Page 4 of 6 FirstFirst 123456 LastLast
Results 31 to 40 of 58

Thread: HJT log (Resolved)

  1. #31
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Please rename Combofix to CleanMe and try running that now.

    If it still gives problems, please run the following.

    OTScanIt

    1. Please download OTS.exe by OldTimer and save it to your desktop.
    2. Double click on OTS.exe to run it.
    3. Under Additional Scans section, put a check mark next to Reg - Uninstall List. ( you will need to scroll down)
    4. Click on the Run Scan button at the top left hand corner.
    5. OTS will start running. Once done, Notepad will open. Please post the contents of this Notepad file in your next reply.
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  2. #32
    Member
    Join Date
    Aug 2009
    Posts
    31

    Default

    cant run combofix, same blue screen

    OTS runs though. the results (its too long to post, so results will be in 2 posts)

    [code]
    OTS logfile created on: 29/08/2009 14:07:07 - Run 1
    OTS by OldTimer - Version 3.0.10.3 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.58% Memory free
    3.85 Gb Paging File | 3.51 Gb Available in Paging File | 91.25% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 179.03 Gb Free Space | 76.87% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: HOME
    Current User Name: Administrator
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: Off
    File Age = 30 Days

    [Processes - Safe List]
    bullguard.exe -> C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe -> [2009/08/23 10:38:26 | 00,304,464 | ---- | M] (BullGuard Ltd.)
    bullguardupdate.exe -> C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -> [2009/04/06 11:33:00 | 00,300,368 | ---- | M] (BullGuard Ltd.)
    dumeter.exe -> C:\Program Files\DU Meter\DUMeter.exe -> [2009/08/22 18:21:37 | 02,645,528 | ---- | M] (Hagel Technologies Ltd)
    dumetersvc.exe -> C:\Program Files\DU Meter\DUMeterSvc.exe -> [2009/08/22 18:21:37 | 01,386,008 | ---- | M] (Hagel Technologies Ltd)
    explorer.exe -> C:\WINDOWS\Explorer.EXE -> [2008/07/03 10:38:24 | 01,033,728 | ---- | M] (Microsoft Corporation)
    firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2009/07/31 00:39:42 | 00,908,280 | ---- | M] (Mozilla Corporation)
    groovemonitor.exe -> C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe -> [2006/10/27 01:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation)
    jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/05/26 18:32:10 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
    monitor.exe -> C:\WINDOWS\PixArt\PAC7302\Monitor.exe -> [2006/11/03 12:01:16 | 00,319,488 | ---- | M] (PixArt Imaging Incorporation)
    msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
    nvsvc32.exe -> C:\WINDOWS\System32\nvsvc32.exe -> [2009/02/18 15:44:00 | 00,163,908 | ---- | M] (NVIDIA Corporation)
    ots.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2009/08/28 22:53:08 | 00,514,048 | ---- | M] (OldTimer Tools)
    rapimgr.exe -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> [2006/11/13 14:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation)
    reader_sl.exe -> C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe -> [2008/10/15 01:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
    rthdcpl.exe -> C:\WINDOWS\RTHDCPL.EXE -> [2007/02/26 16:03:00 | 16,125,440 | ---- | M] (Realtek Semiconductor Corp.)
    skype.exe -> C:\Program Files\Skype\Phone\Skype.exe -> [2008/08/12 19:19:02 | 21,741,864 | R--- | M] (Skype Technologies S.A.)
    skypepm.exe -> C:\Program Files\Skype\Plugin Manager\skypePM.exe -> [2008/08/12 19:19:02 | 00,076,744 | R--- | M] (Skype Technologies)
    tomtomhomeservice.exe -> C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -> [2009/04/08 11:38:14 | 00,092,008 | ---- | M] (TomTom)
    unlockerassistant.exe -> C:\Program Files\Unlocker\UnlockerAssistant.exe -> [2008/05/02 01:15:46 | 00,015,872 | ---- | M] ()
    wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> [2006/11/13 14:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation)
    wdfmgr.exe -> C:\WINDOWS\System32\wdfmgr.exe -> [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation)
    winampa.exe -> C:\Program Files\Winamp\winampa.exe -> [2009/02/25 22:26:00 | 00,037,888 | ---- | M] ()
    wmiprvse.exe -> C:\WINDOWS\System32\wbem\wmiprvse.exe -> [2008/04/14 11:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation)

    [Win32 Services - Safe List]
    (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2005/09/23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation)
    (bglivesvc) BullGuard LiveUpdate [Win32_Own | Auto | Running] -> C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -> [2009/04/06 11:33:00 | 00,300,368 | ---- | M] (BullGuard Ltd.)
    (bgmainsvc) BullGuard Main Service [Win32_Shared | Auto | Running] -> C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -> [2009/08/23 10:38:26 | 00,079,184 | ---- | M] (BullGuard Ltd.)
    (bgrasvc) bgrasvc [Win32_Own | On_Demand | Stopped] -> C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe -> [2009/06/01 12:50:34 | 00,079,184 | ---- | M] (BullGuard Ltd.)
    (bsfilescan) BullGuard File Scan Service [Win32_Shared | Auto | Running] -> C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll -> [2009/04/06 11:32:54 | 00,132,432 | ---- | M] (BullGuard Ltd.)
    (bsfire) BullGuard Firewall Service [Win32_Shared | Auto | Running] -> C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll -> [2009/04/06 11:32:56 | 00,333,136 | ---- | M] (BullGuard Ltd.)
    (bsmailproxy) BullGuard Email Monitoring Service [Win32_Shared | Auto | Stopped] -> C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy.dll -> [2009/04/16 13:20:18 | 00,087,376 | ---- | M] (BullGuard Ltd.)
    (clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2005/09/23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation)
    (DUMeterSvc) DU Meter Service [Win32_Own | Auto | Running] -> C:\Program Files\DU Meter\DUMeterSvc.exe -> [2009/08/22 18:21:37 | 01,386,008 | ---- | M] (Hagel Technologies Ltd)
    (helpsvc) Help and Support [Win32_Shared | Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/14 11:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation)
    (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation)
    (JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/05/26 18:32:10 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
    (Microsoft Office Groove Audit Service) Microsoft Office Groove Audit Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -> [2006/10/27 01:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation)
    (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\nvsvc32.exe -> [2009/02/18 15:44:00 | 00,163,908 | ---- | M] (NVIDIA Corporation)
    (odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2006/10/26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation)
    (ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
    (Roxio UPnP Renderer 9) Roxio UPnP Renderer 9 [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -> [2007/04/22 21:29:34 | 00,088,824 | ---- | M] (Sonic Solutions)
    (Roxio Upnp Server 9) Roxio Upnp Server 9 [Win32_Own | Auto | Stopped] -> C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -> [2007/04/22 21:29:32 | 00,359,160 | ---- | M] (Sonic Solutions)
    (RoxLiveShare9) LiveShare P2P Server 9 [Win32_Own | Auto | Stopped] -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -> [2007/04/23 12:43:54 | 00,310,008 | ---- | M] (Sonic Solutions)
    (RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> [2007/04/23 12:43:46 | 01,010,424 | ---- | M] (Sonic Solutions)
    (RoxWatch9) Roxio Hard Drive Watcher 9 [Win32_Own | Auto | Stopped] -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> [2007/04/23 12:43:54 | 00,166,648 | ---- | M] (Sonic Solutions)
    (TomTomHOMEService) TomTomHOMEService [Win32_Own | Auto | Running] -> C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -> [2009/04/08 11:38:14 | 00,092,008 | ---- | M] (TomTom)
    (UMWdf) Windows User Mode Driver Framework [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\wdfmgr.exe -> [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation)

    [Driver Services - Safe List]
    (57852f5b) 57852f5b [Kernel | System | Stopped] -> C:\WINDOWS\System32\drivers\57852f5b.sys -> [2009/08/27 19:53:30 | 00,000,000 | ---- | M] ()
    (afw) Agnitum firewall driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\afw.sys -> [2009/03/23 13:07:16 | 00,031,128 | R--- | M] (Agnitum Ltd.)
    (afwcore) afwcore [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\afwcore.sys -> [2009/03/23 13:07:16 | 00,257,304 | ---- | M] (Agnitum Ltd.)
    (Aspi32) Aspi32 [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\aspi32.sys -> [2006/02/25 15:13:06 | 00,016,877 | ---- | M] (Adaptec)
    (bdfilespy) BullGuard File Monitor Driver [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\BdFileSpy.sys -> [2009/01/23 14:48:56 | 00,055,504 | ---- | M] (BullGuard Ltd.)
    (DgiVecp) DgiVecp [Kernel | Auto | Running] -> C:\WINDOWS\System32\Drivers\DgiVecp.sys -> [2007/02/24 00:18:34 | 00,041,984 | ---- | M] (Samsung Electronics Co., Ltd.)
    (giveio) giveio [Kernel | Boot | Running] -> C:\WINDOWS\system32\giveio.sys -> [1996/04/03 20:33:26 | 00,005,248 | ---- | M] ()
    (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -> [2008/04/14 11:00:00 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
    (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\RtkHDAud.sys -> [2007/03/01 18:27:00 | 04,484,608 | ---- | M] (Realtek Semiconductor Corp.)
    (nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -> [2009/02/18 15:44:00 | 06,308,224 | ---- | M] (NVIDIA Corporation)
    (NVENETFD) NVIDIA nForce 10/100 Mbps Ethernet [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -> [2008/12/30 12:29:33 | 00,054,784 | ---- | M] (NVIDIA Corporation)
    (nvgts) nvgts [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\nvgts.sys -> [2008/12/30 12:14:40 | 00,145,952 | ---- | M] (NVIDIA Corporation)
    (nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -> [2008/12/30 12:29:33 | 00,022,016 | ---- | M] (NVIDIA Corporation)
    (PAC7302) PAC7302 VGA USB Camera [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\PAC7302.SYS -> [2007/06/14 16:29:08 | 00,457,856 | ---- | M] (PixArt Imaging Inc.)
    (Pnp680r) Silicon Image SiI 0680 Medley Raid Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\pnp680r.sys -> [2002/05/31 17:35:02 | 00,076,976 | ---- | M] (Silicon Image, Inc)
    (profos) profos [Kernel | On_Demand | Stopped] -> C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys -> [2009/08/23 10:38:27 | 00,014,720 | ---- | M] (BitDefender S.R.L.)
    (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ptilink.sys -> [2008/04/14 11:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
    (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2008/08/20 18:58:58 | 00,044,944 | ---- | M] (Sonic Solutions)
    (RimUsb) BlackBerry Device [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\RimUsb.sys -> [2006/11/07 20:02:04 | 00,022,272 | ---- | M] (Research In Motion Limited)
    (RimVSerPort) RIM Virtual Serial Port v2 [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\RimSerial.sys -> [2007/01/18 11:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd)
    (ROOTMODEM) Microsoft Legacy Modem Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\RootMdm.sys -> [2008/04/14 11:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation)
    (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\secdrv.sys -> [2008/04/14 11:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    (speedfan) speedfan [Kernel | Boot | Running] -> C:\WINDOWS\system32\speedfan.sys -> [2006/09/24 14:28:46 | 00,005,248 | ---- | M] (Windows (R) 2000 DDK provider)
    (SysProtDrv.sys) SysProtDrv.sys [Kernel | On_Demand | Stopped] -> C:\Documents and Settings\Administrator\Desktop\temp downloaded stuff\SysProt\SysProt\SysProtDrv.sys -> [2009/08/28 18:32:21 | 00,044,288 | ---- | M] ()
    (trufos) trufos [Kernel | On_Demand | Stopped] -> C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\trufos.sys -> [2009/08/23 10:38:27 | 00,039,808 | ---- | M] (BitDefender S.R.L.)
    (usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\usbaudio.sys -> [2008/04/14 01:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation)
    (wceusbsh) Windows CE USB Serial Host Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wceusbsh.sys -> [2006/11/06 19:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation)

    [Registry - Safe List]
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
    HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
    HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
    HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
    HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
    HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
    < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
    HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
    HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com/ ->
    HKEY_CURRENT_USER\: SearchURL\\"provider" -> ->
    HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
    < FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\b1seu9e4.default\prefs.js ->
    browser.search.selectedEngine -> "Answers.com" ->
    extensions.enabledItems -> {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 ->
    extensions.enabledItems -> jqs@sun.com:1.0 ->
    extensions.enabledItems -> {FDE180A3-C4F5-4D5A-B889-16C2669E1E61}:1.0 ->
    extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2 ->
    < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
    HKLM\software\mozilla\Firefox\extensions -> ->
    HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com -> C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/05/26 18:32:10 | 00,000,000 | ---D | M]
    HKLM\software\mozilla\Firefox\extensions\\{FDE180A3-C4F5-4D5A-B889-16C2669E1E61} -> C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\{FDE180A3-C4F5-4D5A-B889-16C2669E1E61} [C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\{FDE180A3-C4F5-4D5A-B889-16C2669E1E61}] -> [2009/08/22 18:49:56 | 00,000,000 | ---D | M]
    HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\PROGRAM FILES\AVG\AVG8\FIREFOX ->
    HKLM\software\mozilla\mozilla firefox 3.5.2\extensions -> ->
    HKLM\software\mozilla\mozilla firefox 3.5.2\extensions\\Components -> C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/08/24 21:45:18 | 00,000,000 | ---D | M]
    HKLM\software\mozilla\mozilla firefox 3.5.2\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/08/24 21:45:18 | 00,000,000 | ---D | M]
    < FireFox Extensions [User Folders] > ->
    -> C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions -> [2009/03/07 18:01:40 | 00,000,000 | ---D | M]
    -> C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009/03/07 18:01:40 | 00,000,000 | ---D | M]
    -> C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\home2@tomtom.com -> [2009/03/07 18:01:40 | 00,000,000 | ---D | M]
    -> C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\b1seu9e4.default\extensions -> [2009/08/24 21:45:23 | 00,101,571 | ---- | M] ()
    < FireFox Extensions [Program Folders] > ->
    -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions -> [2009/07/31 00:39:42 | 10,728,440 | ---- | M] (Mozilla Foundation)
    -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/07/31 00:39:42 | 10,728,440 | ---- | M] (Mozilla Foundation)
    -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -> [2009/07/31 00:39:42 | 10,728,440 | ---- | M] (Mozilla Foundation)
    < FireFox Components [Program Folders] > ->
    C:\PROGRAM FILES\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\components -> [2009/08/24 21:45:18 | 00,000,000 | ---D | M]
    browserdirprovider.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/07/31 00:39:43 | 00,023,544 | ---- | M] (Mozilla Foundation)
    brwsrcmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/07/31 00:39:43 | 00,137,208 | ---- | M] (Mozilla Foundation)
    < FireFox Plugins [Program Folders] > ->
    C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins -> [2009/08/24 21:45:18 | 00,000,000 | ---D | M]
    npdeploytk.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdeploytk.dll -> [2009/05/26 18:32:10 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.)
    npnul32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/07/31 00:39:43 | 00,065,016 | ---- | M] (mozilla.org)
    NPOFF12.DLL -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\NPOFF12.DLL -> [2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation)
    nppdf32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nppdf32.dll -> [2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.)
    < FireFox SearchPlugins [Program Folders] > ->
    C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins -> [2009/08/24 21:45:18 | 00,000,000 | ---D | M]
    amazon-en-GB.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\amazon-en-GB.xml -> [2009/07/30 23:24:36 | 00,001,538 | ---- | M] ()
    answers.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\answers.xml -> [2009/07/31 00:39:40 | 00,002,193 | ---- | M] ()
    chambers-en-GB.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\chambers-en-GB.xml -> [2009/07/30 23:24:36 | 00,000,947 | ---- | M] ()
    creativecommons.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2009/07/31 00:39:40 | 00,001,534 | ---- | M] ()
    eBay-en-GB.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\eBay-en-GB.xml -> [2009/07/30 23:24:36 | 00,000,769 | ---- | M] ()
    google.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\google.xml -> [2009/07/31 00:39:40 | 00,002,371 | ---- | M] ()
    wikipedia.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2009/07/31 00:39:40 | 00,001,178 | ---- | M] ()
    yahoo-en-GB.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\yahoo-en-GB.xml -> [2009/07/30 23:24:36 | 00,000,831 | ---- | M] ()
    Hosts file not found -> ->
    < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
    "{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Ask.com Toolbar] -> [2009/04/02 19:50:28 | 00,809,864 | ---- | M] (Ask.com)
    < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
    WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Ask.com Toolbar] -> [2009/04/02 19:50:28 | 00,809,864 | ---- | M] (Ask.com)
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    "Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008/10/15 01:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
    "Alcmtr" -> C:\WINDOWS\Alcmtr.exe [ALCMTR.EXE] -> [2005/05/03 19:43:00 | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.)
    "avast!" -> C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> File not found
    "AVG8_TRAY" -> C:\PROGRA~1\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> File not found
    "BullGuard" -> C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe ["C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot] -> [2009/08/23 10:38:26 | 00,304,464 | ---- | M] (BullGuard Ltd.)
    "GrooveMonitor" -> C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe ["C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"] -> [2006/10/27 01:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation)
    "NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2009/02/18 15:44:00 | 13,680,640 | ---- | M] (NVIDIA Corporation)
    "NvMediaCenter" -> C:\WINDOWS\System32\NvMcTray.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2009/02/18 15:44:00 | 00,086,016 | ---- | M] (NVIDIA Corporation)
    "PAC7302_Monitor" -> C:\WINDOWS\PixArt\PAC7302\Monitor.exe [C:\WINDOWS\PixArt\PAC7302\Monitor.exe] -> [2006/11/03 12:01:16 | 00,319,488 | ---- | M] (PixArt Imaging Incorporation)
    "RoxWatchTray" -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe ["C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"] -> [2007/04/23 12:43:50 | 00,228,088 | ---- | M] (Sonic Solutions)
    "RTHDCPL" -> C:\WINDOWS\RTHDCPL.exe [RTHDCPL.EXE] -> [2007/02/26 16:03:00 | 16,125,440 | ---- | M] (Realtek Semiconductor Corp.)
    "SkyTel" -> C:\WINDOWS\SkyTel.exe [SkyTel.EXE] -> [2006/05/16 19:04:00 | 02,879,488 | ---- | M] (Realtek Semiconductor Corp.)
    "UnlockerAssistant" -> C:\Program Files\Unlocker\UnlockerAssistant.exe [C:\Program Files\Unlocker\UnlockerAssistant.exe -H] -> [2008/05/02 01:15:46 | 00,015,872 | ---- | M] ()
    "WinampAgent" -> C:\Program Files\Winamp\winampa.exe ["C:\Program Files\Winamp\winampa.exe"] -> [2009/02/25 22:26:00 | 00,037,888 | ---- | M] ()
    < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    "BullGuard" -> C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe ["C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"] -> [2009/08/23 10:38:26 | 00,304,464 | ---- | M] (BullGuard Ltd.)
    "DU Meter" -> C:\Program Files\DU Meter\DUMeter.exe [C:\Program Files\DU Meter\DUMeter.exe] -> [2009/08/22 18:21:37 | 02,645,528 | ---- | M] (Hagel Technologies Ltd)
    "H/PC Connection Agent" -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe ["C:\Program Files\Microsoft ActiveSync\wcescomm.exe"] -> [2006/11/13 14:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation)
    "msnmsgr" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
    "Skype" -> C:\Program Files\Skype\Phone\Skype.exe ["C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> [2008/08/12 19:19:02 | 21,741,864 | R--- | M] (Skype Technologies S.A.)
    < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
    < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
    < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
    HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer
    \\"Windows Update Menu Text" -> [Microsoft Update] -> File not found
    < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"HonorAutoRunSetting" -> [1] -> File not found
    \\"NoDesktopCleanupWizard" -> [1] -> File not found
    \\"NoCDBurning" -> [0] -> File not found
    \\"NoDriveAutoRun" -> [67108863] -> File not found
    \\"NoDriveTypeAutoRun" -> [323] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    \\"dontdisplaylastusername" -> [0] -> File not found
    \\"legalnoticecaption" -> [] -> File not found
    \\"legalnoticetext" -> [] -> File not found
    \\"shutdownwithoutlogon" -> [1] -> File not found
    \\"undockwithoutlogon" -> [1] -> File not found
    \\"DisableStatusMessages" -> [0] -> File not found
    \\"VerboseStatus" -> [0] -> File not found
    < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" -> [323] -> File not found
    \\"NoResolveTrack" -> [1] -> File not found
    \\"LinkResolveIgnoreLinkInfo" -> [1] -> File not found
    \\"NoResolveSearch" -> [1] -> File not found
    \\"NoLowDiskSpaceChecks" -> [1] -> File not found
    \\"NoInstrumentation" -> [1] -> File not found
    \\"NoStartMenuMFUprogramsList" -> [1] -> File not found
    \\"ClearRecentDocsOnExit" -> [1] -> File not found
    \\"NoFolderOptions" -> [0] -> File not found
    \\"NoDriveAutoRun" -> [67108863] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    \\"DisableRegistryTools" -> [0] -> File not found
    < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
    E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000] -> [2006/10/27 16:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
    {dfb852a3-47f8-48c4-a200-58cab36fd2a2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search && Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
    < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
    CmdMapping\\"{2670000A-7350-4f3c-8081-5663EE0C6C49}" [HKLM] -> [Reg Error: Key error.] -> File not found
    CmdMapping\\"{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}" [HKLM] -> [Reg Error: Key error.] -> File not found
    CmdMapping\\"{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}" [HKLM] -> [Reg Error: Key error.] -> File not found
    CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> [Reg Error: Key error.] -> File not found
    CmdMapping\\"{dfb852a3-47f8-48c4-a200-58cab36fd2a2}" [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
    CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> [Reg Error: Key error.] -> File not found
    CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key error.] -> File not found
    < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
    PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
    PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
    < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
    1 domain(s) and sub-domain(s) not assigned to a zone.
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
    < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
    < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
    {1E54D648-B804-468d-BC78-4AFFED8E262E} [HKLM] -> http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab [System Requirements Lab Class] ->
    {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
    {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
    DhcpNameServer -> 194.168.4.100 194.168.8.100 ->
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
    {C1AB0E24-EBEF-4145-AFB1-CD3C7E046FEA}\\DhcpNameServer -> 194.168.4.100 194.168.8.100 (NVIDIA nForce 10/100 Mbps Ethernet ) ->
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
    Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/07/03 10:38:24 | 01,033,728 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> ->
    < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
    avgrsstarter -> -> File not found
    < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2006/10/27 01:48:42 | 02,210,608 | ---- | M] (Microsoft Corporation)
    < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
    "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/14 11:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 11:00:00 | 00,141,312 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> [2006/11/13 14:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> [2006/11/13 14:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> [2006/11/13 14:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
    < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
    "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/14 11:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 11:00:00 | 00,141,312 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> [2006/11/13 14:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> [2006/11/13 14:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> [2006/11/13 14:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> [2006/10/27 16:37:44 | 00,338,216 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> [2006/10/27 16:03:04 | 01,018,664 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> [2006/10/27 16:16:48 | 12,813,096 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2008/08/12 19:19:02 | 21,741,864 | R--- | M] (Skype Technologies S.A.)
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
    < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
    "AlternateShell" -> cmd.exe ->
    < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
    "AutoRun" -> 1 ->
    "DisplayName" -> CD-ROM Driver ->
    "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
    < Drives with AutoRun files > -> ->
    C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2009/03/04 22:02:01 | 00,000,000 | ---- | M] ()
    < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
    \{b5b1da9e-3d86-11de-957b-001bfc4adb54}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5b1da9e-3d86-11de-957b-001bfc4adb54}\Shell\AutoRun\command
    \{b5b1da9e-3d86-11de-957b-001bfc4adb54}\Shell\AutoRun\command\\"" -> K:\InstallTomTomHOME.exe [K:\InstallTomTomHOME.exe] -> File not found

    [Registry - Additional Scans - Safe List]
    < Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
    {0AAA9C97-74D4-47CE-B089-0B147EF3553C} -> Windows Live Messenger
    {205C6BDD-7B73-42DE-8505-9A093F35A238} -> Windows Live Upload Tool
    {2184D9EA-4E5B-43FD-914E-4563CF028C94} -> MetalGearSolid2 Substance
    {22B775E7-6C42-4FC5-8E10-9A5E3257BD94} -> MSVCRT
    {26A24AE4-039D-4CA4-87B4-2F83216013FF} -> Java(TM) 6 Update 13
    {350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
    {3B4E636E-9D65-4D67-BA61-189800823F52} -> Windows Live Communications Platform
    {45338B07-A236-4270-9A77-EBB4115517B5} -> Windows Live Sign-in Assistant
    {4B35F00C-E63D-40DC-9839-DF15A33EAC46} -> Grand Theft Auto Vice City
    {4F6F5C1E-F109-4A58-8F43-9A1039CDAFC9} -> Zumtobel - Product Explorer 6.0
    {56582EEA-3AEF-4D84-8B9D-C87A3CD9250F} -> GetDataBack for NTFS
    {5C57D058-8EEE-4C8D-81A9-1D8D11F4A48F} -> Crystal reports 9.0 for Contractor Pro
    {5C82DAE5-6EB0-4374-9254-BE3319BA4E82} -> Skype™ 3.8
    {60C18308-6FD1-47AF-8185-B4AFEF2E24EF} -> Contractor Pro
    {66D171AA-670F-4309-9C74-5BA7F7DBA0B3} -> Roxio Media Manager
    {67E4EE98-59F4-4220-89A6-A20AF5BEC689} -> Microsoft AutoRoute 2005
    {6B2C675E-8040-431B-99C4-137DF4FBF75A} -> Thermal Analysis Tool
    {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} -> Microsoft .NET Framework 2.0
    {7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable
    {86D4B82A-ABED-442A-BE86-96357B70F4FE} -> Ask Toolbar
    {8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533} -> TomTom HOME Visual Studio Merge Modules
    {8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} -> Choice Guard
    {90120000-0010-0409-0000-0000000FF1CE} -> Microsoft Software Update for Web Folders (English) 12
    {90120000-0015-0409-0000-0000000FF1CE} -> Microsoft Office Access MUI (English) 2007
    {90120000-0016-0409-0000-0000000FF1CE} -> Microsoft Office Excel MUI (English) 2007
    {90120000-0018-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint MUI (English) 2007
    {90120000-0019-0409-0000-0000000FF1CE} -> Microsoft Office Publisher MUI (English) 2007
    {90120000-001A-0409-0000-0000000FF1CE} -> Microsoft Office Outlook MUI (English) 2007
    {90120000-001B-0409-0000-0000000FF1CE} -> Microsoft Office Word MUI (English) 2007
    {90120000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof (English) 2007
    {90120000-001F-040C-0000-0000000FF1CE} -> Microsoft Office Proof (French) 2007
    {90120000-001F-0C0A-0000-0000000FF1CE} -> Microsoft Office Proof (Spanish) 2007
    {90120000-002C-0409-0000-0000000FF1CE} -> Microsoft Office Proofing (English) 2007
    {90120000-0030-0000-0000-0000000FF1CE} -> Microsoft Office Enterprise 2007
    {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663} ->
    {90120000-0044-0409-0000-0000000FF1CE} -> Microsoft Office InfoPath MUI (English) 2007
    {90120000-006E-0409-0000-0000000FF1CE} -> Microsoft Office Shared MUI (English) 2007
    {90120000-00A1-0409-0000-0000000FF1CE} -> Microsoft Office OneNote MUI (English) 2007
    {90120000-00BA-0409-0000-0000000FF1CE} -> Microsoft Office Groove MUI (English) 2007
    {90120000-0114-0409-0000-0000000FF1CE} -> Microsoft Office Groove Setup Metadata MUI (English) 2007
    {90120000-0115-0409-0000-0000000FF1CE} -> Microsoft Office Shared Setup Metadata MUI (English) 2007
    {90120000-0117-0409-0000-0000000FF1CE} -> Microsoft Office Access Setup Metadata MUI (English) 2007
    {95120000-00B9-0409-0000-0000000FF1CE} -> Microsoft Application Error Reporting
    {98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D} -> BlackBerry Desktop Software 4.2.2
    {99052DB7-9592-4522-A558-5417BBAD48EE} -> Microsoft ActiveSync
    {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} -> Segoe UI
    {AC76BA86-7AD7-1033-7B44-A81300000003} -> Adobe Reader 8.1.3
    {b4092c6d-e886-4cb2-ba68-fe5a88d31de6}_is1 -> Spybot - Search & Destroy
    {B8EE8264-238C-430A-9D5F-DB9139B09364} -> Thorn - Product Explorer 6.0
    {BC35DF5E-7682-40F9-8FF0-737D8C568F7D} -> Philips Product Selector 1.0.2
    {C6CA8874-5F22-4AF0-9BE3-016BF299C536} -> Windows Live Essentials
    {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1
    {CC411126-8CDE-4B7C-950F-4197C931B0C8} -> ML-1510_700 Series
    {D417C96A-FCC7-4590-A1BB-FAF73F5BC98E} -> GTA San Andreas
    {DF9A6075-9308-4572-8932-A4316243C4D9} -> Brother P-touch Editor 5.0
    {E670CC9A-7CD2-4BB8-9485-6324EFAC137C} -> PhotoLux
    {E6B87DC4-2B3D-4483-ADFF-E483BF718991} -> OpenOffice.org 3.1
    {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} -> Realtek High Definition Audio Driver
    {F6BD194C-4190-4D73-B1B1-C48C99921BFE} -> Windows Live Call
    32fsu32_is1 -> File Scavenger 3.2 (English)
    Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin
    age of empires 2.0 -> Microsoft Age of Empires II
    Audacity 1.3 Beta (Unicode)_is1 -> Audacity 1.3.3 (Unicode)
    BitLord -> BitLord 1.1
    BlackBerry_{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D} -> BlackBerry Desktop Software 4.2.2
    BullGuard -> BullGuard 8.5
    Cable-Mate 3.3 -> Cable-Mate 3.3
    ccleaner -> CCleaner (remove only)
    Clik 3 -> Clik 3
    DUMeter3_is1 -> DU Meter
    EAGLE 5.6.0 -> EAGLE 5.6.0
    EasyCert -> EasyCert
    ENTERPRISE -> Microsoft Office Enterprise 2007
    FileZilla Client -> FileZilla Client 3.2.6
    hijackthis -> HijackThis 2.0.2
    InstallShield_{BC35DF5E-7682-40F9-8FF0-737D8C568F7D} -> Philips Product Selector 1.0.2
    InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9} -> Brother P-touch Editor 5.0
    LAME for Audacity_is1 -> LAME v3.98.2 for Audacity
    Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 -> Microsoft .NET Framework 2.0
    mozilla firefox (3.5.2) -> Mozilla Firefox (3.5.2)
    NVIDIA Drivers -> NVIDIA Drivers
    PDF Editor 2 -> PDF Editor 2
    PrimoPDF4.1.0.9 -> PrimoPDF
    Samsung CLX-216x Series -> Samsung CLX-216x Series
    SpeedFan -> SpeedFan (remove only)
    SystemRequirementsLab -> System Requirements Lab
    TomTom HOME -> TomTom HOME 2.6.2.1586
    Tysoft PDF_is1 -> Tysoft PDF (novaPDF 6.2 printer)
    Winamp -> Winamp
    Windows Media Format Runtime -> Windows Media Format Runtime
    WinLiveSuite_Wave3 -> Windows Live Essentials
    WinRAR archiver -> WinRAR archiver

  3. #33
    Member
    Join Date
    Aug 2009
    Posts
    31

    Default

    Part 2 of OTS log


    [Files/Folders - Created Within 30 Days]
    1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
    3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
    1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp ->
    CleanMe -> C:\CleanMe -> [2009/08/29 14:02:54 | 00,000,000 | --SD | C]
    CF17295.exe -> C:\WINDOWS\System32\CF17295.exe -> [2009/08/29 14:02:53 | 00,389,120 | ---- | C] (Microsoft Corporation)
    CF17149.exe -> C:\WINDOWS\System32\CF17149.exe -> [2009/08/29 14:02:08 | 00,389,120 | ---- | C] (Microsoft Corporation)
    Recent -> C:\Documents and Settings\Administrator\Recent -> [2009/08/29 13:00:26 | 00,000,000 | RH-D | C]
    hiberfil.sys -> C:\hiberfil.sys -> [2009/08/29 11:51:43 | 21,468,16000 | -HS- | C] ()
    OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2009/08/28 22:53:07 | 00,514,048 | ---- | C] (OldTimer Tools)
    Bookmarks 2009-08-28.json -> C:\Documents and Settings\Administrator\Desktop\Bookmarks 2009-08-28.json -> [2009/08/28 22:32:02 | 00,073,761 | ---- | C] ()
    ComboFix -> C:\ComboFix -> [2009/08/28 18:13:35 | 00,000,000 | --SD | C]
    CF13640.exe -> C:\WINDOWS\System32\CF13640.exe -> [2009/08/28 18:13:34 | 00,389,120 | ---- | C] (Microsoft Corporation)
    CF12990.exe -> C:\WINDOWS\System32\CF12990.exe -> [2009/08/28 18:10:07 | 00,389,120 | ---- | C] (Microsoft Corporation)
    CleanMe.exe -> C:\Documents and Settings\Administrator\Desktop\CleanMe.exe -> [2009/08/28 18:09:07 | 03,188,248 | R--- | C] ()
    CF14402.exe -> C:\WINDOWS\System32\CF14402.exe -> [2009/08/28 15:30:11 | 00,389,120 | ---- | C] (Microsoft Corporation)
    CF14225.exe -> C:\WINDOWS\System32\CF14225.exe -> [2009/08/28 15:29:18 | 00,389,120 | ---- | C] (Microsoft Corporation)
    CF13416.exe -> C:\WINDOWS\System32\CF13416.exe -> [2009/08/28 15:25:11 | 00,389,120 | ---- | C] (Microsoft Corporation)
    Malwarebytes -> C:\Documents and Settings\Administrator\Application Data\Malwarebytes -> [2009/08/27 22:11:23 | 00,000,000 | ---D | C]
    malware.lnk -> C:\Documents and Settings\All Users\Desktop\malware.lnk -> [2009/08/27 22:11:22 | 00,000,696 | ---- | C] ()
    mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/08/27 22:11:19 | 00,038,160 | ---- | C] (Malwarebytes Corporation)
    mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/08/27 22:11:18 | 00,019,096 | ---- | C] (Malwarebytes Corporation)
    Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/08/27 22:11:18 | 00,000,000 | ---D | C]
    Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2009/08/27 22:11:18 | 00,000,000 | ---D | C]
    CF5798.exe -> C:\WINDOWS\System32\CF5798.exe -> [2009/08/27 22:02:52 | 00,389,120 | ---- | C] (Microsoft Corporation)
    Boot.bak -> C:\Boot.bak -> [2009/08/27 21:58:14 | 00,000,232 | ---- | C] ()
    cmldr -> C:\cmldr -> [2009/08/27 21:58:09 | 00,260,272 | ---- | C] ()
    cmdcons -> C:\cmdcons -> [2009/08/27 21:58:08 | 00,000,000 | RHSD | C]
    PEV.exe -> C:\WINDOWS\PEV.exe -> [2009/08/27 21:57:06 | 00,229,376 | ---- | C] ()
    SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2009/08/27 21:57:06 | 00,212,480 | ---- | C] (SteelWerX)
    SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2009/08/27 21:57:06 | 00,161,792 | ---- | C] (SteelWerX)
    SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2009/08/27 21:57:06 | 00,136,704 | ---- | C] (SteelWerX)
    sed.exe -> C:\WINDOWS\sed.exe -> [2009/08/27 21:57:06 | 00,098,816 | ---- | C] ()
    grep.exe -> C:\WINDOWS\grep.exe -> [2009/08/27 21:57:06 | 00,080,412 | ---- | C] ()
    zip.exe -> C:\WINDOWS\zip.exe -> [2009/08/27 21:57:06 | 00,068,096 | ---- | C] ()
    NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2009/08/27 21:57:06 | 00,031,232 | ---- | C] (NirSoft)
    ERDNT -> C:\WINDOWS\ERDNT -> [2009/08/27 21:56:49 | 00,000,000 | ---D | C]
    CF4609.exe -> C:\WINDOWS\System32\CF4609.exe -> [2009/08/27 21:56:47 | 00,389,120 | ---- | C] (Microsoft Corporation)
    Qoobox -> C:\Qoobox -> [2009/08/27 21:56:40 | 00,000,000 | ---D | C]
    rsit -> C:\rsit -> [2009/08/27 19:37:50 | 00,000,000 | ---D | C]
    HijackThis.lnk -> C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk -> [2009/08/25 12:36:27 | 00,001,734 | ---- | C] ()
    Trend Micro -> C:\Program Files\Trend Micro -> [2009/08/25 12:36:27 | 00,000,000 | ---D | C]
    Mozilla Firefox.lnk -> C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk -> [2009/08/24 21:45:19 | 00,001,602 | ---- | C] ()
    bookmarkbackups -> C:\Documents and Settings\Administrator\Desktop\bookmarkbackups -> [2009/08/24 21:40:21 | 00,000,000 | ---D | C]
    Bookmarks 2009-08-24.json -> C:\Documents and Settings\Administrator\Desktop\Bookmarks 2009-08-24.json -> [2009/08/24 21:39:31 | 00,074,646 | ---- | C] ()
    CCleaner.lnk -> C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk -> [2009/08/23 23:07:51 | 00,001,548 | ---- | C] ()
    CCleaner -> C:\Program Files\CCleaner -> [2009/08/23 23:07:51 | 00,000,000 | ---D | C]
    wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/08/23 22:18:18 | 00,002,334 | ---- | C] ()
    Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk -> [2009/08/23 22:06:38 | 00,000,933 | ---- | C] ()
    Spybot - Search & Destroy -> C:\Program Files\Spybot - Search & Destroy -> [2009/08/23 22:06:35 | 00,000,000 | ---D | C]
    Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy -> [2009/08/23 22:06:35 | 00,000,000 | ---D | C]
    Age of Empires II.lnk -> C:\Documents and Settings\Administrator\Desktop\Age of Empires II.lnk -> [2009/08/23 17:24:34 | 00,001,819 | ---- | C] ()
    Microsoft Games -> C:\Program Files\Microsoft Games -> [2009/08/23 17:22:51 | 00,000,000 | ---D | C]
    Your Company Name -> C:\Program Files\Your Company Name -> [2009/08/23 16:57:38 | 00,000,000 | ---D | C]
    ntuser.pol -> C:\Documents and Settings\Administrator\ntuser.pol -> [2009/08/23 13:47:36 | 00,000,452 | RHS- | C] ()
    GroupPolicy -> C:\WINDOWS\System32\GroupPolicy -> [2009/08/23 13:46:49 | 00,000,000 | -H-D | C]
    pss -> C:\WINDOWS\pss -> [2009/08/23 10:09:31 | 00,000,000 | ---D | C]
    BullGuard -> C:\Documents and Settings\All Users\Application Data\BullGuard -> [2009/08/22 20:27:31 | 00,000,000 | ---D | C]
    BullGuard -> C:\Documents and Settings\Administrator\Application Data\BullGuard -> [2009/08/22 20:27:29 | 00,000,000 | ---D | C]
    BullGuard.lnk -> C:\Documents and Settings\All Users\Desktop\BullGuard.lnk -> [2009/08/22 20:27:23 | 00,000,838 | ---- | C] ()
    Alwil Software -> C:\Program Files\Alwil Software -> [2009/08/22 19:34:53 | 00,000,000 | ---D | C]
    AVG -> C:\Program Files\AVG -> [2009/08/22 18:53:25 | 00,000,000 | ---D | C]
    Snuhacokuvomuy.dat -> C:\WINDOWS\Snuhacokuvomuy.dat -> [2009/08/22 18:49:57 | 00,000,120 | ---- | C] ()
    {FDE180A3-C4F5-4D5A-B889-16C2669E1E61} -> C:\Documents and Settings\Administrator\Local Settings\Application Data\{FDE180A3-C4F5-4D5A-B889-16C2669E1E61} -> [2009/08/22 18:49:56 | 00,000,000 | ---D | C]
    57852f5b.sys -> C:\WINDOWS\System32\drivers\57852f5b.sys -> [2009/08/22 18:46:16 | 00,000,000 | ---- | C] ()
    E88D4.exe -> C:\WINDOWS\E88D4.exe -> [2009/08/22 18:30:48 | 00,005,095 | -HS- | C] ()
    Hagel Technologies -> C:\Documents and Settings\All Users\Application Data\Hagel Technologies -> [2009/08/22 18:21:58 | 00,000,000 | ---D | C]
    DU Meter -> C:\Program Files\DU Meter -> [2009/08/22 18:21:56 | 00,000,000 | ---D | C]
    METAL GEAR SOLID2 SUBSTANCE.lnk -> C:\Documents and Settings\All Users\Desktop\METAL GEAR SOLID2 SUBSTANCE.lnk -> [2009/08/22 18:11:41 | 00,000,972 | ---- | C] ()
    KONAMI -> C:\Program Files\KONAMI -> [2009/08/22 18:04:28 | 00,000,000 | ---D | C]
    Microsoft AutoRoute.lnk -> C:\Documents and Settings\Administrator\Desktop\Microsoft AutoRoute.lnk -> [2009/08/03 22:39:07 | 00,002,399 | ---- | C] ()
    Microsoft AutoRoute -> C:\Program Files\Microsoft AutoRoute -> [2009/08/03 19:56:22 | 00,000,000 | ---D | C]
    AskToolbar -> C:\Documents and Settings\Administrator\Local Settings\Application Data\AskToolbar -> [2009/08/01 19:21:38 | 00,000,000 | ---D | C]
    Backup - Clik Service.lnk -> C:\Documents and Settings\Administrator\Desktop\Backup - Clik Service.lnk -> [2009/08/01 16:47:59 | 00,001,589 | ---- | C] ()
    Clik Service.lnk -> C:\Documents and Settings\Administrator\Desktop\Clik Service.lnk -> [2009/08/01 16:47:59 | 00,001,577 | ---- | C] ()
    SdoEng100.dll -> C:\WINDOWS\System32\SdoEng100.dll -> [2009/08/01 16:47:50 | 00,532,480 | ---- | C] (Sage (UK) Limited)
    SdoEng90.dll -> C:\WINDOWS\System32\SdoEng90.dll -> [2009/08/01 16:47:50 | 00,507,904 | ---- | C] (Sage (UK) Limited)
    SdoEng80.dll -> C:\WINDOWS\System32\SdoEng80.dll -> [2009/08/01 16:47:50 | 00,471,040 | ---- | C] (Sage (UK) Limited)
    SdoEng70.dll -> C:\WINDOWS\System32\SdoEng70.dll -> [2009/08/01 16:47:50 | 00,454,656 | ---- | C] (The Sage Group plc)
    SGRegister.dll -> C:\WINDOWS\System32\SGRegister.dll -> [2009/08/01 16:47:50 | 00,122,880 | ---- | C] (Sage Software Limited)
    Sgdt32.dll -> C:\WINDOWS\System32\Sgdt32.dll -> [2009/08/01 16:47:50 | 00,073,728 | ---- | C] ()
    SdoEng110.dll -> C:\WINDOWS\System32\SdoEng110.dll -> [2009/08/01 16:47:48 | 01,089,536 | ---- | C] (Sage (UK) Limited)
    SDOApp.dll -> C:\WINDOWS\System32\SDOApp.dll -> [2009/08/01 16:47:48 | 00,253,952 | ---- | C] ()
    Sdoeng.dll -> C:\WINDOWS\System32\Sdoeng.dll -> [2009/08/01 16:47:48 | 00,227,840 | ---- | C] (The Sage Group plc)
    Sgcom32.dll -> C:\WINDOWS\System32\Sgcom32.dll -> [2009/08/01 16:47:48 | 00,086,016 | ---- | C] ()
    SdoEng120.dll -> C:\WINDOWS\System32\SdoEng120.dll -> [2009/08/01 16:47:46 | 02,785,280 | ---- | C] (Sage (UK) Limited)
    Clik -> C:\Program Files\Clik -> [2009/08/01 16:47:21 | 00,000,000 | ---D | C]
    GECKOS.INI -> C:\WINDOWS\GECKOS.INI -> [2009/06/19 18:50:27 | 00,000,070 | ---- | C] ()
    sdsip.dll -> C:\WINDOWS\System32\sdsip.dll -> [2009/04/30 16:29:16 | 00,000,010 | ---- | C] ()
    easycert.INI -> C:\WINDOWS\easycert.INI -> [2009/04/15 18:54:19 | 00,000,028 | ---- | C] ()
    WBHelps21.dll -> C:\WINDOWS\System32\WBHelps21.dll -> [2009/04/15 18:44:03 | 00,000,008 | ---- | C] ()
    PTQL5F.DLL -> C:\WINDOWS\System32\PTQL5F.DLL -> [2009/03/22 15:08:44 | 00,061,440 | ---- | C] ()
    PTQL5L.INI -> C:\WINDOWS\System32\PTQL5L.INI -> [2009/03/22 15:08:44 | 00,001,235 | ---- | C] ()
    SP7302.INI -> C:\WINDOWS\System32\SP7302.INI -> [2009/03/14 22:00:09 | 00,000,566 | ---- | C] ()
    DLPORTIO.SYS -> C:\WINDOWS\System32\drivers\DLPORTIO.SYS -> [2009/03/14 11:48:48 | 00,003,584 | ---- | C] ()
    cx21sl3.dll -> C:\WINDOWS\System32\cx21sl3.dll -> [2009/03/12 17:57:07 | 00,022,723 | ---- | C] ()
    Primomonnt.dll -> C:\WINDOWS\System32\Primomonnt.dll -> [2009/03/07 20:08:55 | 00,176,235 | ---- | C] ()
    nvwdmcpl.dll -> C:\WINDOWS\System32\nvwdmcpl.dll -> [2009/02/18 15:44:00 | 01,724,416 | ---- | C] ()
    nview.dll -> C:\WINDOWS\System32\nview.dll -> [2009/02/18 15:44:00 | 01,507,328 | ---- | C] ()
    nvwimg.dll -> C:\WINDOWS\System32\nvwimg.dll -> [2009/02/18 15:44:00 | 01,101,824 | ---- | C] ()
    nvshell.dll -> C:\WINDOWS\System32\nvshell.dll -> [2009/02/18 15:44:00 | 00,466,944 | ---- | C] ()
    primopdf.ini -> C:\WINDOWS\primopdf.ini -> [2008/04/28 18:13:33 | 00,000,310 | ---- | C] ()
    CopyToSendTo.dll -> C:\WINDOWS\System32\CopyToSendTo.dll -> [2008/04/14 11:00:00 | 00,061,440 | ---- | C] ()
    las31l71.dll -> C:\WINDOWS\las31l71.dll -> [2008/04/14 11:00:00 | 00,045,056 | ---- | C] ()
    win.ini -> C:\WINDOWS\win.ini -> [2008/04/14 11:00:00 | 00,000,800 | ---- | C] ()
    system.ini -> C:\WINDOWS\system.ini -> [2008/04/14 11:00:00 | 00,000,227 | ---- | C] ()
    HMTCD.dll -> C:\WINDOWS\System32\HMTCD.dll -> [2003/09/23 13:40:34 | 00,394,240 | ---- | C] ()
    iyvu9_32.dll -> C:\WINDOWS\System32\iyvu9_32.dll -> [1997/06/14 01:56:08 | 00,056,832 | ---- | C] ()
    giveio.sys -> C:\WINDOWS\System32\giveio.sys -> [1996/04/03 20:33:26 | 00,005,248 | ---- | C] ()

    [Files/Folders - Modified Within 30 Days]
    7 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
    nvapps.xml -> C:\WINDOWS\System32\nvapps.xml -> [2009/08/29 14:05:14 | 00,212,641 | ---- | M] ()
    Perflib_Perfdata_7f8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7f8.dat -> [2009/08/29 14:05:12 | 00,016,384 | ---- | M] ()
    SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/08/29 14:04:30 | 00,000,006 | -H-- | M] ()
    bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/08/29 14:04:28 | 00,002,048 | --S- | M] ()
    hiberfil.sys -> C:\hiberfil.sys -> [2009/08/29 14:04:27 | 21,468,16000 | -HS- | M] ()
    CF17295.exe -> C:\WINDOWS\System32\CF17295.exe -> [2009/08/29 14:02:42 | 00,389,120 | ---- | M] (Microsoft Corporation)
    CleanMe.exe -> C:\Documents and Settings\Administrator\Desktop\CleanMe.exe -> [2009/08/29 14:02:28 | 03,188,248 | R--- | M] ()
    CF17149.exe -> C:\WINDOWS\System32\CF17149.exe -> [2009/08/29 14:01:57 | 00,389,120 | ---- | M] (Microsoft Corporation)
    Scheduled Update for Ask Toolbar.job -> C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job -> [2009/08/29 14:01:00 | 00,000,250 | ---- | M] ()
    NTUSER.DAT -> C:\Documents and Settings\Administrator\NTUSER.DAT -> [2009/08/29 13:00:38 | 04,456,448 | -H-- | M] ()
    ntuser.ini -> C:\Documents and Settings\Administrator\ntuser.ini -> [2009/08/28 23:03:06 | 00,000,178 | -HS- | M] ()
    OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2009/08/28 22:53:08 | 00,514,048 | ---- | M] (OldTimer Tools)
    Perflib_Perfdata_768.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_768.dat -> [2009/08/28 22:48:21 | 00,016,384 | ---- | M] ()
    Bookmarks 2009-08-28.json -> C:\Documents and Settings\Administrator\Desktop\Bookmarks 2009-08-28.json -> [2009/08/28 22:32:02 | 00,073,761 | ---- | M] ()
    Perflib_Perfdata_25c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_25c.dat -> [2009/08/28 22:08:31 | 00,016,384 | ---- | M] ()
    Perflib_Perfdata_624.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_624.dat -> [2009/08/28 21:48:32 | 00,016,384 | ---- | M] ()
    Perflib_Perfdata_170.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_170.dat -> [2009/08/28 19:41:47 | 00,016,384 | ---- | M] ()
    Perflib_Perfdata_308.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_308.dat -> [2009/08/28 19:33:34 | 00,016,384 | ---- | M] ()
    Perflib_Perfdata_7f4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7f4.dat -> [2009/08/28 18:18:15 | 00,016,384 | ---- | M] ()
    Perflib_Perfdata_614.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_614.dat -> [2009/08/28 18:16:17 | 00,016,384 | ---- | M] ()
    Perflib_Perfdata_704.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_704.dat -> [2009/08/28 18:16:13 | 00,016,384 | ---- | M] ()
    CF13640.exe -> C:\WINDOWS\System32\CF13640.exe -> [2009/08/28 18:13:23 | 00,389,120 | ---- | M] (Microsoft Corporation)
    CF12990.exe -> C:\WINDOWS\System32\CF12990.exe -> [2009/08/28 18:10:03 | 00,389,120 | ---- | M] (Microsoft Corporation)
    CF14402.exe -> C:\WINDOWS\System32\CF14402.exe -> [2009/08/28 15:30:00 | 00,389,120 | ---- | M] (Microsoft Corporation)
    CF14225.exe -> C:\WINDOWS\System32\CF14225.exe -> [2009/08/28 15:29:07 | 00,389,120 | ---- | M] (Microsoft Corporation)
    CF13416.exe -> C:\WINDOWS\System32\CF13416.exe -> [2009/08/28 15:24:59 | 00,389,120 | ---- | M] (Microsoft Corporation)
    vpcimxnoqx.exe -> C:\WINDOWS\Temp\vpcimxnoqx.exe -> [2009/08/27 22:21:01 | 00,061,440 | ---- | M] (Microsoft Corporation)
    malware.lnk -> C:\Documents and Settings\All Users\Desktop\malware.lnk -> [2009/08/27 22:11:22 | 00,000,696 | ---- | M] ()
    index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2009/08/27 22:06:25 | 00,032,768 | ---- | M] ()
    index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat -> [2009/08/27 22:06:25 | 00,016,384 | ---- | M] ()
    index.dat -> C:\WINDOWS\Temp\Cookies\index.dat -> [2009/08/27 22:06:25 | 00,016,384 | ---- | M] ()
    CF5798.exe -> C:\WINDOWS\System32\CF5798.exe -> [2009/08/27 22:02:40 | 00,389,120 | ---- | M] (Microsoft Corporation)
    boot.ini -> C:\boot.ini -> [2009/08/27 21:58:14 | 00,000,302 | RHS- | M] ()
    CF4609.exe -> C:\WINDOWS\System32\CF4609.exe -> [2009/08/27 21:56:36 | 00,389,120 | ---- | M] (Microsoft Corporation)
    57852f5b.sys -> C:\WINDOWS\System32\drivers\57852f5b.sys -> [2009/08/27 19:53:30 | 00,000,000 | ---- | M] ()
    Perflib_Perfdata_630.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_630.dat -> [2009/08/27 19:50:07 | 00,016,384 | ---- | M] ()
    Perflib_Perfdata_638.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_638.dat -> [2009/08/27 19:44:40 | 00,016,384 | ---- | M] ()
    Perflib_Perfdata_188.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_188.dat -> [2009/08/27 19:33:13 | 00,016,384 | ---- | M] ()
    wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/08/27 19:10:09 | 00,002,206 | ---- | M] ()
    pesvbqmois.exe -> C:\WINDOWS\Temp\pesvbqmois.exe -> [2009/08/26 18:21:28 | 00,092,160 | ---- | M] ()
    wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/08/25 12:56:31 | 00,002,334 | ---- | M] ()
    ritnvrabvp.exe -> C:\WINDOWS\Temp\ritnvrabvp.exe -> [2009/08/25 12:47:45 | 00,096,256 | ---- | M] ()
    HijackThis.lnk -> C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk -> [2009/08/25 12:36:27 | 00,001,734 | ---- | M] ()
    pool.bin -> C:\WINDOWS\System32\pool.bin -> [2009/08/25 12:33:18 | 00,000,256 | ---- | M] ()
    Mozilla Firefox.lnk -> C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk -> [2009/08/24 21:45:19 | 00,001,602 | ---- | M] ()
    Bookmarks 2009-08-24.json -> C:\Documents and Settings\Administrator\Desktop\Bookmarks 2009-08-24.json -> [2009/08/24 21:39:31 | 00,074,646 | ---- | M] ()
    GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/08/24 17:39:05 | 00,100,944 | ---- | M] ()
    FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2009/08/24 17:29:38 | 00,370,488 | ---- | M] ()
    IconCache.db -> C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db -> [2009/08/23 23:12:07 | 03,706,996 | -H-- | M] ()
    CCleaner.lnk -> C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk -> [2009/08/23 23:07:51 | 00,001,548 | ---- | M] ()
    Snuhacokuvomuy.dat -> C:\WINDOWS\Snuhacokuvomuy.dat -> [2009/08/23 22:19:49 | 00,000,120 | ---- | M] ()
    Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk -> [2009/08/23 22:06:38 | 00,000,933 | ---- | M] ()
    Age of Empires II.lnk -> C:\Documents and Settings\Administrator\Desktop\Age of Empires II.lnk -> [2009/08/23 17:24:34 | 00,001,819 | ---- | M] ()
    ntuser.pol -> C:\Documents and Settings\Administrator\ntuser.pol -> [2009/08/23 14:27:28 | 00,000,452 | RHS- | M] ()
    Perflib_Perfdata_618.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_618.dat -> [2009/08/23 10:16:22 | 00,016,384 | ---- | M] ()
    Perflib_Perfdata_908.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_908.dat -> [2009/08/23 10:15:57 | 00,016,384 | ---- | M] ()
    Perflib_Perfdata_af0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_af0.dat -> [2009/08/23 10:12:53 | 00,016,384 | ---- | M] ()
    win.ini -> C:\WINDOWS\win.ini -> [2009/08/23 10:10:42 | 00,000,800 | ---- | M] ()
    Boot.bak -> C:\Boot.bak -> [2009/08/23 10:10:42 | 00,000,232 | ---- | M] ()
    system.ini -> C:\WINDOWS\system.ini -> [2009/08/23 10:10:42 | 00,000,227 | ---- | M] ()
    Perflib_Perfdata_77c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_77c.dat -> [2009/08/23 10:00:25 | 00,016,384 | ---- | M] ()
    Perflib_Perfdata_824.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_824.dat -> [2009/08/23 10:00:20 | 00,016,384 | ---- | M] ()
    PEV.exe -> C:\WINDOWS\PEV.exe -> [2009/08/23 03:09:13 | 00,229,376 | ---- | M] ()
    CONFIG.NT -> C:\WINDOWS\System32\CONFIG.NT -> [2009/08/22 20:35:38 | 00,002,577 | ---- | M] ()
    BullGuard.lnk -> C:\Documents and Settings\All Users\Desktop\BullGuard.lnk -> [2009/08/22 20:27:23 | 00,000,838 | ---- | M] ()
    setupeng.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\_av_inet.tm~a05532\setupeng.exe -> [2009/08/22 19:32:39 | 37,778,896 | ---- | M] ()
    trialkey.dat -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\trialkey.dat -> [2009/08/22 19:18:46 | 00,000,070 | ---- | M] ()
    avgdm85_packmap_free_0409.dat -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\avgdm85_packmap_free_0409.dat -> [2009/08/22 19:18:35 | 00,003,022 | ---- | M] ()
    freekeys.dat -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\freekeys.dat -> [2009/08/22 19:18:35 | 00,000,529 | ---- | M] ()
    avgdm85_prodmap_pro_0409.dat -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\avgdm85_prodmap_pro_0409.dat -> [2009/08/22 19:18:29 | 00,002,911 | ---- | M] ()
    avgdm85_prodmap_free_0409.dat -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\avgdm85_prodmap_free_0409.dat -> [2009/08/22 19:18:29 | 00,002,911 | ---- | M] ()
    avgdm85_prodmap_sals_0356.dat -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\avgdm85_prodmap_sals_0356.dat -> [2009/08/22 19:18:29 | 00,002,910 | ---- | M] ()
    avgrsa.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\34\avgrsa.exe -> [2009/08/22 18:53:29 | 01,013,528 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgrsx.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\34\avgrsx.exe -> [2009/08/22 18:53:29 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgrssta.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\34\avgrssta.dll -> [2009/08/22 18:53:29 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgrsstx.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\34\avgrsstx.dll -> [2009/08/22 18:53:29 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgcorex.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\4\avgcorex.dll -> [2009/08/22 18:53:28 | 02,062,104 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgcsrvx.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\4\avgcsrvx.exe -> [2009/08/22 18:53:28 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgcrlpx.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\4\avgcrlpx.dll -> [2009/08/22 18:53:28 | 00,070,424 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgcclix.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\4\avgcclix.dll -> [2009/08/22 18:53:27 | 00,418,072 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgclitx.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\4\avgclitx.dll -> [2009/08/22 18:53:27 | 00,390,424 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgsea.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\36\avgsea.dll -> [2009/08/22 18:53:27 | 00,188,184 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgse.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\36\avgse.dll -> [2009/08/22 18:53:27 | 00,114,968 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgxch32.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\11\avgxch32.dll -> [2009/08/22 18:53:26 | 00,354,072 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgoff2k.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\7\avgoff2k.dll -> [2009/08/22 18:53:26 | 00,264,984 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgscanx.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\15\avgscanx.exe -> [2009/08/22 18:53:25 | 00,761,624 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgvvx.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\15\avgvvx.dll -> [2009/08/22 18:53:25 | 00,515,864 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgwdwsc.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\15\avgwdwsc.dll -> [2009/08/22 18:53:25 | 00,423,424 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgscanx.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\15\avgscanx.dll -> [2009/08/22 18:53:25 | 00,339,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgmvflx.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\15\avgmvflx.dll -> [2009/08/22 18:53:25 | 00,305,944 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avg7api.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\15\avg7api.dll -> [2009/08/22 18:53:25 | 00,222,488 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgmail.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\15\avgmail.dll -> [2009/08/22 18:53:25 | 00,177,432 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgxpl.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgxpl.dll -> [2009/08/22 18:52:01 | 01,008,920 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgcmgr.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgcmgr.exe -> [2009/08/22 18:52:01 | 00,845,080 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avglvex.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avglvex.dll -> [2009/08/22 18:52:01 | 00,197,912 | ---- | M] (AVG Technologies CZ, s.r.o.)
    sporder.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\sporder.dll -> [2009/08/22 18:52:01 | 00,008,464 | ---- | M] (Microsoft Corporation)
    sb2.dat -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\sb2.dat -> [2009/08/22 18:52:01 | 00,002,588 | ---- | M] ()
    cf.dat -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\cf.dat -> [2009/08/22 18:52:01 | 00,000,204 | ---- | M] ()
    ph.dat -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\ph.dat -> [2009/08/22 18:52:01 | 00,000,120 | ---- | M] ()
    avgwd.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgwd.dll -> [2009/08/22 18:52:00 | 01,262,368 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgssie.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgssie.dll -> [2009/08/22 18:52:00 | 01,111,320 | ---- | M] (AVG Technologies CZ, s.r.o.)
    dbghelp.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\dbghelp.dll -> [2009/08/22 18:52:00 | 01,045,128 | ---- | M] (Microsoft Corporation)
    avgssff.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgssff.dll -> [2009/08/22 18:52:00 | 01,033,496 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgsrmx.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgsrmx.dll -> [2009/08/22 18:52:00 | 00,681,240 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgnsx.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgnsx.exe -> [2009/08/22 18:52:00 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgsched.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgsched.dll -> [2009/08/22 18:52:00 | 00,530,712 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgtbapi.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgtbapi.dll -> [2009/08/22 18:52:00 | 00,493,848 | ---- | M] (AVG Technologies CZ, s.r.o.)
    fixcfg.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\fixcfg.exe -> [2009/08/22 18:52:00 | 00,423,192 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgsrmax.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgsrmax.exe -> [2009/08/22 18:52:00 | 00,341,272 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgwdsvc.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgwdsvc.exe -> [2009/08/22 18:52:00 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
    dfncfg.dat -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\dfncfg.dat -> [2009/08/22 18:52:00 | 00,088,863 | ---- | M] ()
    avgpp.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgpp.dll -> [2009/08/22 18:52:00 | 00,087,320 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgupd.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgupd.dll -> [2009/08/22 18:51:59 | 01,475,352 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgapix.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgapix.dll -> [2009/08/22 18:51:59 | 01,262,872 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgupd.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgupd.exe -> [2009/08/22 18:51:59 | 01,165,592 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgcfgx.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgcfgx.dll -> [2009/08/22 18:51:59 | 00,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avginet.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avginet.dll -> [2009/08/22 18:51:59 | 00,758,040 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgcfgex.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgcfgex.exe -> [2009/08/22 18:51:59 | 00,730,392 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgiproxy.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgiproxy.exe -> [2009/08/22 18:51:59 | 00,587,032 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avglogx.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avglogx.dll -> [2009/08/22 18:51:59 | 00,337,176 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avglngx.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avglngx.dll -> [2009/08/22 18:51:59 | 00,310,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgamnot.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgamnot.dll -> [2009/08/22 18:51:59 | 00,271,640 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgdumpx.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgdumpx.exe -> [2009/08/22 18:51:59 | 00,100,120 | ---- | M] (AVG Technologies CZ, s.r.o.)
    setup.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\setup.exe -> [2009/08/22 18:51:58 | 03,299,608 | ---- | M] (AVG Technologies CZ, s.r.o.)
    setup.dat -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\setup.dat -> [2009/08/22 18:51:58 | 01,092,424 | ---- | M] ()
    avgui.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgui.exe -> [2009/08/22 18:51:57 | 03,497,240 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avguires.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avguires.dll -> [2009/08/22 18:51:57 | 02,808,600 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avguiadv.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avguiadv.dll -> [2009/08/22 18:51:57 | 02,308,888 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgtray.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgtray.exe -> [2009/08/22 18:51:57 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgresf.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgresf.dll -> [2009/08/22 18:51:56 | 02,352,920 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgfrw.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgfrw.exe -> [2009/08/22 18:51:56 | 01,217,816 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgabout.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgabout.dll -> [2009/08/22 18:51:56 | 01,209,112 | ---- | M] (AVG Technologies CZ, s.r.o.)
    afuinst64.dat -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\afuinst64.dat -> [2009/08/22 18:51:56 | 00,317,440 | ---- | M] ()
    E88D4.exe -> C:\WINDOWS\E88D4.exe -> [2009/08/22 18:46:02 | 00,005,095 | -HS- | M] ()
    qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/08/22 18:38:27 | 00,005,371 | ---- | M] ()
    qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/08/22 18:37:28 | 00,006,510 | ---- | M] ()
    METAL GEAR SOLID2 SUBSTANCE.lnk -> C:\Documents and Settings\All Users\Desktop\METAL GEAR SOLID2 SUBSTANCE.lnk -> [2009/08/22 18:11:41 | 00,000,972 | ---- | M] ()
    Perflib_Perfdata_7fc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7fc.dat -> [2009/08/22 09:29:24 | 00,016,384 | ---- | M] ()
    Excel 2007.lnk -> C:\Documents and Settings\Administrator\Desktop\Excel 2007.lnk -> [2009/08/18 17:11:37 | 00,002,473 | ---- | M] ()
    PrimoPDFSet.xml -> C:\Documents and Settings\Administrator\Application Data\PrimoPDFSet.xml -> [2009/08/17 17:20:51 | 00,006,491 | ---- | M] ()
    Microsoft Office Access 2007.lnk -> C:\Documents and Settings\Administrator\Desktop\Microsoft Office Access 2007.lnk -> [2009/08/13 15:58:43 | 00,002,471 | ---- | M] ()
    Word 2007.lnk -> C:\Documents and Settings\Administrator\Desktop\Word 2007.lnk -> [2009/08/06 12:51:46 | 00,002,515 | ---- | M] ()
    Microsoft AutoRoute.lnk -> C:\Documents and Settings\Administrator\Desktop\Microsoft AutoRoute.lnk -> [2009/08/03 22:39:09 | 00,002,399 | ---- | M] ()
    mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation)
    mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation)
    Backup - Clik Service.lnk -> C:\Documents and Settings\Administrator\Desktop\Backup - Clik Service.lnk -> [2009/08/01 16:47:59 | 00,001,589 | ---- | M] ()
    Clik Service.lnk -> C:\Documents and Settings\Administrator\Desktop\Clik Service.lnk -> [2009/08/01 16:47:59 | 00,001,577 | ---- | M] ()
    opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [2009/03/12 19:23:56 | 00,008,206 | ---- | M] ()
    avenger.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$EX00.547\avenger.exe -> [2008/05/30 23:09:46 | 00,731,136 | ---- | M] ()
    < End of report >
    [/code]

  4. #34
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Open OTScanIt. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
    [Unregister Dlls]
    [Driver Services - Safe List]
    YN -> (57852f5b) 57852f5b [Kernel | System | Stopped] -> C:\WINDOWS\System32\drivers\57852f5b.sys
    [Registry - Safe List]
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    YN -> "avast!" -> C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe]
    YN -> "AVG8_TRAY" -> C:\PROGRA~1\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe]
    YN -> "UnlockerAssistant" -> C:\Program Files\Unlocker\UnlockerAssistant.exe [C:\Program Files\Unlocker\UnlockerAssistant.exe -H]
    < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
    YN -> CmdMapping\\"{2670000A-7350-4f3c-8081-5663EE0C6C49}" [HKLM] -> [Reg Error: Key error.]
    YN -> CmdMapping\\"{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}" [HKLM] -> [Reg Error: Key error.]
    YN -> CmdMapping\\"{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}" [HKLM] -> [Reg Error: Key error.]
    YN -> CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> [Reg Error: Key error.]
    YN -> CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> [Reg Error: Key error.]
    YN -> CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key error.]
    [Registry - Additional Scans - Safe List]
    < Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
    YN -> {86D4B82A-ABED-442A-BE86-96357B70F4FE} -> Ask Toolbar
    [Files/Folders - Created Within 30 Days]
    NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
    NY -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
    NY -> 1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp
    NY -> CleanMe -> C:\CleanMe
    NY -> CF17295.exe -> C:\WINDOWS\System32\CF17295.exe
    NY -> CF17149.exe -> C:\WINDOWS\System32\CF17149.exe
    NY -> ComboFix -> C:\ComboFix
    NY -> CF13640.exe -> C:\WINDOWS\System32\CF13640.exe
    NY -> CF12990.exe -> C:\WINDOWS\System32\CF12990.exe
    NY -> CleanMe.exe -> C:\Documents and Settings\Administrator\Desktop\CleanMe.exe
    NY -> CF14402.exe -> C:\WINDOWS\System32\CF14402.exe
    NY -> CF14225.exe -> C:\WINDOWS\System32\CF14225.exe
    NY -> CF13416.exe -> C:\WINDOWS\System32\CF13416.exe
    NY -> CF5798.exe -> C:\WINDOWS\System32\CF5798.exe
    NY -> CF4609.exe -> C:\WINDOWS\System32\CF4609.exe
    NY -> 57852f5b.sys -> C:\WINDOWS\System32\drivers\57852f5b.sys
    NY -> E88D4.exe -> C:\WINDOWS\E88D4.exe
    [Files/Folders - Modified Within 30 Days]
    NY -> CF17295.exe -> C:\WINDOWS\System32\CF17295.exe
    NY -> CleanMe.exe -> C:\Documents and Settings\Administrator\Desktop\CleanMe.exe
    NY -> CF17149.exe -> C:\WINDOWS\System32\CF17149.exe
    NY -> CF13640.exe -> C:\WINDOWS\System32\CF13640.exe
    NY -> CF12990.exe -> C:\WINDOWS\System32\CF12990.exe
    NY -> CF14402.exe -> C:\WINDOWS\System32\CF14402.exe
    NY -> CF14225.exe -> C:\WINDOWS\System32\CF14225.exe
    NY -> CF13416.exe -> C:\WINDOWS\System32\CF13416.exe
    NY -> CF5798.exe -> C:\WINDOWS\System32\CF5798.exe
    NY -> CF4609.exe -> C:\WINDOWS\System32\CF4609.exe
    NY -> 57852f5b.sys -> C:\WINDOWS\System32\drivers\57852f5b.sys
    NY -> pesvbqmois.exe -> C:\WINDOWS\Temp\pesvbqmois.exe
    NY -> ritnvrabvp.exe -> C:\WINDOWS\Temp\ritnvrabvp.exe
    [Empty Temp Folders]
    The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.
    Warning: This fix is for this user only. DO NOT duplicate this fix or you risk damaging your own system

    Please post a fresh sysprot log also
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  5. #35
    Member
    Join Date
    Aug 2009
    Posts
    31

    Default

    OTS bit done.

    Sysprot log

    SysProt AntiRootkit v1.0.1.0
    by swatkat

    ******************************************************************************************
    ******************************************************************************************

    No Hidden Processes found

    ******************************************************************************************
    ******************************************************************************************
    Kernel Modules:
    Module Name: \systemroot\system32\drivers\kbiwkmsdjnkvxf.sys
    Service Name: kbiwkmpkbmwnli
    Module Base: ---
    Module End: ---
    Hidden: Yes

    ******************************************************************************************
    ******************************************************************************************
    No SSDT Hooks found

    ******************************************************************************************
    ******************************************************************************************
    Kernel Hooks:
    Hooked Function: ZwSaveKeyEx
    At Address: 8065628D
    Jump To: 8929B6DA
    Module Name: _unknown_

    Hooked Function: ZwSaveKey
    At Address: 806561A2
    Jump To: 892A56DA
    Module Name: _unknown_

    Hooked Function: ZwFlushInstructionCache
    At Address: 80587BFB
    Jump To: 89EFB61C
    Module Name: _unknown_

    Hooked Function: ZwEnumerateKey
    At Address: 80578E14
    Jump To: 8A271E8C
    Module Name: _unknown_

    Hooked Function: IofCompleteRequest
    At Address: 804E17BD
    Jump To: 89FD50CB
    Module Name: _unknown_

    Hooked Function: IofCallDriver
    At Address: 804E13A7
    Jump To: 892DD6DB
    Module Name: _unknown_

    ******************************************************************************************
    ******************************************************************************************
    Hidden files/folders:
    Object: C:\System Volume Information\MountPointManagerRemoteDatabase
    Status: Access denied

    Object: C:\System Volume Information\tracking.log
    Status: Access denied

  6. #36
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    ----------------------------------------------------------------------------------------
    Step 1

    1. Start Sysprot
    2. Click the "Kernel Modules" tab.
    3. Click the following lines (in red) and then click Disable
      \systemroot\system32\drivers\kbiwkmsdjnkvxf.sys ------ kbiwkmpkbmwnli
    4. Reboot the machine
    5. Repeat steps 1 to 4 (SysProt AntiRootkit will detect the same rootkit driver again)

    ----------------------------------------------------------------------------------------
    Step 2

    Malwarebytes' Anti-Malware

    • Start MalwareBytes AntiMalware
      • Update Malwarebytes' Anti-Malware
      • Select the Update tab
      • Click Update
    • When the update is complete, select the Scanner tab
    • Select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply
      • If you accidently close it, the log file is saved here and will be named like this:
      • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  7. #37
    Member
    Join Date
    Aug 2009
    Posts
    31

    Default

    Malwarebytes' Anti-Malware 1.40
    Database version: 2713
    Windows 5.1.2600 Service Pack 3

    29/08/2009 19:23:31
    mbam-log-2009-08-29 (19-23-31).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 272376
    Time elapsed: 18 minute(s), 14 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  8. #38
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Download a fresh copy of Combofix to your desktop and do the following.
    Run ComboFix using these instructions:

    Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

    "%userprofile%\desktop\combofix.exe" /killall

    When finished, it shall produce a log for you. Post that log in your next reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.



    If it still doesn't run, please post a fresh Sysprot log
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  9. #39
    Member
    Join Date
    Aug 2009
    Posts
    31

    Default

    it wont open from the run command. it says 'windows cannot find c:\....' make you typed the name correctly etc.

    if i double click the desktop icon, it comes up with the windows security warning saying publisher could not be verified. i clicked cancel to that, not sure if you want me to run it from there?

  10. #40
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Create A Batch File
    Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
    Save it as "All Files" and name it runcf.bat Please save it on your desktop. (Next to Combofix)

    @echo off
    CD %~dp0
    if not exist Combofix.exe (@Echo File Not found >>"%Temp%\log.txt"&&Pause&&goto End)
    Combofix /Killall
    DEl /q %0
    :End
    notepad "%Temp%\log.txt" & del log.txt
    del /q %0
    Double click on runcf.bat

    if Combofix starts to run, please follow the on screen prompts
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •