,112,396 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT

[2009/02/05 23:39:27 | 000,112,296 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat

[2009/02/05 23:39:27 | 000,044,055 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat

[2009/02/05 23:39:26 | 000,176,128 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE

[2009/02/05 23:39:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE

[2009/02/05 23:39:26 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE

[2009/02/05 23:39:26 | 000,000,166 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI

[2009/02/05 23:30:13 | 000,000,208 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2009/02/05 23:30:07 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\unzdll.dll

[2009/02/05 23:28:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/02/05 23:25:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/02/05 17:21:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/02/05 17:21:15 | 000,361,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/11/05 13:42:45 | 000,062,400 | ---- | C] () -- C:\WINDOWS\System32\IFC.dll

[2008/11/05 13:41:56 | 000,422,848 | ---- | C] () -- C:\WINDOWS\System32\PPL.dll

[2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2002/03/26 10:36:48 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll

[2002/02/06 10:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll

[2001/08/05 00:00:00 | 000,000,136 | ---- | C] () -- C:\WINDOWS\winvdx.dll

[2001/07/06 17:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

[1979/12/31 19:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[1979/12/31 19:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[1979/12/31 19:00:00 | 000,493,944 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[1979/12/31 19:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[1979/12/31 19:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[1979/12/31 19:00:00 | 000,084,488 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[1979/12/31 19:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[1979/12/31 19:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[1979/12/31 19:00:00 | 000,005,114 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[1979/12/31 19:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[1979/12/31 19:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/05/12 15:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk

[2010/10/02 17:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software

[2010/02/14 01:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro

[2011/04/28 19:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dassault Systemes

[2009/11/21 17:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo

[2010/05/03 09:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

[2010/11/22 02:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy

[2009/05/05 19:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games

[2010/11/09 17:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe

[2011/04/25 17:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/04/16 17:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/09/24 19:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2011/04/21 20:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\111 Pix Ltd

[2011/05/12 15:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Autodesk

[2010/01/17 21:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Bioshock

[2009/04/14 16:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Braid

[2010/02/14 09:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Pro

[2009/03/03 15:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dev-Cpp

[2011/04/28 19:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DraftSight

[2010/05/03 10:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FreeAudioPack

[2009/12/29 20:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GameRanger

[2011/04/24 21:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IMSIDesign

[2009/04/16 08:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\McGraw-HillLicensing

[2009/11/27 22:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Microchip

[2010/05/03 09:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound

[2010/12/02 23:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OnLive App

[2009/12/06 03:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org

[2010/11/22 02:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PACE Anti-Piracy

[2009/08/29 15:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Petroglyph

[2011/04/28 20:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SmartDraw

[2010/11/22 02:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity

[2010/11/27 02:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\XLink Kai

[2011/07/14 18:48:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-2139871995-725345543-1003Core.job

[2011/07/15 00:48:05 | 000,000,998 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-2139871995-725345543-1003UA.job

[2011/07/15 08:24:52 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 500 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F34493AA

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:449B81FC

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E138854D

< End of report >

Link to post
Share on other sites

hi

Congratulations your logs appear clean :thumbsup:

Reset and Re-enable your System Restore

The following will implement some cleanup procedures as well as reset System Restore points:

  • Click START then RUN
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Combofix_uninstall_image.jpg

NEXT

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

Recommendations

See Here for a list of recommendations for free Antivirus\AntiSpyware applications.

  • Keep Your windows up to date by regularly checking their website at:
    http://windowsupdate.microsoft.com/
  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    [*]MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    [*]Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more

    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up

    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from

    Here

    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.

    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

    [*]Click Here to learn how to keep a backup of your important files

    [*]FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

Thank you :)

Link to post
Share on other sites

Hi!

I just finished cleaning my computer of the programs and I did an MBAM full scan for the hell of it and it found no infections!! :D Thank you sooooooo much for your excellent help, you have just been the best! My hats off to you sir!!

Thanks for the help,

Stipli :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.