Solved Can't locate any viruses or malware...But...

snarky · 2010/08/24

[Resolved] Can't locate any viruses or malware...But...

Hello and thank you in advance for your help & replies.

I am having a few issues & think only some of them "may" be virus related. That being said, I cannot say for certain that I have any viruses or malware at all.

I recently downloaded files which, when I try to access them cause Windows Explorer (not Internet Explorer) to crash on me. This results in the windows being closed and Dr. Watson doing his little dance.

Also, I recently backed up a person's computer (which had viruses on it) and then attempted to scan the flash-drive used for the back-up, on my system. This resulted in a few viruses (forget the names) which I did seem to get rid of.

Further, and this has been an ongoing issue; when I attempt to alter anything in MSCONFIG it always tells me I'm not allowed and need Admin privileges...although I am the admin with full rights to do so. Nevertheless, it does make the changes i demand, but it tells me that it wont. Odd, but I think this is likely more of a bug than a virus.

A few other wonky things have occurred as well such as hangups which result in my needing to reboot (unusual for my system).

I have tried to utilize Trend Micro's Rootkitbuster to only have it crash my system each time.

I have used Avast for years and it's latest scans are showing no viruses.
Malwarebytes is showing no malware.
Windows Advanced System is showing nothing.
I even used Trend Micro's online scan which located nothing.
Hijackthis showed nothing auto-checked

and here is my DDS files

DDS (Ver_10-03-17.01) - NTFSx86
Run by Dad at 21:32:25.58 on Tue 08/24/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1438 [GMT -3:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Dad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.hotspotshield.com/g/?c=h
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot

shield\hssie\HssIE.dll
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} -

hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} -

hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dad\applic~1\mozilla\firefox\profiles\3sev0dtk.default\
FF - prefs.js: browser.startup.homepage - hxxp://yourirish.com/|http://www.shee-eire.com/
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js -

pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ",

true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js -

pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js -

pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js -

pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js -

pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js -

pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ",

"http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js -

pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ",

"chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ",

"chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ",

"addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ",

"getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ",

true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ",

false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ",

true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ",

true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ",

true);
c:\program files\mozilla firefox\defaults\pref\firefox.js -

pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ",

false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ",

20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-9 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-11-4 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-4 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-15

40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe

[2010-2-15 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-15

40384]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-3-21 14424]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2

135664]
S4 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss

--> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
S4 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-11-4 312592]
S4 TipCtrl;TipCtrl;c:\program files\utipu\TipCtrl.exe [2009-2-3 314504]

=============== Created Last 30 ================

2010-08-25 00:23:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-08-25 00:23:45 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-24 23:56:03 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-08-24 23:53:36 0 d-----w- c:\program files\Trend Micro
2010-08-23 20:35:21 24 ----a-w- c:\windows\AM_D7.PRF
2010-08-23 20:27:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2010-08-23 20:27:28 140800 ----a-w- c:\windows\system32\tm20dec.ax
2010-08-23 20:27:27 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2010-08-23 20:27:25 63488 ----a-w- c:\windows\system32\unam4ie.exe
2010-08-23 20:27:24 5672 ----a-w- c:\windows\system32\quartz.vxd
2010-08-23 20:27:24 194320 ----a-w- c:\windows\system32\qcut.dll
2010-08-23 20:27:24 11776 ----a-w- c:\windows\system32\mciqtz.drv
2010-08-23 20:27:24 10240 ----a-w- c:\windows\system32\vidx16.dll
2010-08-23 20:27:23 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-08-23 20:27:23 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-08-23 20:27:22 305 ----a-w- c:\windows\changesUserData.ini
2010-08-23 20:25:09 0 d-----w- c:\program files\Changes
2010-08-20 04:22:49 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-20 04:22:49 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

==================== Find3M ====================

2010-07-23 20:42:09 87608 ----a-w- c:\docume~1\dad\applic~1\inst.exe
2010-07-23 20:42:09 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-07-23 20:42:09 47360 ----a-w- c:\docume~1\dad\applic~1\pcouffin.sys
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-29 23:37:05 217180 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-06-29 23:37:02 217180 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-06-28 20:57:33 38848 ----a-w- c:\windows\avastSS.scr
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-09 23:01:10 133616 ------w- c:\windows\system32\pxafs.dll
2010-06-09 23:01:10 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01:10 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-06-07 23:57:00 6300544 ----a-w- c:\windows\system32\nv4_disp.dll
2010-06-07 23:57:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-06-07 23:57:00 4554752 ----a-w- c:\windows\system32\nvcuda.dll
2010-06-07 23:57:00 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-06-07 23:57:00 232040 ----a-w- c:\windows\system32\nvcodins.dll
2010-06-07 23:57:00 232040 ----a-w- c:\windows\system32\nvcod.dll
2010-06-07 23:57:00 2186342 ----a-w- c:\windows\system32\nvdata.bin
2010-06-07 23:57:00 2165352 ----a-w- c:\windows\system32\nvcuvid.dll
2010-06-07 23:57:00 15192064 ----a-w- c:\windows\system32\nvoglnt.dll
2010-06-07 23:57:00 1359872 ----a-w- c:\windows\system32\nvapi.dll
2010-06-07 23:57:00 10256384 ----a-w- c:\windows\system32\nvcompiler.dll
2010-06-07 20:34:52 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-06-07 20:34:42 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-06-07 20:34:42 13902440 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-07 20:34:42 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-07 20:34:40 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2010-06-07 20:34:40 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-05-28 15:58:26 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-02-15 15:43:06 16384 --sha-w- c:\windows\temp\cookies\index.dat
2010-02-15 15:43:06 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2010-02-15 15:43:06 32768 --sha-w- c:\windows\temp\temporary internet

files\content.ie5\index.dat

============= FINISH: 21:32:41.73 ===============

----------------------------------------------------------------------------------------------------------------------------------------------------

UNLESS SPECIFICALLY INSTRUCTED, DO NOT

POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/4/2009 2:23:08 PM
System Uptime: 8/24/2010 9:05:00 PM (0

hours ago)

Motherboard: XFX | | XFX Nforce

680i LT
Processor: Intel(R) Core(TM)2 Quad CPU

Q6600 @ 2.40GHz | Socket 775 |

2400/267mhz

==== Disk Partitions

=========================

C: is FIXED (NTFS) - 117 GiB total,

32.677 GiB free.
D: is FIXED (NTFS) - 116 GiB total,

36.643 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items

=============

==== System Restore Points

===================

RP192: 5/26/2010 7:36:25 PM - System

Checkpoint
RP193: 5/28/2010 8:16:31 AM - System

Checkpoint
RP194: 5/29/2010 10:16:35 AM - System

Checkpoint
RP195: 5/29/2010 11:47:29 PM -

Software Distribution Service 3.0
RP196: 5/31/2010 4:45:16 PM - System

Checkpoint
RP197: 6/1/2010 7:33:57 PM - System

Checkpoint
RP198: 6/4/2010 11:30:32 AM - System

Checkpoint
RP199: 6/5/2010 12:30:22 PM - System

Checkpoint
RP200: 6/6/2010 12:38:44 PM - System

Checkpoint
RP201: 6/7/2010 2:38:23 PM - System

Checkpoint
RP202: 6/8/2010 2:52:45 PM - System

Checkpoint
RP203: 6/8/2010 11:35:39 PM - Software

Distribution Service 3.0
RP204: 6/9/2010 10:18:18 AM - Software

Distribution Service 3.0
RP205: 6/10/2010 10:46:09 AM - System

Checkpoint
RP206: 6/11/2010 11:17:28 AM - System

Checkpoint
RP207: 6/12/2010 1:43:16 PM - System

Checkpoint
RP208: 6/13/2010 5:39:50 PM - System

Checkpoint
RP209: 6/14/2010 6:07:06 PM - System

Checkpoint
RP210: 6/15/2010 7:57:10 PM - System

Checkpoint
RP211: 6/16/2010 8:03:26 PM - System

Checkpoint
RP212: 6/18/2010 11:22:43 PM - Removed

Darkfall US
RP213: 6/20/2010 12:35:06 PM - System

Checkpoint
RP214: 6/21/2010 1:42:17 PM - System

Checkpoint
RP215: 6/22/2010 2:41:43 PM - System

Checkpoint
RP216: 6/23/2010 5:54:07 PM - System

Checkpoint
RP217: 6/24/2010 6:40:39 PM - System

Checkpoint
RP218: 6/25/2010 6:45:06 PM - System

Checkpoint
RP219: 6/26/2010 7:00:18 PM - System

Checkpoint
RP220: 6/27/2010 7:38:35 PM - System

Checkpoint
RP221: 6/29/2010 1:24:39 PM - System

Checkpoint
RP222: 6/30/2010 10:39:51 AM -

Software Distribution Service 3.0
RP223: 6/30/2010 2:26:10 PM -

Installed QuickTime
RP224: 7/1/2010 2:52:29 PM - System

Checkpoint
RP225: 7/2/2010 4:14:07 PM - System

Checkpoint
RP226: 7/3/2010 4:29:03 PM - System

Checkpoint
RP227: 7/4/2010 5:00:43 PM - System

Checkpoint
RP228: 7/5/2010 5:10:11 PM - System

Checkpoint
RP229: 7/6/2010 8:23:28 PM - System

Checkpoint
RP230: 7/7/2010 8:33:59 PM - System

Checkpoint
RP231: 7/8/2010 8:47:30 PM - System

Checkpoint
RP232: 7/10/2010 11:57:39 AM - System

Checkpoint
RP233: 7/11/2010 12:26:06 PM - System

Checkpoint
RP234: 7/12/2010 12:52:52 PM - System

Checkpoint
RP235: 7/13/2010 8:42:52 PM - Software

Distribution Service 3.0
RP236: 7/15/2010 10:55:09 AM - System

Checkpoint
RP237: 7/16/2010 11:22:10 AM - System

Checkpoint
RP238: 7/17/2010 11:22:30 AM - System

Checkpoint
RP239: 7/18/2010 2:13:09 PM - System

Checkpoint
RP240: 7/19/2010 4:16:00 PM - System

Checkpoint
RP241: 7/20/2010 7:37:45 PM - System

Checkpoint
RP242: 7/21/2010 8:29:49 PM - System

Checkpoint
RP243: 7/22/2010 9:11:07 PM - System

Checkpoint
RP244: 7/23/2010 4:40:30 PM -

Installed soft Xpansion Hair Master 4

International Demo
RP245: 7/23/2010 4:55:01 PM -

Installed soft Xpansion Style Advisor

4 International Demo
RP246: 7/23/2010 5:29:00 PM - Removed

soft Xpansion Hair Master 4

International Demo
RP247: 7/23/2010 5:29:17 PM - Removed

soft Xpansion Style Advisor 4

International Demo
RP248: 7/24/2010 5:42:01 PM - System

Checkpoint
RP249: 7/25/2010 7:48:36 PM - System

Checkpoint
RP250: 7/26/2010 8:34:09 PM - System

Checkpoint
RP251: 7/28/2010 10:28:01 AM - System

Checkpoint
RP252: 7/30/2010 10:14:38 AM - System

Checkpoint
RP253: 7/31/2010 10:46:32 AM - System

Checkpoint
RP254: 8/1/2010 10:59:16 AM - System

Checkpoint
RP255: 8/2/2010 12:16:01 PM - System

Checkpoint
RP256: 8/3/2010 10:04:06 AM - Software

Distribution Service 3.0
RP257: 8/5/2010 9:37:18 AM - System

Checkpoint
RP258: 8/6/2010 1:04:51 PM - System

Checkpoint
RP259: 8/8/2010 9:16:28 AM - System

Checkpoint
RP260: 8/9/2010 2:46:06 PM - System

Checkpoint
RP261: 8/10/2010 2:59:36 PM - System

Checkpoint
RP262: 8/11/2010 3:28:31 PM - System

Checkpoint
RP263: 8/12/2010 12:19:26 AM -

Software Distribution Service 3.0
RP264: 8/13/2010 5:36:59 PM - System

Checkpoint
RP265: 8/14/2010 6:45:17 PM - System

Checkpoint
RP266: 8/15/2010 7:21:40 PM - System

Checkpoint
RP267: 8/17/2010 10:12:23 AM - System

Checkpoint
RP268: 8/18/2010 1:26:59 PM - System

Checkpoint
RP269: 8/19/2010 1:32:56 PM - System

Checkpoint
RP270: 8/20/2010 11:36:28 AM -

Installed HiJackThis
RP271: 8/21/2010 12:08:01 PM - System

Checkpoint
RP272: 8/22/2010 2:13:18 PM - System

Checkpoint
RP273: 8/23/2010 2:34:46 PM - System

Checkpoint
RP274: 8/23/2010 5:25:09 PM -

Installed Changes
RP275: 8/24/2010 5:52:12 PM - System

Checkpoint
RP276: 8/24/2010 8:51:23 PM - Removed

HiJackThis
RP277: 8/24/2010 8:53:36 PM -

Installed HiJackThis
RP278: 8/24/2010 9:22:52 PM -

Installed Java(TM) 6 Update 20

==== Installed Programs

======================

µTorrent
Ad-Aware Email Scanner for Outlook
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.2.3
Adobe Stock Photos 1.0
Advanced SystemCare 3
AnimatorDV Simple+ 9.02
Any Video Converter 3.0.6
Apple Application Support
Apple Software Update
avast! Free Antivirus
BitTorrent
Changes
CorelDRAW Graphics Suite X4
CorelDRAW Graphics Suite X4 - Capture
CorelDRAW Graphics Suite X4 - Content
CorelDRAW Graphics Suite X4 - Draw
CorelDRAW Graphics Suite X4 - Filters
CorelDRAW Graphics Suite X4 - FontNav
CorelDRAW Graphics SUite X4 - ICA
CorelDRAW Graphics Suite X4 - IPM
CorelDRAW Graphics Suite X4 - Lang EN
CorelDRAW Graphics Suite X4 - PP
CorelDRAW Graphics Suite X4 - VBA
CorelDRAW(R) Graphics Suite X4
CorelDRAW(R) Graphics Suite X4 -

Windows Shell Extension
D-Link PCI Fast Ethernet Adapter
Direct MP3 Joiner version 3.0.1.5
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DVD Decrypter (Remove Only)
DVDFab 7.0.8.2 (17/07/2010)
Google Earth
Google Update Helper
High Definition Audio Driver Package -

KB888111
HiJackThis
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Hotspot Shield 1.44
Hulu Video Downloader 3.34
IObit Security 360
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 20
JPGVideo 1.05.0.0
LSI PCI-SV92PP Soft Modem
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security

Update (KB979906)
Microsoft Office 97, Professional

Edition
Microsoft Silverlight
Microsoft Visual C++ 2008

Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.8)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Nero 7 Ultra Edition
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
Pando Media Booster
PeerBlock 1.0.0 (r181)
QuickTime
Realtek High Definition Audio Driver
Riva FLV Encoder 2.0
Security Update for Windows Internet

Explorer 8 (KB2183461)
Security Update for Windows Internet

Explorer 8 (KB971961)
Security Update for Windows Internet

Explorer 8 (KB974455)
Security Update for Windows Internet

Explorer 8 (KB976325)
Security Update for Windows Internet

Explorer 8 (KB978207)
Security Update for Windows Internet

Explorer 8 (KB981332)
Security Update for Windows Internet

Explorer 8 (KB982381)
Security Update for Windows Media

Player (KB952069)
Security Update for Windows Media

Player (KB954155)
Security Update for Windows Media

Player (KB968816)
Security Update for Windows Media

Player (KB973540)
Security Update for Windows Media

Player (KB978695)
Security Update for Windows Media

Player (KB979402)
Security Update for Windows XP

(KB2079403)
Security Update for Windows XP

(KB2115168)
Security Update for Windows XP

(KB2160329)
Security Update for Windows XP

(KB2229593)
Security Update for Windows XP

(KB2286198)
Security Update for Windows XP

(KB923561)
Security Update for Windows XP

(KB923789)
Security Update for Windows XP

(KB938464-v2)
Security Update for Windows XP

(KB941569)
Security Update for Windows XP

(KB946648)
Security Update for Windows XP

(KB950762)
Security Update for Windows XP

(KB950974)
Security Update for Windows XP

(KB951066)
Security Update for Windows XP

(KB951376-v2)
Security Update for Windows XP

(KB951748)
Security Update for Windows XP

(KB952004)
Security Update for Windows XP

(KB952954)
Security Update for Windows XP

(KB953155)
Security Update for Windows XP

(KB954459)
Security Update for Windows XP

(KB954600)
Security Update for Windows XP

(KB955069)
Security Update for Windows XP

(KB956572)
Security Update for Windows XP

(KB956744)
Security Update for Windows XP

(KB956802)
Security Update for Windows XP

(KB956803)
Security Update for Windows XP

(KB956844)
Security Update for Windows XP

(KB957097)
Security Update for Windows XP

(KB958644)
Security Update for Windows XP

(KB958687)
Security Update for Windows XP

(KB958869)
Security Update for Windows XP

(KB959426)
Security Update for Windows XP

(KB960225)
Security Update for Windows XP

(KB960803)
Security Update for Windows XP

(KB960859)
Security Update for Windows XP

(KB961371-v2)
Security Update for Windows XP

(KB961501)
Security Update for Windows XP

(KB968537)
Security Update for Windows XP

(KB969059)
Security Update for Windows XP

(KB969947)
Security Update for Windows XP

(KB970238)
Security Update for Windows XP

(KB970430)
Security Update for Windows XP

(KB970483)
Security Update for Windows XP

(KB971468)
Security Update for Windows XP

(KB971486)
Security Update for Windows XP

(KB971557)
Security Update for Windows XP

(KB971633)
Security Update for Windows XP

(KB971657)
Security Update for Windows XP

(KB971961)
Security Update for Windows XP

(KB972260)
Security Update for Windows XP

(KB972270)
Security Update for Windows XP

(KB973346)
Security Update for Windows XP

(KB973354)
Security Update for Windows XP

(KB973507)
Security Update for Windows XP

(KB973525)
Security Update for Windows XP

(KB973869)
Security Update for Windows XP

(KB973904)
Security Update for Windows XP

(KB974112)
Security Update for Windows XP

(KB974318)
Security Update for Windows XP

(KB974392)
Security Update for Windows XP

(KB974571)
Security Update for Windows XP

(KB975025)
Security Update for Windows XP

(KB975467)
Security Update for Windows XP

(KB975560)
Security Update for Windows XP

(KB975561)
Security Update for Windows XP

(KB975562)
Security Update for Windows XP

(KB975713)
Security Update for Windows XP

(KB977165)
Security Update for Windows XP

(KB977816)
Security Update for Windows XP

(KB977914)
Security Update for Windows XP

(KB978037)
Security Update for Windows XP

(KB978251)
Security Update for Windows XP

(KB978262)
Security Update for Windows XP

(KB978338)
Security Update for Windows XP

(KB978542)
Security Update for Windows XP

(KB978601)
Security Update for Windows XP

(KB978706)
Security Update for Windows XP

(KB979309)
Security Update for Windows XP

(KB979482)
Security Update for Windows XP

(KB979559)
Security Update for Windows XP

(KB979683)
Security Update for Windows XP

(KB980195)
Security Update for Windows XP

(KB980218)
Security Update for Windows XP

(KB980232)
Security Update for Windows XP

(KB980436)
Security Update for Windows XP

(KB981852)
Security Update for Windows XP

(KB981997)
Security Update for Windows XP

(KB982214)
Security Update for Windows XP

(KB982665)
SopCast 3.2.9
SpeedFan (remove only)
Spelling Dictionaries Support For

Adobe Reader 8
Spybot - Search & Destroy
System Requirements Lab
TipCam 2.2
Update for Windows Internet Explorer 8

(KB975364)
Update for Windows Internet Explorer 8

(KB976662)
Update for Windows Internet Explorer 8

(KB976749)
Update for Windows Internet Explorer 8

(KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.17
Ventrilo Client
Vidomi (remove only)
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core

- English
Visual C++ 2008 x86 Runtime -

(v9.0.30729)
Visual C++ 2008 x86 Runtime -

v9.0.30729.01
VLC media player 1.1.0
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Genuine Advantage Validation

Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past

Week ========

8/19/2010 10:14:25 AM, error: Print

[6161] - The document HP Pavilion

15.6" AMD Athlo... owned by Dad failed

to print on printer Canon MP160

Printer. Data type: NT EMF 1.008. Size

of the spool file in bytes: 1666936.

Number of bytes printed: 1166920.

Total number of pages in the document:

3. Number of pages printed: 0. Client

machine: \\00O3771T48CL0O0. Win32

error code returned by the print

processor: 13 (0xd).
8/17/2010 9:41:05 AM, error: Service

Control Manager [7006] - The

ScRegSetValueExW call failed for Start

with the following error: Access is

denied.
8/17/2010 5:33:44 PM, error: DCOM

[10005] - DCOM got error "%1058"

attempting to start the service

NMIndexingService with arguments " " in

order to run the server:

{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

==== End Of File

===========================

broni · 2010/08/24

Please, disable "word wrap" in Notepad, because your logs are hard to read.

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

snarky · 2010/08/25

Can't locate any viruses or malware...But...

Sorry about the word wrap.
I will "disable" Word Wrap as requested.

After running MBAM there is no option to "Show results "
Nor was there any option to see anything selected nor to check or uncheck anything.

Here is the results.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4475

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/25/2010 12:24:47 PM
mbam-log-2010-08-25 (12-24-47).txt

Scan type: Quick scan
Objects scanned: 168928
Time elapsed: 6 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I will now continue on with GMER and post those results next.

broni · 2010/08/25

Ok

snarky · 2010/08/25

Can't locate any viruses or malware...But...

Sorry lost internet for a period of time.

Here is GMER without wordwrap Please NOTE: I see now it only did C: by default and not also D:; if you want that one too, i can re-run GMER If requested.

Will post MBRCheck soon as I can (internet willing!)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-25 13:44:26
Windows 5.1.2600 Service Pack 3
Running: ub2vdhh0.exe; Driver: C:\DOCUME~1\Dad\LOCALS~1\Temp\kfqoapob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAD1A7CD2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAD1A7B8E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xAD1A8142]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAD1A806C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAD1A7764]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAD1A7C68]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAD1A76A4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAD1A7708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAD1A7D88]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xAD1A8210]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAD1A7D48]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAD1A7EC8]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xAD1B4B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xAD1B49C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xAD1B4AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP AD1B4AFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP AD1B49C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP AD1B05B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP AD1B1F6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP AD1B4BA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB62A63A0, 0x592C35, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1332] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1568] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[1568] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08733481-1DA5-8249-B352-3840E81A8915}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08733481-1DA5-8249-B352-3840E81A8915}@oalpdnijdjcncbahplidlfjdopifpd 0x64 0x61 0x6D 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08733481-1DA5-8249-B352-3840E81A8915}@oapodlbfpkdlkaahjiboamemlgfhkl 0x69 0x61 0x65 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08733481-1DA5-8249-B352-3840E81A8915}@najpbbillhobglblimjopeclkfib 0x6A 0x61 0x6D 0x6A ...

---- EOF - GMER 1.0.15 ----

snarky · 2010/08/25

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 125):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80A8000 isapnp.sys
0xB80B8000 ohci1394.sys
0xB80C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80D8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB85AC000 dmload.sys
0xB7F23000 dmio.sys
0xB8330000 PartMgr.sys
0xB80E8000 VolSnap.sys
0xB7F0B000 atapi.sys
0xB7EE0000 nvgts.sys
0xB7EC8000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xB80F8000 disk.sys
0xB8108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7EA8000 fltmgr.sys
0xB7E96000 sr.sys
0xB8118000 Lbd.sys
0xB8128000 PxHelp20.sys
0xB7E7F000 KSecDD.sys
0xB7DF2000 Ntfs.sys
0xB7DC5000 NDIS.sys
0xB85AE000 speedfan.sys
0xB7DAB000 Mup.sys
0xB8671000 giveio.sys
0xB8188000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB8228000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB5F81000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB5F6D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8420000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB8238000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB8428000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8430000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB5F49000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8438000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8248000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8258000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8268000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB5F26000 \SystemRoot\system32\DRIVERS\ks.sys
0xB5E09000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xB85E2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB8440000 \SystemRoot\System32\Drivers\Modem.SYS
0xB8278000 \SystemRoot\system32\DRIVERS\dlkfet5b.sys
0xB5DE1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8288000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB873E000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB8298000 \SystemRoot\system32\DRIVERS\HssDrv.sys
0xB82A8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB856C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB5DCA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB82B8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB82C8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8448000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB5DB9000 \SystemRoot\system32\DRIVERS\psched.sys
0xB82D8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8450000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB8458000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8460000 \SystemRoot\system32\DRIVERS\taphss.sys
0xB82E8000 \SystemRoot\System32\Drivers\pcouffin.sys
0xB5D61000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB6A1D000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8468000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85E4000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB5D03000 \SystemRoot\system32\DRIVERS\update.sys
0xB8584000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB5CA1000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xB5C5B000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xB69ED000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB7743000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB1148000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB1124000 \SystemRoot\system32\drivers\portcls.sys
0xB82F8000 \SystemRoot\system32\drivers\drmk.sys
0xB85F4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB8751000 \SystemRoot\System32\Drivers\Null.SYS
0xB860A000 \SystemRoot\System32\Drivers\Beep.SYS
0xB83C8000 \SystemRoot\System32\drivers\vga.sys
0xB85E8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB85E6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8410000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB8400000 \SystemRoot\System32\Drivers\Npfs.SYS
0xAEEF1000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAD65B000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAD602000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB257A000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAD5DC000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAD5B4000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB259A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAD592000 \SystemRoot\System32\drivers\afd.sys
0xB7793000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAD567000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAD4F7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB25AA000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB69DD000 \SystemRoot\System32\Drivers\Fips.SYS
0xB10C3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB81A8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB021C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xAF7C1000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xABAC0000 \SystemRoot\System32\Drivers\aswSP.SYS
0xACCBF000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xAC2B9000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAF77D000 \SystemRoot\System32\drivers\Dxapi.sys
0xAC67F000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB87A8000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xAF1BE000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xB5C4B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAB881000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xAB77C000 \SystemRoot\system32\drivers\wdmaud.sys
0xB8218000 \SystemRoot\system32\drivers\sysaudio.sys
0xAB5E7000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAB400000 \SystemRoot\system32\DRIVERS\srv.sys
0xAB0C7000 \SystemRoot\System32\Drivers\HTTP.sys
0xB83B0000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA66E2000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 28):
0 System Idle Process
4 System
1392 C:\WINDOWS\system32\smss.exe
1496 csrss.exe
1520 C:\WINDOWS\system32\winlogon.exe
1564 C:\WINDOWS\system32\services.exe
1576 C:\WINDOWS\system32\lsass.exe
1760 C:\WINDOWS\system32\svchost.exe
1808 svchost.exe
2004 C:\WINDOWS\system32\svchost.exe
336 svchost.exe
476 svchost.exe
704 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1088 C:\WINDOWS\system32\spoolsv.exe
1332 svchost.exe
1476 C:\WINDOWS\explorer.exe
1992 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2028 C:\Program Files\Common Files\Java\Java Update\jusched.exe
272 C:\WINDOWS\system32\inetsrv\inetinfo.exe
360 C:\Program Files\Java\jre6\bin\jqs.exe
984 C:\WINDOWS\system32\svchost.exe
1260 wdfmgr.exe
2860 alg.exe
2512 C:\WINDOWS\system32\svchost.exe
916 C:\Program Files\Mozilla Firefox\firefox.exe
4032 C:\WINDOWS\RTHDCPL.exe
2856 C:\Program Files\Java\jre6\bin\java.exe
3484 C:\Documents and Settings\Dad\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`007e0000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001d`4c128400 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500JS-40MVB1, Rev: 10.02E01

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

broni · 2010/08/25

You did fine

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

snarky · 2010/08/25

Can't locate any viruses or malware...But...

I've been noticing several references to ZoneAlarm and I uninstalled this likely months ago. I wonder if the remnants of it is causing any issues.

At any rate,
Here is Combofix;

ComboFix 10-08-24.0C - Dad 08/25/2010 18:25:45.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1461 [GMT -3:00]
Running from: c:\documents and settings\Dad\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dad\Application Data\EurekaLog
c:\documents and settings\Dad\Application Data\inst.exe
c:\documents and settings\Dad\Recent\Thumbs.db
c:\windows\system32\Cache

.
((((((((((((((((((((((((( Files Created from 2010-07-25 to 2010-08-25 )))))))))))))))))))))))))))))))
.

2010-08-25 20:24 . 2010-08-25 20:24 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-25 15:17 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-25 15:17 . 2010-08-25 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-25 15:17 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-25 00:31 . 2010-08-25 00:31 -------- d-----w- c:\windows\Sun
2010-08-25 00:24 . 2010-08-25 00:24 503808 ----a-w- c:\documents and settings\Dad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-74011fd5-n\msvcp71.dll
2010-08-25 00:24 . 2010-08-25 00:24 499712 ----a-w- c:\documents and settings\Dad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-74011fd5-n\jmc.dll
2010-08-25 00:24 . 2010-08-25 00:24 348160 ----a-w- c:\documents and settings\Dad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-74011fd5-n\msvcr71.dll
2010-08-25 00:24 . 2010-08-25 00:24 -------- d-----w- c:\program files\Common Files\Java
2010-08-25 00:24 . 2010-08-25 00:24 61440 ----a-w- c:\documents and settings\Dad\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-535fa4c7-n\decora-sse.dll
2010-08-25 00:24 . 2010-08-25 00:24 12800 ----a-w- c:\documents and settings\Dad\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-535fa4c7-n\decora-d3d.dll
2010-08-25 00:23 . 2010-08-25 00:23 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-25 00:23 . 2010-08-25 00:23 -------- d-----w- c:\program files\Java
2010-08-24 23:53 . 2010-08-24 23:53 388096 ----a-r- c:\documents and settings\Dad\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-24 23:53 . 2010-08-24 23:53 -------- d-----w- c:\program files\Trend Micro
2010-08-23 20:27 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2010-08-23 20:27 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2010-08-23 20:27 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
2010-08-23 20:27 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll
2010-08-23 20:27 . 1998-08-17 09:21 10240 ----a-w- c:\windows\system32\vidx16.dll
2010-08-23 20:27 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv
2010-08-23 20:27 . 2010-08-23 20:27 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-08-23 20:27 . 2010-08-23 20:27 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-08-23 20:25 . 2010-08-23 20:28 -------- d-----w- c:\program files\Changes
2010-08-20 04:22 . 2010-08-20 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-20 04:22 . 2010-08-20 04:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-17 15:28 . 2010-08-17 15:28 -------- d-----w- c:\documents and settings\Someone\Application Data\Ahead
2010-08-17 15:26 . 2010-08-17 15:26 -------- d-----w- c:\documents and settings\Someone\Application Data\dvdcss
2010-08-17 12:51 . 2010-08-17 12:52 -------- d-----w- c:\documents and settings\Someone\Application Data\vlc
2010-08-17 12:44 . 2010-08-17 12:44 -------- d-----w- c:\documents and settings\Someone\Application Data\DivX
2010-08-17 12:43 . 2010-08-17 12:43 -------- d-----w- c:\documents and settings\Someone\Application Data\NVIDIA
2010-08-17 12:31 . 2010-08-17 22:20 -------- d-----w- c:\documents and settings\Someone\Local Settings\Application Data\WMTools Downloaded Files
2010-08-12 11:47 . 2010-08-12 11:47 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 23:19 . 2010-07-25 21:05 -------- d-----w- c:\program files\uTIPu
2010-08-24 23:14 . 2010-03-21 12:46 -------- d-----w- c:\program files\PeerBlock
2010-08-24 23:14 . 2010-03-04 16:07 -------- d-----w- c:\documents and settings\Dad\Application Data\uTorrent
2010-08-23 20:25 . 2009-11-04 17:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-21 18:14 . 2010-07-18 18:22 -------- d-----w- c:\documents and settings\Dad\Application Data\vlc
2010-08-17 12:32 . 2010-04-19 18:39 -------- d-----w- c:\program files\SpeedFan
2010-08-06 15:12 . 2010-01-04 15:42 -------- d-----w- c:\documents and settings\Dad\Application Data\dvdcss
2010-07-23 20:42 . 2010-07-23 20:42 -------- d-----w- c:\documents and settings\Dad\Application Data\Vso
2010-07-23 20:42 . 2010-07-23 20:42 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-07-23 20:42 . 2010-07-23 20:42 47360 ----a-w- c:\documents and settings\Dad\Application Data\pcouffin.sys
2010-07-23 20:42 . 2010-07-23 20:42 47360 ----a-w- c:\documents and settings\Dad\Application Data\pcouffin.sys
2010-07-23 20:42 . 2010-07-23 20:42 -------- d-----w- c:\documents and settings\Dad\Application Data\NVIDIA
2010-07-23 20:41 . 2010-07-23 20:41 -------- d-----w- c:\program files\DVDFab 7
2010-07-23 20:29 . 2010-07-23 19:40 -------- d-----w- c:\program files\soft Xpansion
2010-07-23 19:54 . 2010-07-23 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\soft Xpansion
2010-07-23 19:40 . 2009-11-04 17:44 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-23 13:20 . 2010-07-23 13:19 -------- d-----w- c:\program files\Vidomi
2010-07-23 13:10 . 2010-07-23 13:10 -------- d-----w- c:\program files\DVD Decrypter
2010-07-19 21:52 . 2009-11-19 22:01 -------- d-----w- c:\program files\Any Video Converter
2010-07-19 21:52 . 2010-07-19 21:52 -------- d-----w- c:\documents and settings\Dad\Application Data\AnvSoft
2010-07-12 21:35 . 2009-11-04 20:07 -------- d-----w- c:\documents and settings\Dad\Application Data\DivX
2010-07-11 13:43 . 2010-07-11 13:43 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-11 13:21 . 2010-07-11 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-11 13:21 . 2009-11-19 22:11 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-11 13:21 . 2009-11-04 17:40 -------- d-----w- c:\program files\DivX
2010-07-11 13:21 . 2010-07-11 13:21 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-07-11 13:21 . 2010-07-11 13:21 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-11 13:21 . 2010-07-11 13:21 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-11 13:21 . 2010-07-11 13:21 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-07-11 13:21 . 2010-07-11 13:21 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-07-11 13:16 . 2010-07-11 13:21 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-11 13:16 . 2010-07-11 13:21 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-11 12:54 . 2010-07-11 12:54 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-07-11 12:54 . 2010-07-11 12:54 -------- d-----w- c:\program files\Riva
2010-07-01 00:03 . 2010-07-01 00:03 -------- d-----w- c:\program files\SystemRequirementsLab
2010-06-30 23:52 . 2010-06-30 23:52 -------- d-----w- c:\program files\LSI SoftModem
2010-06-30 23:50 . 2009-11-04 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-30 17:27 . 2010-06-30 17:26 -------- d-----w- c:\program files\QuickTime
2010-06-30 17:26 . 2010-06-30 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-30 12:31 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-29 23:38 . 2010-06-29 23:36 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-29 23:37 . 2009-11-04 17:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-29 23:37 . 2009-11-04 17:36 -------- d-----w- c:\program files\AGEIA Technologies
2010-06-29 23:37 . 2010-06-29 23:37 217180 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-06-29 23:37 . 2010-06-29 23:37 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-06-29 23:37 . 2010-06-29 23:37 217180 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-06-28 20:57 . 2010-06-29 14:12 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2009-11-04 20:46 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-11-04 20:46 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-11-04 20:46 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-11-04 20:46 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-11-04 20:46 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2009-11-04 20:46 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2009-11-04 20:46 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2009-11-04 20:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-27 02:10 . 2010-06-27 02:10 -------- d-----w- c:\program files\SopCast
2010-06-24 12:22 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 21:44 . 2009-11-04 20:43 25072 ----a-w- c:\documents and settings\Dad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-23 13:44 . 2004-08-04 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-11-04 17:18 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-09 23:01 . 2009-11-04 17:41 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-06-09 23:01 . 2009-11-04 17:41 133616 ------w- c:\windows\system32\pxafs.dll
2010-06-09 23:01 . 2009-11-04 17:41 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01 . 2009-11-04 17:41 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-06-07 23:57 . 2010-06-29 23:36 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-06-07 23:57 . 2010-06-29 23:36 15192064 ----a-w- c:\windows\system32\nvoglnt.dll
2010-06-07 23:57 . 2010-06-29 23:36 4554752 ----a-w- c:\windows\system32\nvcuda.dll
2010-06-07 23:57 . 2010-06-29 23:36 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-06-07 23:57 . 2010-06-29 23:36 232040 ----a-w- c:\windows\system32\nvcodins.dll
2010-06-07 23:57 . 2010-06-29 23:36 232040 ----a-w- c:\windows\system32\nvcod.dll
2010-06-07 23:57 . 2010-06-29 23:36 2186342 ----a-w- c:\windows\system32\nvdata.bin
2010-06-07 23:57 . 2010-06-29 23:36 2165352 ----a-w- c:\windows\system32\nvcuvid.dll
2010-06-07 23:57 . 2010-06-29 23:36 1359872 ----a-w- c:\windows\system32\nvapi.dll
2010-06-07 23:57 . 2010-06-29 23:36 10256384 ----a-w- c:\windows\system32\nvcompiler.dll
2010-06-07 23:57 . 2009-09-27 20:12 6300544 ----a-w- c:\windows\system32\nv4_disp.dll
2010-06-07 23:57 . 2009-09-27 20:12 10531200 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-06-07 20:34 . 2010-06-07 20:34 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-06-07 20:34 . 2010-06-07 20:34 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-06-07 20:34 . 2010-06-07 20:34 13902440 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-07 20:34 . 2010-06-07 20:34 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-07 20:34 . 2010-06-07 20:34 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2010-06-07 20:34 . 2010-06-07 20:34 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-05-28 15:58 . 2009-11-04 17:43 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5 "= "c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Dad\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-08-10 18:10 2349776 ----a-w- c:\program files\IObit\Advanced SystemCare 3a\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 02:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 23:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Security 360]
2009-10-26 20:37 1242384 ----a-w- c:\program files\IObit\IObit Security 360\is360tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 19:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-06-07 20:34 13902440 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-06-07 20:34 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2009-11-20 04:51 2923192 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 00:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-01-31 02:54 16116224 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-17 02:04 2879488 ------r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 14:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"IS360service "=2 (0x2)
"NMIndexingService "=3 (0x3)
"NBService "=3 (0x3)
"HssTrayService "=3 (0x3)
"HssSrv "=2 (0x2)
"HotspotShieldService "=2 (0x2)
"nvsvc "=2 (0x2)
"gupdate "=3 (0x3)
"Adobe LM Service "=3 (0x3)
"PSI_SVC_2 "=2 (0x2)
"vsmon "=2 (0x2)
"avast! Mail Scanner "=3 (0x3)
"Lavasoft Ad-Aware Service "=2 (0x2)
"HssWd "=2 (0x2)
"AgereModemAudio "=2 (0x2)
"TipCtrl "=3 (0x3)
"JavaQuickStarterService "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe "=
"d:\\World of Warcraft\\Launcher.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"d:\\World of Warcraft\\BackgroundDownloader.exe "=
"d:\\World of Warcraft\\WoW-3.3.2.11403-to-3.3.3.11685-enUS-downloader.exe "=
"c:\\Program Files\\SopCast\\SopCast.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58771:TCP "= 58771:TCPando Media Booster
"58771:UDP "= 58771:UDPando Media Booster
"16881:TCP "= 16881:TCP:bittcommett
"3724:TCP "= 3724:TCP:Blizzard Downloader: 3724

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/9/2010 8:28 AM 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/4/2009 5:46 PM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/4/2009 5:46 PM 17744]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [3/21/2010 9:46 AM 14424]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 11:30 AM 135664]
S4 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
S4 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [11/4/2009 6:15 PM 312592]
S4 TipCtrl;TipCtrl;c:\program files\uTIPu\TipCtrl.exe [2/3/2009 4:15 PM 314504]
.
Contents of the 'Scheduled Tasks' folder

2010-08-25 c:\windows\Tasks\avast! Turn on Avast!.job
- c:\progra~1\ALWILS~1\Avast5\AvastUI.exe [2010-02-15 20:57]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 14:30]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 14:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.hotspotshield.com/g/?c=h
FF - ProfilePath - c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\3sev0dtk.default\
FF - prefs.js: browser.startup.homepage - hxxp://yourirish.com/|http://www.shee-eire.com/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-25 18:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1409082233-1417001333-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08733481-1DA5-8249-B352-3840E81A8915}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oalpdnijdjcncbahplidlfjdopifpd "=hex:64,61,6d,6a,6e,63,65,70,00,85
"oapodlbfpkdlkaahjiboamemlgfhkl "=hex:69,61,65,6a,68,6b,6b,68,6e,66,70,6c,70,63,
68,61,6e,6b,00,00
"najpbbillhobglblimjopeclkfib "=hex:6a,61,6d,6a,69,65,61,61,62,6c,66,6d,6d,6b,
68,6c,64,61,6d,65,00,0f
.
Completion time: 2010-08-25 18:30:36
ComboFix-quarantined-files.txt 2010-08-25 21:30

Pre-Run: 34,858,508,288 bytes free
Post-Run: 35,207,954,432 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
d:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - D0B1E991249687E8C04AB1C25565B30B

broni · 2010/08/25

We'll get ZA leftovers manually.
Make sure, Windows firewall is ON.

Are you still using IObit Security 360?

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\Alcmtr.exe


RegNull::
[HKEY_USERS\S-1-5-21-1409082233-1417001333-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08733481-1DA5-8249-B352-3840E81A8915}*]

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

SecCenter::
{829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FileLook::
c:\windows\system32\LMRTREND.dll
c:\windows\system32\dxtmsft3.dll
c:\windows\system32\unam4ie.exe
c:\windows\system32\qcut.dll
c:\windows\system32\vidx16.dll
c:\windows\system32\mciqtz.drv
c:\windows\system32\w95inf32.dll
c:\windows\system32\w95inf16.dll
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

snarky · 2010/08/25

Can't locate any viruses or malware...But...

Oh yeah, I am not using IOBIT 360 any more either, no.

Any need of running ZoneAlarm again if I am using a router & Windows Firewall? I used to love Zone alarm, but lately it's been bugging me.
Thanks

Here is the generated Combofix "log.txt ".

ComboFix 10-08-24.0C - Dad 08/25/2010 18:52:14.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1509 [GMT -3:00]
Running from: c:\documents and settings\Dad\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dad\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\Alcmtr.exe "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Alcmtr.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-25 to 2010-08-25 )))))))))))))))))))))))))))))))
.

2010-08-25 20:24 . 2010-08-25 20:24 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-25 15:17 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-25 15:17 . 2010-08-25 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-25 15:17 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-25 00:31 . 2010-08-25 00:31 -------- d-----w- c:\windows\Sun
2010-08-25 00:24 . 2010-08-25 00:24 503808 ----a-w- c:\documents and settings\Dad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-74011fd5-n\msvcp71.dll
2010-08-25 00:24 . 2010-08-25 00:24 499712 ----a-w- c:\documents and settings\Dad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-74011fd5-n\jmc.dll
2010-08-25 00:24 . 2010-08-25 00:24 348160 ----a-w- c:\documents and settings\Dad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-74011fd5-n\msvcr71.dll
2010-08-25 00:24 . 2010-08-25 00:24 -------- d-----w- c:\program files\Common Files\Java
2010-08-25 00:24 . 2010-08-25 00:24 61440 ----a-w- c:\documents and settings\Dad\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-535fa4c7-n\decora-sse.dll
2010-08-25 00:24 . 2010-08-25 00:24 12800 ----a-w- c:\documents and settings\Dad\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-535fa4c7-n\decora-d3d.dll
2010-08-25 00:23 . 2010-08-25 00:23 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-25 00:23 . 2010-08-25 00:23 -------- d-----w- c:\program files\Java
2010-08-24 23:53 . 2010-08-24 23:53 388096 ----a-r- c:\documents and settings\Dad\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-24 23:53 . 2010-08-24 23:53 -------- d-----w- c:\program files\Trend Micro
2010-08-23 20:27 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2010-08-23 20:27 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2010-08-23 20:27 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
2010-08-23 20:27 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll
2010-08-23 20:27 . 1998-08-17 09:21 10240 ----a-w- c:\windows\system32\vidx16.dll
2010-08-23 20:27 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv
2010-08-23 20:27 . 2010-08-23 20:27 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-08-23 20:27 . 2010-08-23 20:27 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-08-23 20:25 . 2010-08-23 20:28 -------- d-----w- c:\program files\Changes
2010-08-20 04:22 . 2010-08-20 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-20 04:22 . 2010-08-20 04:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-17 15:28 . 2010-08-17 15:28 -------- d-----w- c:\documents and settings\Someone\Application Data\Ahead
2010-08-17 15:26 . 2010-08-17 15:26 -------- d-----w- c:\documents and settings\Someone\Application Data\dvdcss
2010-08-17 12:51 . 2010-08-17 12:52 -------- d-----w- c:\documents and settings\Someone\Application Data\vlc
2010-08-17 12:44 . 2010-08-17 12:44 -------- d-----w- c:\documents and settings\Someone\Application Data\DivX
2010-08-17 12:43 . 2010-08-17 12:43 -------- d-----w- c:\documents and settings\Someone\Application Data\NVIDIA
2010-08-17 12:31 . 2010-08-17 22:20 -------- d-----w- c:\documents and settings\Someone\Local Settings\Application Data\WMTools Downloaded Files
2010-08-12 11:47 . 2010-08-12 11:47 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 23:19 . 2010-07-25 21:05 -------- d-----w- c:\program files\uTIPu
2010-08-24 23:14 . 2010-03-21 12:46 -------- d-----w- c:\program files\PeerBlock
2010-08-24 23:14 . 2010-03-04 16:07 -------- d-----w- c:\documents and settings\Dad\Application Data\uTorrent
2010-08-23 20:25 . 2009-11-04 17:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-21 18:14 . 2010-07-18 18:22 -------- d-----w- c:\documents and settings\Dad\Application Data\vlc
2010-08-17 12:32 . 2010-04-19 18:39 -------- d-----w- c:\program files\SpeedFan
2010-08-06 15:12 . 2010-01-04 15:42 -------- d-----w- c:\documents and settings\Dad\Application Data\dvdcss
2010-07-23 20:42 . 2010-07-23 20:42 -------- d-----w- c:\documents and settings\Dad\Application Data\Vso
2010-07-23 20:42 . 2010-07-23 20:42 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-07-23 20:42 . 2010-07-23 20:42 47360 ----a-w- c:\documents and settings\Dad\Application Data\pcouffin.sys
2010-07-23 20:42 . 2010-07-23 20:42 47360 ----a-w- c:\documents and settings\Dad\Application Data\pcouffin.sys
2010-07-23 20:42 . 2010-07-23 20:42 -------- d-----w- c:\documents and settings\Dad\Application Data\NVIDIA
2010-07-23 20:41 . 2010-07-23 20:41 -------- d-----w- c:\program files\DVDFab 7
2010-07-23 20:29 . 2010-07-23 19:40 -------- d-----w- c:\program files\soft Xpansion
2010-07-23 19:54 . 2010-07-23 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\soft Xpansion
2010-07-23 19:40 . 2009-11-04 17:44 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-23 13:20 . 2010-07-23 13:19 -------- d-----w- c:\program files\Vidomi
2010-07-23 13:10 . 2010-07-23 13:10 -------- d-----w- c:\program files\DVD Decrypter
2010-07-19 21:52 . 2009-11-19 22:01 -------- d-----w- c:\program files\Any Video Converter
2010-07-19 21:52 . 2010-07-19 21:52 -------- d-----w- c:\documents and settings\Dad\Application Data\AnvSoft
2010-07-12 21:35 . 2009-11-04 20:07 -------- d-----w- c:\documents and settings\Dad\Application Data\DivX
2010-07-11 13:43 . 2010-07-11 13:43 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-11 13:21 . 2010-07-11 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-11 13:21 . 2009-11-19 22:11 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-11 13:21 . 2009-11-04 17:40 -------- d-----w- c:\program files\DivX
2010-07-11 13:21 . 2010-07-11 13:21 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-07-11 13:21 . 2010-07-11 13:21 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-11 13:21 . 2010-07-11 13:21 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-11 13:21 . 2010-07-11 13:21 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-07-11 13:21 . 2010-07-11 13:21 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-07-11 13:16 . 2010-07-11 13:21 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-11 13:16 . 2010-07-11 13:21 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-11 12:54 . 2010-07-11 12:54 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-07-11 12:54 . 2010-07-11 12:54 -------- d-----w- c:\program files\Riva
2010-07-01 00:03 . 2010-07-01 00:03 -------- d-----w- c:\program files\SystemRequirementsLab
2010-06-30 23:52 . 2010-06-30 23:52 -------- d-----w- c:\program files\LSI SoftModem
2010-06-30 23:50 . 2009-11-04 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-30 17:27 . 2010-06-30 17:26 -------- d-----w- c:\program files\QuickTime
2010-06-30 17:26 . 2010-06-30 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-30 12:31 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-29 23:38 . 2010-06-29 23:36 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-29 23:37 . 2009-11-04 17:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-29 23:37 . 2009-11-04 17:36 -------- d-----w- c:\program files\AGEIA Technologies
2010-06-29 23:37 . 2010-06-29 23:37 217180 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-06-29 23:37 . 2010-06-29 23:37 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-06-29 23:37 . 2010-06-29 23:37 217180 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-06-28 20:57 . 2010-06-29 14:12 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2009-11-04 20:46 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-11-04 20:46 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-11-04 20:46 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-11-04 20:46 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-11-04 20:46 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2009-11-04 20:46 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2009-11-04 20:46 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2009-11-04 20:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-27 02:10 . 2010-06-27 02:10 -------- d-----w- c:\program files\SopCast
2010-06-24 12:22 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 21:44 . 2009-11-04 20:43 25072 ----a-w- c:\documents and settings\Dad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-23 13:44 . 2004-08-04 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-11-04 17:18 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-09 23:01 . 2009-11-04 17:41 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-06-09 23:01 . 2009-11-04 17:41 133616 ------w- c:\windows\system32\pxafs.dll
2010-06-09 23:01 . 2009-11-04 17:41 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01 . 2009-11-04 17:41 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-06-07 23:57 . 2010-06-29 23:36 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-06-07 23:57 . 2010-06-29 23:36 15192064 ----a-w- c:\windows\system32\nvoglnt.dll
2010-06-07 23:57 . 2010-06-29 23:36 4554752 ----a-w- c:\windows\system32\nvcuda.dll
2010-06-07 23:57 . 2010-06-29 23:36 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-06-07 23:57 . 2010-06-29 23:36 232040 ----a-w- c:\windows\system32\nvcodins.dll
2010-06-07 23:57 . 2010-06-29 23:36 232040 ----a-w- c:\windows\system32\nvcod.dll
2010-06-07 23:57 . 2010-06-29 23:36 2186342 ----a-w- c:\windows\system32\nvdata.bin
2010-06-07 23:57 . 2010-06-29 23:36 2165352 ----a-w- c:\windows\system32\nvcuvid.dll
2010-06-07 23:57 . 2010-06-29 23:36 1359872 ----a-w- c:\windows\system32\nvapi.dll
2010-06-07 23:57 . 2010-06-29 23:36 10256384 ----a-w- c:\windows\system32\nvcompiler.dll
2010-06-07 23:57 . 2009-09-27 20:12 6300544 ----a-w- c:\windows\system32\nv4_disp.dll
2010-06-07 23:57 . 2009-09-27 20:12 10531200 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-06-07 20:34 . 2010-06-07 20:34 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-06-07 20:34 . 2010-06-07 20:34 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-06-07 20:34 . 2010-06-07 20:34 13902440 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-07 20:34 . 2010-06-07 20:34 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-07 20:34 . 2010-06-07 20:34 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2010-06-07 20:34 . 2010-06-07 20:34 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-05-28 15:58 . 2009-11-04 17:43 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\dxtmsft3.dll ---
Company: Microsoft Corporation
File Description: DXTMsft Module
File Version: 6.00.02.0827
Product Name: Microsoft® Windows(TM) Operating System
Copyright: Copyright (C) Microsoft Corp. 1981-1998
Original Filename: DXTMsft
File size: 182032
Created time: 2010-08-23 20:27
Modified time: 1998-08-27 04:51
MD5: B69471289A2C07F7497BD941559E9C42
SHA1: 14BF5DA4357A9C31DE9B268898CA5D9E538E95E5

--- c:\windows\system32\LMRTREND.dll ---
Company: Microsoft Corporation
File Description: Liquid Motion Renderer Filter
File Version: 6.00.04.0827
Product Name: Microsoft® Windows(TM) Operating System
Copyright: Copyright © Microsoft Corp. 1998-1998
Original Filename: LMRTREND.DLL
File size: 38160
Created time: 2010-08-23 20:27
Modified time: 1998-09-02 08:28
MD5: DB7AE9635A7968A5FBF0C5CB2A67FF97
SHA1: B557A2E4C8EB0B350633F9975307961D63B245CD

--- c:\windows\system32\mciqtz.drv ---
Company: Microsoft Corporation
File Description: ActiveMovie MCI Driver
File Version: 4.00.96.0729
Product Name: ActiveMovie
Copyright: Copyright (C) 1992-1996 Microsoft Corp.
Original Filename: mciqtz.drv
File size: 11776
Created time: 2010-08-23 20:27
Modified time: 1998-08-17 09:21
MD5: B5D7471E38ED6D03145D5E6DCB368715
SHA1: FB10EEC2EB24B3ECB7C0F1C3E83D08C28982941E

--- c:\windows\system32\qcut.dll ---
Company: Microsoft Corporation
File Description: DirectShow Runtime.
File Version: 6.00.02.0902
Product Name: DirectShow
Copyright: Copyright (C) 1992-1998 Microsoft Corp.
Original Filename: QCut.dll
File size: 194320
Created time: 2010-08-23 20:27
Modified time: 1998-09-02 08:02
MD5: 8BFD9305913198FC50EF5282C337498F
SHA1: DEB635D09D191F601F8AAB44E725A55B2082A438

--- c:\windows\system32\unam4ie.exe ---
Company: Microsoft Corporation
File Description: DirectShow uninstall.
File Version: 6.00.02.0902
Product Name: DirectShow
Copyright: Copyright (C) 1992-1998 Microsoft Corp.
Original Filename: unam4ie.exe
File size: 63488
Created time: 2010-08-23 20:27
Modified time: 1998-09-02 08:28
MD5: 92F8115DDC7136ECCD7BDDBC492F9861
SHA1: 0E4BA60CBCFDA5099E78B6A101BAC0876246FA81

--- c:\windows\system32\vidx16.dll ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 10240
Created time: 2010-08-23 20:27
Modified time: 1998-08-17 09:21
MD5: 550BA20DF6C08E628CA9ABD0F6E917B8
SHA1: F08997DB0ADE4D7BC1E621E27F19A90B037EEDBD

--- c:\windows\system32\w95inf16.dll ---
Company: Microsoft Corporation
File Description: WExtract 16bit Library
File Version: 4.71.704.0
Product Name: Microsoft® Plus! for Windows® 95
Copyright: Copyright © Microsoft Corp. 1994-1995
Original Filename: W95INF16.DLL
File size: 2272
Created time: 2010-08-23 20:27
Modified time: 2010-08-23 20:27
MD5: 7210D5407A2D2F52E851604666403024
SHA1: 242FDE2A7C6A3EFF245F06813A2E1BDCAA9F16D9

--- c:\windows\system32\w95inf32.dll ---
Company: Microsoft Corporation
File Description: W95INF32
File Version: 4.71.0016.0
Product Name: Microsoft® Plus! for Windows® 95
Copyright: Copyright © Microsoft Corp. 1994-1995
Original Filename: W95INF32.DLL
File size: 4608
Created time: 2010-08-23 20:27
Modified time: 2010-08-23 20:27
MD5: 4BE7661C89897EAA9B28DAE290C3922F
SHA1: 4C9D25195093FEA7C139167F0C5A40E13F3000F2

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5 "= "c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Dad\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-08-10 18:10 2349776 ----a-w- c:\program files\IObit\Advanced SystemCare 3a\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 23:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Security 360]
2009-10-26 20:37 1242384 ----a-w- c:\program files\IObit\IObit Security 360\is360tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 19:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-06-07 20:34 13902440 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-06-07 20:34 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2009-11-20 04:51 2923192 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 00:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-01-31 02:54 16116224 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-17 02:04 2879488 ------r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 14:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"IS360service "=2 (0x2)
"NMIndexingService "=3 (0x3)
"NBService "=3 (0x3)
"HssTrayService "=3 (0x3)
"HssSrv "=2 (0x2)
"HotspotShieldService "=2 (0x2)
"nvsvc "=2 (0x2)
"gupdate "=3 (0x3)
"Adobe LM Service "=3 (0x3)
"PSI_SVC_2 "=2 (0x2)
"vsmon "=2 (0x2)
"avast! Mail Scanner "=3 (0x3)
"Lavasoft Ad-Aware Service "=2 (0x2)
"HssWd "=2 (0x2)
"AgereModemAudio "=2 (0x2)
"TipCtrl "=3 (0x3)
"JavaQuickStarterService "=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe "=
"d:\\World of Warcraft\\Launcher.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"d:\\World of Warcraft\\BackgroundDownloader.exe "=
"d:\\World of Warcraft\\WoW-3.3.2.11403-to-3.3.3.11685-enUS-downloader.exe "=
"c:\\Program Files\\SopCast\\SopCast.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58771:TCP "= 58771:TCPando Media Booster
"58771:UDP "= 58771:UDPando Media Booster
"16881:TCP "= 16881:TCP:bittcommett
"3724:TCP "= 3724:TCP:Blizzard Downloader: 3724

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/9/2010 8:28 AM 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/4/2009 5:46 PM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/4/2009 5:46 PM 17744]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [3/21/2010 9:46 AM 14424]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 11:30 AM 135664]
S4 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
S4 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [11/4/2009 6:15 PM 312592]
S4 TipCtrl;TipCtrl;c:\program files\uTIPu\TipCtrl.exe [2/3/2009 4:15 PM 314504]
.
Contents of the 'Scheduled Tasks' folder

2010-08-25 c:\windows\Tasks\avast! Turn on Avast!.job
- c:\progra~1\ALWILS~1\Avast5\AvastUI.exe [2010-02-15 20:57]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 14:30]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 14:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.hotspotshield.com/g/?c=h
FF - ProfilePath - c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\3sev0dtk.default\
FF - prefs.js: browser.startup.homepage - hxxp://yourirish.com/|http://www.shee-eire.com/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-25 18:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-08-25 18:55:23
ComboFix-quarantined-files.txt 2010-08-25 21:55
ComboFix2.txt 2010-08-25 21:30

Pre-Run: 35,227,742,208 bytes free
Post-Run: 35,204,898,816 bytes free

- - End Of File - - EB8C34EC4DBB5074BB0285AA8EECF5C7

broni · 2010/08/25

Looks good

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

snarky · 2010/08/25

Can't locate any viruses or malware...But...

Extras

OTL Extras logfile created on: 8/25/2010 7:31:19 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Dad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 117.18 Gb Total Space | 32.79 Gb Free Space | 27.98% Space Free | Partition Type: NTFS
Drive D: | 115.69 Gb Total Space | 38.02 Gb Free Space | 32.86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 00O3771T48CL0O0
Current User Name: Dad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"58771:TCP" = 58771:TCP:*:Enabledando Media Booster
"58771:UDP" = 58771:UDP:*:Enabledando Media Booster
"16881:TCP" = 16881:TCP:*:Enabled:bittcommett
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabledando Media Booster -- ()
"D:\World of Warcraft\Launcher.exe" = D:\World of Warcraft\Launcher.exe:*:Enabled:Launcher -- (Blizzard Entertainment)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\World of Warcraft\BackgroundDownloader.exe" = D:\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\World of Warcraft\WoW-3.3.2.11403-to-3.3.3.11685-enUS-downloader.exe" = D:\World of Warcraft\WoW-3.3.2.11403-to-3.3.3.11685-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*isabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{707E0F9E-9FEC-404E-B440-4C9FAE307BDF}" = Changes
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AnimatorDV Simple+ 9.02_is1" = AnimatorDV Simple+ 9.02
"Any Video Converter_is1" = Any Video Converter 3.0.6
"avast5" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"Direct MP3 Joiner_is1" = Direct MP3 Joiner version 3.0.1.5
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDFab 7_is1" = DVDFab 7.0.8.2 (17/07/2010)
"HotspotShield" = Hotspot Shield 1.44
"Hulu Video Downloader_is1" = Hulu Video Downloader 3.34
"ie8" = Windows Internet Explorer 8
"IObit Security 360_is1" = IObit Security 360
"IrfanView" = IrfanView (remove only)
"JPGVideo_is1" = JPGVideo 1.05.0.0
"LSI Soft Modem" = LSI PCI-SV92PP Soft Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Office8.0" = Microsoft Office 97, Professional Edition
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"SopCast" = SopCast 3.2.9
"SpeedFan" = SpeedFan (remove only)
"SystemRequirementsLab" = System Requirements Lab
"TipCam" = TipCam 2.2
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.17
"Vidomi" = Vidomi (remove only)
"VLC media player" = VLC media player 1.1.0
"VN_VUIns_Rhine_D-Link" = D-Link PCI Fast Ethernet Adapter
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/5/2009 9:31:31 AM | Computer Name = 00O3771T48CL0O0 | Source = avast! | ID = 33554522
Description =

Error - 11/5/2009 9:42:01 AM | Computer Name = 00O3771T48CL0O0 | Source = avast! | ID = 33554522
Description =

Error - 11/6/2009 7:18:09 PM | Computer Name = 00O3771T48CL0O0 | Source = avast! | ID = 33554522
Description =

Error - 11/7/2009 10:59:35 PM | Computer Name = 00O3771T48CL0O0 | Source = avast! | ID = 33554522
Description =

Error - 11/10/2009 4:29:23 PM | Computer Name = 00O3771T48CL0O0 | Source = avast! | ID = 33554522
Description =

Error - 11/10/2009 4:47:20 PM | Computer Name = 00O3771T48CL0O0 | Source = avast! | ID = 33554522
Description =

Error - 11/10/2009 7:16:42 PM | Computer Name = 00O3771T48CL0O0 | Source = avast! | ID = 33554522
Description =

Error - 11/19/2009 1:12:07 AM | Computer Name = 00O3771T48CL0O0 | Source = avast! | ID = 33554522
Description =

Error - 1/18/2010 9:58:48 PM | Computer Name = 00O3771T48CL0O0 | Source = avast! | ID = 33554522
Description =

Error - 2/14/2010 2:45:45 PM | Computer Name = 00O3771T48CL0O0 | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 8/24/2010 7:29:22 PM | Computer Name = 00O3771T48CL0O0 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module xvid.dll, version 0.0.0.0, fault address 0x0001d554.

Error - 8/24/2010 7:29:55 PM | Computer Name = 00O3771T48CL0O0 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module xvid.dll, version 0.0.0.0, fault address 0x0001d554.

Error - 8/24/2010 7:58:54 PM | Computer Name = 00O3771T48CL0O0 | Source = IISADMIN | ID = 102
Description = IISADMIN service found that account IWAM_00O3771T48CL0O0 is disabled.
Some IIS functions can fail for this reason. For additional information specific
to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.

Error - 8/24/2010 7:58:54 PM | Computer Name = 00O3771T48CL0O0 | Source = IISADMIN | ID = 102
Description = IISADMIN service found that account IUSR_00O3771T48CL0O0 is disabled.
Some IIS functions can fail for this reason. For additional information specific
to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.

Error - 8/24/2010 8:05:43 PM | Computer Name = 00O3771T48CL0O0 | Source = IISADMIN | ID = 102
Description = IISADMIN service found that account IWAM_00O3771T48CL0O0 is disabled.
Some IIS functions can fail for this reason. For additional information specific
to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.

Error - 8/24/2010 8:05:43 PM | Computer Name = 00O3771T48CL0O0 | Source = IISADMIN | ID = 102
Description = IISADMIN service found that account IUSR_00O3771T48CL0O0 is disabled.
Some IIS functions can fail for this reason. For additional information specific
to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.

Error - 8/25/2010 11:11:02 AM | Computer Name = 00O3771T48CL0O0 | Source = IISADMIN | ID = 102
Description = IISADMIN service found that account IWAM_00O3771T48CL0O0 is disabled.
Some IIS functions can fail for this reason. For additional information specific
to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.

Error - 8/25/2010 11:11:02 AM | Computer Name = 00O3771T48CL0O0 | Source = IISADMIN | ID = 102
Description = IISADMIN service found that account IUSR_00O3771T48CL0O0 is disabled.
Some IIS functions can fail for this reason. For additional information specific
to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.

Error - 8/25/2010 12:52:11 PM | Computer Name = 00O3771T48CL0O0 | Source = IISADMIN | ID = 102
Description = IISADMIN service found that account IWAM_00O3771T48CL0O0 is disabled.
Some IIS functions can fail for this reason. For additional information specific
to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.

Error - 8/25/2010 12:52:11 PM | Computer Name = 00O3771T48CL0O0 | Source = IISADMIN | ID = 102
Description = IISADMIN service found that account IUSR_00O3771T48CL0O0 is disabled.
Some IIS functions can fail for this reason. For additional information specific
to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.

[ System Events ]
Error - 8/24/2010 7:19:43 PM | Computer Name = 00O3771T48CL0O0 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments " " in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 8/24/2010 7:23:04 PM | Computer Name = 00O3771T48CL0O0 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments " " in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 8/24/2010 7:23:04 PM | Computer Name = 00O3771T48CL0O0 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments " " in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 8/24/2010 7:23:04 PM | Computer Name = 00O3771T48CL0O0 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments " " in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 8/24/2010 7:23:05 PM | Computer Name = 00O3771T48CL0O0 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments " " in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 8/25/2010 1:07:31 PM | Computer Name = 00O3771T48CL0O0 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 8/25/2010 1:07:47 PM | Computer Name = 00O3771T48CL0O0 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 8/25/2010 4:31:44 PM | Computer Name = 00O3771T48CL0O0 | Source = nvgts | ID = 262149
Description = A parity error was detected on \Device\Scsi\nvgts1.

Error - 8/25/2010 4:35:44 PM | Computer Name = 00O3771T48CL0O0 | Source = nvgts | ID = 262153
Description = The device, \Device\Scsi\nvgts1, did not respond within the timeout
period.

Error - 8/25/2010 4:35:44 PM | Computer Name = 00O3771T48CL0O0 | Source = nvgts | ID = 262149
Description = A parity error was detected on \Device\Scsi\nvgts1.

< End of report >

snarky · 2010/08/25

Can't locate any viruses or malware...But...

Had to run these twice due to forgetting to close browser on first one.
Also, had to alter some names etc to protect the guilty! (Just Kidding just too much personal information in some files so I renamed them arbitrarily)

Also this file is too long, so I have to break it up.

OTL

OTL logfile created on: 8/25/2010 7:31:19 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Dad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 117.18 Gb Total Space | 32.79 Gb Free Space | 27.98% Space Free | Partition Type: NTFS
Drive D: | 115.69 Gb Total Space | 38.02 Gb Free Space | 32.86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 00O3771T48CL0O0
Current User Name: Dad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/25 19:20:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
PRC - [2010/06/28 17:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 17:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/04/13 21:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 21:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/08/25 19:20:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
MOD - [2008/04/13 21:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/28 17:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 17:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 17:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/05/13 19:43:48 | 000,057,640 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/05/13 19:42:52 | 000,248,368 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010/05/13 19:05:42 | 000,322,608 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010/05/13 19:05:40 | 000,348,208 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2009/10/26 17:37:36 | 000,312,592 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/02/03 16:15:06 | 000,314,504 | ---- | M] (Utipu inc.) [Disabled | Stopped] -- C:\Program Files\uTIPu\TipCtrl.exe -- (TipCtrl)
SRV - [2008/04/13 21:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 21:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)

========== Driver Services (SafeList) ==========

DRV - [2010/06/28 17:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 17:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 17:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 17:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 17:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 17:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/06/07 20:57:00 | 010,531,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/05/13 19:05:40 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010/05/13 19:05:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/02/04 12:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/09/28 02:02:44 | 000,014,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/01 12:52:02 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2009/07/01 12:52:00 | 000,067,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009/06/30 18:31:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008/04/13 13:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/05/16 11:20:32 | 000,043,008 | ---- | M] (D-Link ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dlkfet5b.sys -- (FETNDISB)
DRV - [2007/01/30 23:57:50 | 004,474,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/09/24 10:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [1996/04/03 16:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.hotspotshield.com/g/?c=h
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://yourirish.com/|http://www.shee-eire.com/ "
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/25 17:52:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/24 21:23:45 | 000,000,000 | ---D | M]

[2009/11/04 15:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Mozilla\Extensions
[2010/08/25 13:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\3sev0dtk.default\extensions
[2010/07/30 14:12:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\3sev0dtk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/08/20 00:30:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\3sev0dtk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/25 13:53:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/24 21:23:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 21:23:21 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/20 01:51:30 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010/01/13 19:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/08/25 18:54:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/04 14:21:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/25 19:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Desktop\blasted
[2010/08/25 19:20:36 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
[2010/08/25 18:22:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/25 18:22:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/25 18:22:46 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/25 18:22:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/25 18:22:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/25 18:22:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/25 12:17:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/25 12:17:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/25 12:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/25 12:15:43 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dad\Desktop\mbam-setup-1.46(2).exe
[2010/08/24 21:31:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/08/24 21:24:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/24 21:24:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/24 21:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/08/24 21:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Sun
[2010/08/24 20:53:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/23 17:27:28 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\WINDOWS\System32\tm20dec.ax
[2010/08/23 17:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Changes
[2010/08/20 01:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/08/20 01:22:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/08/11 13:36:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\My Documents\Language
[2010/07/25 18:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Local Settings\Application Data\uTIPu
[2010/07/25 18:05:12 | 000,000,000 | ---D | C] -- C:\Program Files\uTIPu
[2010/07/24 15:10:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Desktop\asdfasdfsa
[2010/07/24 14:55:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Desktop\clips
[2010/07/23 17:42:09 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Dad\Application Data\pcouffin.sys
[2010/07/23 17:42:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Vso
[2010/07/23 17:42:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\My Documents\PcSetup
[2010/07/23 17:42:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\My Documents\DVDFab
[2010/07/23 17:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\NVIDIA
[2010/07/23 17:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 7
[2010/07/23 16:40:36 | 000,000,000 | ---D | C] -- C:\Program Files\soft Xpansion
[2010/07/23 16:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\soft Xpansion
[2010/07/23 11:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Desktop\Movies for youtube
[2010/07/23 10:19:59 | 000,000,000 | ---D | C] -- C:\Program Files\Vidomi
[2010/07/23 10:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Decrypter
[2010/07/23 10:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Desktop\Video Editing
[2010/07/19 18:54:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\.dvdcss
[2010/07/19 18:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\AnvSoft
[2010/07/18 15:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\vlc
[2010/07/15 10:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Desktop\Bloopers
[2010/07/12 18:44:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/07/11 10:16:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/07/11 09:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2010/07/11 09:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\Riva
[2010/07/11 09:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Desktop\New Folder
[2010/07/02 21:51:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\My Documents\New Folder (2)
[2010/06/30 21:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/06/30 20:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2010/06/30 14:26:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/30 14:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/06/29 20:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/06/29 20:36:24 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/06/29 20:31:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\IIS Temporary Compressed Files
[2010/06/29 20:12:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\msmq
[2010/06/29 20:12:11 | 000,000,000 | ---D | C] -- C:\Inetpub
[2010/06/29 11:12:36 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/27 10:25:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/06/26 23:10:50 | 000,000,000 | ---D | C] -- C:\Program Files\SopCast
[2010/06/22 09:48:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2010/06/19 10:21:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dad\Desktop\Various things
[2010/06/18 23:23:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/06/18 07:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\My Documents\Keltic Fonts etc
[2010/06/08 22:03:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dad\Desktop\Security Programs
[2010/06/06 11:27:22 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

snarky · 2010/08/25

========== Files - Modified Within 90 Days ==========

[2010/08/25 19:20:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
[2010/08/25 18:55:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/25 18:54:07 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/25 18:54:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/25 18:20:22 | 003,827,870 | R--- | M] () -- C:\Documents and Settings\Dad\Desktop\ComboFix.exe
[2010/08/25 17:27:35 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\MBRCheck.exe
[2010/08/25 17:24:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/25 14:13:02 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/25 14:07:47 | 000,000,904 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/25 14:06:08 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\Privacy seaside.doc
[2010/08/25 13:53:06 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/25 13:51:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/25 12:30:12 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\ub2vdhh0.exe
[2010/08/25 12:17:32 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/25 12:16:13 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dad\Desktop\mbam-setup-1.46(2).exe
[2010/08/25 08:52:14 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Dad\NTUSER.DAT
[2010/08/25 08:52:14 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Dad\ntuser.ini
[2010/08/25 08:52:01 | 011,250,490 | -H-- | M] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\IconCache.db
[2010/08/25 03:10:01 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\avast! Turn on Avast!.job
[2010/08/25 01:05:59 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/24 21:29:39 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\dds.scr
[2010/08/24 20:53:36 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\HiJackThis.lnk
[2010/08/24 20:29:53 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/24 20:25:52 | 000,161,792 | ---- | M] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/23 23:28:15 | 000,000,661 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\Shortcut to Madagust.doc.lnk
[2010/08/23 17:35:21 | 000,000,024 | ---- | M] () -- C:\WINDOWS\AM_D7.PRF
[2010/08/23 17:27:27 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/23 17:27:26 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/08/23 17:27:26 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/08/23 17:27:22 | 000,000,305 | ---- | M] () -- C:\WINDOWS\changesUserData.ini
[2010/08/22 23:35:08 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\Bloopers1.doc
[2010/08/20 11:37:48 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\housecall.guid.cache
[2010/08/20 11:19:13 | 000,000,584 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\registry backup.reg
[2010/08/20 11:13:30 | 000,006,278 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/08/20 01:22:55 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\Spybot - Search & Destroy.lnk
[2010/08/19 14:32:47 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\similar events.doc
[2010/08/15 13:30:33 | 000,054,343 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\indestructible.html
[2010/08/12 08:46:57 | 000,126,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 00:22:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/11 22:51:10 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\warlord.doc
[2010/08/11 10:54:44 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\Sherrif.doc
[2010/08/11 10:31:27 | 000,215,886 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\antique14c.jpg
[2010/08/11 10:19:29 | 000,179,488 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\1888antique1.jpg
[2010/08/11 10:19:06 | 000,291,780 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\1888antique.jpg
[2010/08/11 10:18:40 | 000,076,809 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\Jennifer.jpg
[2010/08/11 10:04:41 | 004,439,683 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\nobodymove.jpg
[2010/08/10 14:29:54 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\famousinscriptions.doc
[2010/08/10 14:03:51 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\famousinscriptions2.doc
[2010/08/10 14:03:11 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\famousinscripttions.doc
[2010/08/10 13:36:16 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\fameousinscriptions.doc
[2010/08/09 22:47:49 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\rhetoric.doc
[2010/08/09 20:07:45 | 007,748,041 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\BP Oil blowout 2 wells29977.pdf
[2010/08/08 21:19:17 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\the vagueness of it all.doc
[2010/08/08 00:17:48 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\You seem reel fishy.doc
[2010/08/05 13:39:27 | 000,006,179 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\hype.rtf
[2010/08/02 23:12:28 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\get rid of mosquitoes.doc
[2010/07/29 22:45:22 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\Habitual responses.doc
[2010/07/29 21:44:59 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\hammertime.doc
[2010/07/29 11:04:38 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\about the quiz.doc
[2010/07/25 18:09:52 | 000,000,667 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\uTIPu TipCam.lnk
[2010/07/23 17:42:09 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Dad\Application Data\pcouffin.sys
[2010/07/23 17:42:09 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\pcouffin.cat
[2010/07/23 17:42:09 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\pcouffin.inf
[2010/07/23 17:41:55 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\DVDFab 7.lnk
[2010/07/23 16:38:58 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/07/23 10:20:00 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\Vidomi.lnk
[2010/07/23 10:10:02 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\DVD Decrypter.lnk
[2010/07/22 19:52:00 | 005,942,921 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\sambo.mp3
[2010/07/19 20:45:45 | 000,000,157 | ---- | M] () -- C:\Documents and Settings\Dad\default.pls
[2010/07/18 15:19:04 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/07/18 15:15:34 | 019,495,102 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\vlc-1.1.0-win32.exe
[2010/07/18 13:50:56 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\Peruvian.doc
[2010/07/18 11:50:33 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\malcontent.doc
[2010/07/15 13:06:18 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\Companion Planting.doc
[2010/07/15 11:47:57 | 000,088,576 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\companion plants.xls
[2010/07/15 10:08:48 | 000,049,152 | ---- | M] () -- C:\WINDOWS\outlook.pst
[2010/07/15 10:05:53 | 003,766,784 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\binge.doc
[2010/07/15 09:57:42 | 000,359,311 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\triop.jpg
[2010/07/15 09:57:31 | 000,223,692 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\trip1 and 2.jpg
[2010/07/14 23:09:41 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\Quotes from Erin.doc
[2010/07/11 10:21:35 | 000,001,463 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\DivX Movies.lnk
[2010/07/11 10:21:14 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/07/11 10:20:52 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/07/11 09:57:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\bestof5.flv
[2010/07/11 09:54:19 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\Riva FLV Encoder.lnk
[2010/07/11 09:54:19 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\Riva FLV Player.lnk
[2010/07/11 09:29:16 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\blitz.doc
[2010/07/10 00:24:33 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\conspo.doc
[2010/07/06 17:28:11 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\radiation.doc
[2010/07/03 10:35:58 | 000,400,778 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\countries_europe_map.jpg
[2010/07/02 21:38:46 | 000,074,451 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\RunesSg.jpg
[2010/07/02 21:34:36 | 000,323,155 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\RunesS.jpg
[2010/07/02 18:22:29 | 000,118,274 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\sangred.pdf
[2010/07/02 18:22:14 | 000,088,353 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\sangrail7.pdf
[2010/07/02 18:21:57 | 000,076,791 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\sangrail6b.pdf
[2010/07/02 18:21:14 | 000,079,691 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\sangrail5.pdf
[2010/07/02 18:21:05 | 000,070,824 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\sangrail4.pdf
[2010/07/02 18:20:54 | 000,089,860 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\sangrail3.pdf
[2010/07/02 18:20:30 | 000,135,003 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\sangrail2.pdf
[2010/07/02 18:17:05 | 000,062,916 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\asdfred.pdf
[2010/07/02 18:16:17 | 000,076,791 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\sangrail6.pdf
[2010/07/02 18:14:28 | 000,218,624 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\antiques18thc2.doc
[2010/07/02 17:59:42 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/06/30 20:53:54 | 000,495,822 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/30 20:53:54 | 000,424,404 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/30 20:53:54 | 000,064,178 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/30 14:27:04 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/29 20:37:05 | 000,217,180 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/06/29 20:37:05 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/06/29 20:37:02 | 000,217,180 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/06/29 20:37:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/06/29 11:12:37 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/28 17:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 17:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 17:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 17:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 17:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 17:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 17:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 17:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 17:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/26 23:10:51 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\SopCast.lnk
[2010/06/26 12:33:02 | 023,421,140 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\hardtalk.flv
[2010/06/25 19:23:52 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\bleeping.doc
[2010/06/23 18:44:19 | 000,025,072 | ---- | M] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/21 14:52:55 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\Gardening.doc
[2010/06/18 23:36:21 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\WORLD YGGDRASILLU.doc
[2010/06/18 18:59:18 | 000,092,160 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\Nutter.doc
[2010/06/18 07:55:09 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\runic and keltic.doc
[2010/06/17 18:35:54 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\plants.doc
[2010/06/15 22:53:24 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/06/15 22:53:24 | 000,000,881 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/06/15 08:56:13 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\great response to harald.doc
[2010/06/14 10:49:15 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\webspawn.doc
[2010/06/13 23:50:19 | 000,055,808 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\dontclassify.doc
[2010/06/13 16:11:49 | 000,082,670 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\Throrin.jpg
[2010/06/12 17:55:47 | 000,068,250 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\seventeenth century.gif
[2010/06/12 17:52:37 | 000,075,283 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\Badsocks.jpg
[2010/06/12 12:41:38 | 000,015,960 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\***.php
[2010/06/11 23:30:33 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\Doc1.doc
[2010/06/10 12:45:33 | 000,071,363 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\blacksocks.jpeg
[2010/06/10 12:43:55 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\carrottop.doc
[2010/06/10 12:12:04 | 000,067,852 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\blackwalnuttree7.jpg
[2010/06/10 11:18:57 | 000,190,870 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\rowantree.JPG
[2010/06/10 10:24:47 | 000,025,166 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\BWalnutL.jpg
[2010/06/10 08:54:55 | 000,979,216 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\sampledish.pdf
[2010/06/10 08:47:42 | 000,128,232 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\blackash.pdf
[2010/06/09 22:57:28 | 000,322,876 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\identificationguide.pdf
[2010/06/09 21:36:05 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\tuna.xls
[2010/06/08 11:19:38 | 000,099,840 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\How To take a cutting.doc
[2010/06/07 20:57:00 | 002,186,342 | ---- | M] () -- C:\WINDOWS\System32\nvdata.bin
[2010/06/07 20:57:00 | 000,061,440 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/06/07 20:57:00 | 000,007,959 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/06/07 00:37:24 | 000,081,408 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\great rogue.doc
[2010/06/06 11:30:23 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hotspot Shield Launch.lnk
[2010/06/02 21:48:48 | 000,035,218 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\barronvon.pdf
[2010/06/02 14:25:03 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\nonresponsive.doc
[2010/05/27 22:07:03 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\withoutanyfurtherado.doc
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/25 18:22:46 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/25 18:22:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/25 18:22:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/25 18:22:46 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/25 18:22:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/25 18:19:18 | 003,827,870 | R--- | C] () -- C:\Documents and Settings\Dad\Desktop\ComboFix.exe
[2010/08/25 17:27:35 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\MBRCheck.exe
[2010/08/25 17:24:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/25 12:30:12 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\ub2vdhh0.exe
[2010/08/25 12:17:32 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/25 01:11:00 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\avast! Turn on Avast!.job
[2010/08/24 21:29:37 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\dds.scr
[2010/08/24 20:53:36 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\HiJackThis.lnk
[2010/08/23 23:28:15 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\Shortcut to maple.doc.lnk
[2010/08/23 17:35:21 | 000,000,024 | ---- | C] () -- C:\WINDOWS\AM_D7.PRF
[2010/08/23 17:27:24 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2010/08/23 17:27:24 | 000,005,672 | ---- | C] () -- C:\WINDOWS\System32\quartz.vxd
[2010/08/23 17:27:22 | 000,000,305 | ---- | C] () -- C:\WINDOWS\changesUserData.ini
[2010/08/22 23:34:34 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\tunafishing.doc
[2010/08/20 11:37:48 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\housecall.guid.cache
[2010/08/20 11:19:13 | 000,000,584 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\registry backup.reg
[2010/08/20 01:22:55 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\Spybot - Search & Destroy.lnk
[2010/08/15 13:30:32 | 000,054,343 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\impractical.html
[2010/08/11 22:51:10 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\sanedust.doc
[2010/08/11 10:53:14 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\Shaman.doc
[2010/08/11 10:31:26 | 000,215,886 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\abc.jpg
[2010/08/11 10:19:28 | 000,179,488 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\def.jpg
[2010/08/11 10:19:06 | 000,291,780 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\ghi.jpg
[2010/08/11 10:18:40 | 000,076,809 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\jkl.jpg
[2010/08/11 10:04:40 | 004,439,683 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\mno.jpg
[2010/08/10 14:29:54 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\abc.doc
[2010/08/10 14:03:51 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\def.doc
[2010/08/10 14:01:02 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\ghi.doc
[2010/08/10 12:53:49 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\jkl.doc
[2010/08/09 22:47:49 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\mno.doc
[2010/08/09 20:06:58 | 007,748,041 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\BP Oil blowout 2 wells29977.pdf
[2010/08/08 21:19:17 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\indirect.doc
[2010/08/08 00:17:48 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\You seem real etc.doc
[2010/08/05 13:39:27 | 000,006,179 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\hammy.rtf
[2010/08/02 23:12:28 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\get rid of mosquitoes.doc
[2010/07/29 22:45:21 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\hmok.doc
[2010/07/29 11:04:38 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\about the series.doc
[2010/07/27 15:35:06 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\hopalong.doc
[2010/07/25 18:09:52 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\uTIPu TipCam.lnk
[2010/07/23 17:42:13 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\pcouffin.log
[2010/07/23 17:42:09 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\pcouffin.cat
[2010/07/23 17:42:09 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\pcouffin.inf
[2010/07/23 17:41:55 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\DVDFab 7.lnk
[2010/07/23 10:20:00 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\Vidomi.lnk
[2010/07/23 10:10:02 | 000,001,635 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\DVD Decrypter.lnk
[2010/07/22 19:51:29 | 005,942,921 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\zambooy.mp3
[2010/07/18 15:19:04 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/07/18 15:13:50 | 019,495,102 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\vlc-1.1.0-win32.exe
[2010/07/18 13:50:56 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\zero.doc
[2010/07/18 13:30:59 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\one.doc
[2010/07/18 11:50:33 | 000,053,248 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\two.doc
[2010/07/15 12:59:44 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\Companion Planting.doc
[2010/07/15 11:47:57 | 000,088,576 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\companion plants.xls
[2010/07/15 10:05:37 | 003,766,784 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\three.doc
[2010/07/15 09:57:41 | 000,359,311 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\sas.jpg
[2010/07/15 09:57:30 | 000,223,692 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\sez and 2.jpg
[2010/07/14 23:09:41 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\Quotes from history.doc
[2010/07/11 10:21:14 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/07/11 10:20:52 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/07/11 09:56:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\ingrid.flv
[2010/07/11 09:54:19 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\Riva FLV Encoder.lnk
[2010/07/11 09:54:19 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\Riva FLV Player.lnk
[2010/07/11 09:29:15 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\seperation.doc
[2010/07/10 00:24:32 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\conspo.doc
[2010/07/06 17:27:58 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\snipet.doc
[2010/07/03 10:35:58 | 000,400,778 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\countries_europe_map.jpg
[2010/07/02 21:38:46 | 000,074,451 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\RunesSg.jpg
[2010/07/02 21:31:52 | 000,323,155 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\RunesS.jpg
[2010/07/02 18:22:29 | 000,118,274 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\abcd.pdf
[2010/07/02 18:22:14 | 000,088,353 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\efg.pdf
[2010/07/02 18:21:57 | 000,076,791 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\abee.pdf
[2010/07/02 18:21:14 | 000,079,691 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\abeef.pdf
[2010/07/02 18:21:05 | 000,070,824 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\abcdd.pdf
[2010/07/02 18:20:54 | 000,089,860 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\barec.pdf
[2010/07/02 18:20:30 | 000,135,003 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\Zveaw.pdf
[2010/07/02 18:17:05 | 000,062,916 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\fdsa.pdf
[2010/07/02 18:16:17 | 000,076,791 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\fda.pdf
[2010/07/02 18:14:28 | 000,218,624 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\ History.doc
[2010/06/30 14:27:04 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/29 20:37:05 | 000,217,180 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/06/29 20:37:02 | 000,217,180 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/06/29 20:37:02 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/06/29 20:37:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/06/29 20:36:22 | 002,186,342 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/06/29 20:30:25 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2010/06/29 20:30:25 | 000,005,379 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.h
[2010/06/29 20:30:24 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2010/06/29 20:30:24 | 000,002,024 | ---- | C] () -- C:\WINDOWS\System32\axctrnm.h
[2010/06/29 20:30:20 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2010/06/29 20:30:19 | 000,003,276 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.h
[2010/06/26 23:10:51 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\SopCast.lnk
[2010/06/26 13:13:34 | 023,421,140 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\HardTalk 1of3.flv
[2010/06/25 19:23:52 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\spam.doc
[2010/06/21 13:15:31 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\Gardening.doc
[2010/06/18 23:36:20 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\WORLD YGGDRASILLU.doc
[2010/06/18 18:58:44 | 000,092,160 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\neverdidit.doc
[2010/06/18 07:55:08 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\runic and keltic.doc
[2010/06/17 18:35:54 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\plant horse chessnut howto.doc
[2010/06/15 22:53:24 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/06/15 22:53:24 | 000,000,881 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/06/15 07:37:44 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\great response to harald.doc
[2010/06/14 10:49:15 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\selfare.doc
[2010/06/13 23:50:19 | 000,055,808 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\tam.doc
[2010/06/13 16:11:49 | 000,082,670 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\Throrin.jpg
[2010/06/12 17:55:47 | 000,068,250 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\fiura.gif
[2010/06/12 17:52:37 | 000,075,283 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\barain.jpg
[2010/06/12 12:41:36 | 000,015,960 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\www.php
[2010/06/11 23:30:33 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\Doc1.doc
[2010/06/10 12:45:33 | 000,071,363 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\blackwalnuttreesplanted.jpeg
[2010/06/10 12:43:55 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\clipping black walnut or any deciduous tree.doc
[2010/06/10 12:12:04 | 000,067,852 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\blackwalnuttree7.jpg
[2010/06/10 11:18:56 | 000,190,870 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\rowantree.JPG
[2010/06/10 10:24:47 | 000,025,166 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\BWalnutL.jpg
[2010/06/10 08:54:55 | 000,979,216 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\primer.pdf
[2010/06/10 08:47:42 | 000,128,232 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\blackash.pdf
[2010/06/09 22:57:26 | 000,322,876 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\ash identification EAB_identificationguide.pdf
[2010/06/09 21:32:29 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\ablist.xls
[2010/06/08 11:19:38 | 000,099,840 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\How To Plant.doc
[2010/06/07 00:26:34 | 000,081,408 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\great rogue.doc
[2010/06/06 11:30:23 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hotspot Shield Launch.lnk
[2010/06/02 21:48:48 | 000,035,218 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\sinbad.pdf
[2010/06/02 14:25:03 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\presto.doc
[2010/04/02 10:20:24 | 000,131,872 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\icarus-dxdiag.xml
[2010/02/13 18:36:29 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/02/13 18:36:29 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\5ADC41BF3D.sys
[2010/02/07 01:39:31 | 000,000,760 | ---- | C] () -- C:\WINDOWS\AnimatorDV.INI
[2010/01/22 21:57:06 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/01/17 12:29:50 | 000,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/17 12:29:50 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2009/11/21 15:10:57 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\fusioncache.dat
[2009/11/19 18:52:26 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/19 18:52:22 | 000,161,792 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/19 12:36:40 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/11/05 22:53:02 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2006/10/27 08:26:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2002/06/11 04:08:00 | 000,023,180 | ---- | C] () -- C:\WINDOWS\System32\evgainit.sys
[2002/05/13 06:16:19 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[1997/07/11 01:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[1997/07/11 01:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL
[1997/07/11 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1996/04/03 16:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/02/15 12:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/22 08:05:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/02/26 22:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/11/20 01:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/07/23 16:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\soft Xpansion
[2010/07/19 18:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\AnvSoft
[2009/11/19 19:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Any Video Converter
[2010/05/07 07:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\BitTorrent
[2010/04/04 21:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Darkfall
[2010/06/18 23:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Darkfall US
[2009/11/10 18:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\GetRightToGo
[2009/11/04 18:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\IObit
[2010/02/13 01:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Opera
[2009/11/21 15:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Turbine
[2010/08/24 20:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\uTorrent
[2010/07/23 17:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Vso
[2010/08/25 03:10:01 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\avast! Turn on Avast!.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/06/11 07:16:23 | 000,006,128 | ---- | M] () -- C:\aaw7boot.log
[2009/11/04 14:21:13 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/25 18:55:24 | 000,028,162 | ---- | M] () -- C:\ComboFix.txt
[2009/11/04 14:21:13 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/01/19 00:33:58 | 000,004,717 | -H-- | M] () -- C:\ffastun.ffa
[2010/01/19 00:33:58 | 000,237,568 | -H-- | M] () -- C:\ffastun.ffl
[2010/01/19 00:33:58 | 000,126,976 | -H-- | M] () -- C:\ffastun.ffo
[2010/01/19 00:33:58 | 002,031,616 | -H-- | M] () -- C:\ffastun0.ffx
[2009/11/04 14:21:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/19 21:32:02 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2009/11/04 14:21:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/25 13:51:49 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/06/28 22:43:52 | 000,001,994 | ---- | M] () -- C:\TRACERT.TXT
[2010/06/30 21:25:37 | 000,001,591 | ---- | M] () -- C:\tracert2.txt
[2010/06/30 21:43:17 | 000,001,626 | ---- | M] () -- C:\tracert4.txt
[2010/06/30 21:45:44 | 000,001,573 | ---- | M] () -- C:\tracert5.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/03/26 17:00:00 | 000,022,528 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD83.DLL
[2006/03/26 17:00:00 | 000,065,024 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP83.DLL

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/11/04 09:59:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/11/04 09:59:49 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/11/04 09:59:49 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 21:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 21:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 21:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

broni · 2010/08/25

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

==============================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] 
[2010/02/13 18:36:29 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\5ADC41BF3D.sys


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
===============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

Disable your active antivirus program.

Read through the requirements and privacy statement and click on Accept button.

It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.

When the downloads have finished, click on Settings.

Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs

Archives

Mail databases

Click on My Computer under Scan.

Once the scan is complete, it will display the results. Click on View Scan Report.

You will see a list of infected items there. Click on Save Report As....

Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

snarky · 2010/08/25

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\WINDOWS\002870_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\All Users\Application Data\5ADC41BF3D.sys moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 17759015 bytes
->Flash cache emptied: 405 bytes

User: All Users

User: Dad
->Temp folder emptied: 9252361 bytes
->Temporary Internet Files folder emptied: 7464143 bytes
->Java cache emptied: 130120 bytes
->FireFox cache emptied: 71406754 bytes
->Flash cache emptied: 12955 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Alt
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 90026488 bytes
->Flash cache emptied: 15461 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Bear
->Temp folder emptied: 617742 bytes
->Temporary Internet Files folder emptied: 94101 bytes
->FireFox cache emptied: 32915457 bytes
->Flash cache emptied: 3811 bytes

User: Someone
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 42038712 bytes
->Flash cache emptied: 8620 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 259.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Dad
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: Alt
->Flash cache emptied: 0 bytes

User: NetworkService

User: Bear
->Flash cache emptied: 0 bytes

User: Someone
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.10.0 log created on 08252010_205843

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

snarky · 2010/08/25

Can't locate any viruses or malware...But...

Security Check

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
Java(TM) 6 Update 21
Adobe Flash Player 10.1.53.64
Adobe Reader 8.2.3
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Alwil Software Avast5 AvastSvc.exe
ALWILS~1 Avast5 avastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

broni · 2010/08/25

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

snarky · 2010/08/25

Can't locate any viruses or malware...But...

Just waiting on Kasper to do it's thing. I tried this before and it took what seemed like a short eternity. So I don't know how long this will take...but if it's too long i'll post the report in the morning; if it is capable of doing it faster this time i'll be able to post it tonight.

Also strange im seeing Adaware program still lurking in there...thought I was rid of that too.

broni · 2010/08/25

No problem
I'm aware, it takes a while...

Log in or Sign up

Solved Can't locate any viruses or malware...But...

snarky Inactive Thread Starter

broni Moderator Malware Analyst

snarky Inactive Thread Starter

broni Moderator Malware Analyst

snarky Inactive Thread Starter

snarky Inactive Thread Starter

broni Moderator Malware Analyst

snarky Inactive Thread Starter

broni Moderator Malware Analyst

snarky Inactive Thread Starter

broni Moderator Malware Analyst

snarky Inactive Thread Starter

snarky Inactive Thread Starter

snarky Inactive Thread Starter

broni Moderator Malware Analyst

snarky Inactive Thread Starter

snarky Inactive Thread Starter

broni Moderator Malware Analyst

snarky Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Can't locate any viruses or malware...But...

snarky Inactive Thread Starter

broni Moderator Malware Analyst

snarky Inactive Thread Starter

broni Moderator Malware Analyst

snarky Inactive Thread Starter

snarky Inactive Thread Starter

broni Moderator Malware Analyst

snarky Inactive Thread Starter

broni Moderator Malware Analyst

snarky Inactive Thread Starter

broni Moderator Malware Analyst

snarky Inactive Thread Starter

snarky Inactive Thread Starter

snarky Inactive Thread Starter

broni Moderator Malware Analyst

snarky Inactive Thread Starter

snarky Inactive Thread Starter

broni Moderator Malware Analyst

snarky Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches