1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Trojan slows my boot ups

Discussion in 'Malware and Virus Removal Archive' started by albert1013, 2010/09/03.

Page 1 of 2
  1. 2010/09/03
    albert1013

    albert1013 Inactive Thread Starter

    Joined:
    2002/05/27
    Messages:
    68
    Likes Received:
    0
    [Resolved] Trojan slows my boot ups

    Last week my Dell notebook using Windows XP with SP3 was infected with Trojans. My Avast5 Internet Security software stopped 43 of them but some got through because it took 28 minutes for my computer to boot up. I could get to the desktop screen but my system was frozen and after 28 minutes I heard the Windows intro music and could use my computer again. I scanned with Avast5 and found some infections including the "Rundll qraquloyaraqe.dll" and "Rundll kbsc70.dll" files that kept popping up. I did a boot time scan with Avast5 and found another trojan. I proceded to scan with the Microsoft OneCare Safety Scanner several times and removed nearly a dozen other viruses. I also scanned with Norton's Online virus scanner which found nothing. I scanned with BitDefender's online scanner which found one trojan. I scanned with House Call Launcher which caught two more infections. And I used the free Ad-Aware scanner which found one more. Finally I used McAfee's online scanner and got the Generic QHOST.c trojan. After every restart of my computer I still had a slow 28 minute boot up in spite of the fact that further scans with The Microsoft OneCare Safety Scanner found my system and registry to be free of infections (the McAfee scan I ran came after that and found one more Trojan though). I did a check disk from the RUN command line and everything went fine with that scan. Do you think I still have a virus? I think so because I get those cursor egg timers now and then for no reason. Is it possible that the infections corrupted my OS files and slowed my boot ups?

    Below are those DDS scans your website requests. I pasted them becuae I did not know how to attach them. I hope I have posted to the correct forum. Thank you in advance for your help!

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Albert Appalucci at 17:20:40.50 on Fri 09/03/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.519 [GMT -4:00]

    AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: avast! Internet Security *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: avast! Internet Security *enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\afwServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\Program Files\Freecorder\FLVSrvc.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Albert Appalucci\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://www.dell4me.com/myway
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe "
    uInternet Settings,ProxyServer = http=127.0.0.1:5643
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre0.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre0.dll
    BHO: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File
    BHO: {d1fb2090-8bb1-4e4b-ab97-e1b3a10b5c0a} - No File
    TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre0.dll
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
    TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe
    mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe "
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
    IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
    DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120832065743
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6093/mcfscan.cab
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - No File
    STS: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - No File
    SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
    LSA: Notification Packages = scecli c:\windows\system32\nadusajo.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\albert~1\applic~1\mozilla\firefox\profiles\vvafqfrv.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: network.proxy.type - 1
    FF - component: c:\documents and settings\albert appalucci\application data\mozilla\firefox\profiles\vvafqfrv.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\albert appalucci\application data\mozilla\firefox\profiles\vvafqfrv.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
    FF - plugin: c:\documents and settings\albert appalucci\application data\move networks\plugins\npqmp071505000010.dll
    FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
    FF - HiddenExtension: XULRunner: {40472737-8B67-48FB-945D-B3D52770CAD0} - c:\documents and settings\albert appalucci\local settings\application data\{40472737-8B67-48FB-945D-B3D52770CAD0}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

    ============= SERVICES / DRIVERS ===============

    R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-9-1 12112]
    R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-9-1 188168]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-3 64288]
    R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-9-1 99280]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-9-1 312912]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-1 165456]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-1 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-1 40384]
    R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2010-9-1 119200]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355416]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-1 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-1 40384]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]

    =============== Created Last 30 ================


    ==================== Find3M ====================

    2010-07-27 06:30:35 8462336 ----a-w- c:\windows\system32\dllcache\shell32.dll
    2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\dllcache\schannel.dll
    2010-06-24 21:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
    2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll
    2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2010-06-24 12:22:02 1210368 ----a-w- c:\windows\system32\dllcache\urlmon.dll
    2010-06-24 12:22:01 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
    2010-06-24 12:22:01 5951488 ----a-w- c:\windows\system32\dllcache\mshtml.dll
    2010-06-24 12:22:01 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
    2010-06-24 12:21:59 599040 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
    2010-06-24 12:21:59 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-06-24 12:21:59 25600 ----a-w- c:\windows\system32\dllcache\jsproxy.dll
    2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
    2010-06-24 12:21:58 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
    2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2010-06-24 12:21:55 387584 ----a-w- c:\windows\system32\dllcache\iedkcs32.dll
    2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\dllcache\win32k.sys
    2010-06-23 12:08:09 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
    2010-06-21 15:27:11 354304 ----a-w- c:\windows\system32\dllcache\srv.sys
    2010-06-18 13:36:12 3558912 ----a-w- c:\windows\system32\dllcache\moviemk.exe
    2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 14:31:20 744448 ----a-w- c:\windows\system32\dllcache\helpsvc.exe
    2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\dllcache\msxml3.dll
    2010-06-09 23:01:10 133616 ------w- c:\windows\system32\pxafs.dll
    2010-06-09 23:01:10 126448 ------w- c:\windows\system32\pxinsi64.exe
    2010-06-09 23:01:10 123888 ------w- c:\windows\system32\pxcpyi64.exe
    2005-06-26 19:32:28 616448 --sha-r- c:\windows\system32\cygwin1.dll
    2005-06-22 02:37:42 45568 --sha-r- c:\windows\system32\cygz.dll
    2009-04-13 16:58:47 2098 --sh--w- c:\windows\system32\dawusere.exe
    2004-01-25 04:00:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
    2005-02-28 17:16:22 240128 --sha-r- c:\windows\system32\x.264.exe
    2004-01-25 04:00:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll
    2009-04-13 16:58:47 2098 --sh--w- c:\windows\system32\zowavami.dll

    ============= FINISH: 17:21:12.46 ===============
     
    albert1013,
    #1
  2. 2010/09/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.


    STEP 3. Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.



    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #2


  3. to hide this advert.

  4. 2010/09/03
    albert1013

    albert1013 Inactive Thread Starter

    Joined:
    2002/05/27
    Messages:
    68
    Likes Received:
    0
    Trojan slows boot ups

    Thanks for helping Broni! I ran the Malwarebytes scan and it found like 23 infections and I posted the report you asked for below.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4540

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    9/4/2010 12:21:39 AM
    mbam-log-2010-09-04 (00-21-39).txt

    Scan type: Quick scan
    Objects scanned: 137206
    Time elapsed: 12 minute(s), 13 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 11
    Registry Values Infected: 2
    Registry Data Items Infected: 3
    Folders Infected: 1
    Files Infected: 5

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{343ce214-9998-4b21-a151-ffe970167297} (Rogue.Installer) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MPMFC1 (Rogue.SearchAndDestroy) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    C:\WINDOWS\Spyware Sweeper Pro (Rogue.SpywareSweeper) -> Quarantined and deleted successfully.

    Files Infected:
    C:\WINDOWS\SYSTEM32\zowavami.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\Spyware Sweeper Pro\uninstall.exe (Rogue.SpywareSweeper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Albert Appalucci\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\Spyware Sweeper Pro Setup Log.txt (Rogue.SpywareSweeper) -> Quarantined and deleted successfully.
    C:\WINDOWS\Spyware Sweeper Pro Uninstall Log.txt (Rogue.SpywareSweeper) -> Quarantined and deleted successfully.
     
    albert1013,
    #3
  5. 2010/09/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Go on....
     
    broni,
    #4
  6. 2010/09/03
    albert1013

    albert1013 Inactive Thread Starter

    Joined:
    2002/05/27
    Messages:
    68
    Likes Received:
    0
    trojan slows up boot up

    Sorry for the delay. You must remember that each time I run a scan I have to re boot and it took 15 minutes to un freeze my computer. I will now run that second test and post the results.
     
    albert1013,
    #5
  7. 2010/09/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    ok.....
     
    broni,
    #6
  8. 2010/09/03
    albert1013

    albert1013 Inactive Thread Starter

    Joined:
    2002/05/27
    Messages:
    68
    Likes Received:
    0
    gmer results

    Below are the gmer.log results.

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit quick scan 2010-09-04 00:53:26
    Windows 5.1.2600 Service Pack 3
    Running: hq0g4qrx.exe; Driver: C:\DOCUME~1\ALBERT~1\LOCALS~1\Temp\uwdoapob.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwEnumerateKey [0xB2421A3E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwEnumerateValueKey [0xB24218A9]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB245EB9C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswFW.SYS (avast! Filtering TDI driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswFW.SYS (avast! Filtering TDI driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswFW.SYS (avast! Filtering TDI driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    ---- EOF - GMER 1.0.15 ----
     
    albert1013,
    #7
  9. 2010/09/03
    albert1013

    albert1013 Inactive Thread Starter

    Joined:
    2002/05/27
    Messages:
    68
    Likes Received:
    0
    MBR check results

    Below is the MBR check report.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 142):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806EE000 \WINDOWS\system32\hal.dll
    0xF7C6F000 \WINDOWS\system32\KDCOM.DLL
    0xF7B7F000 \WINDOWS\system32\BOOTVID.dll
    0xF776F000 vigdgwk.sys
    0xF7720000 ACPI.sys
    0xF7C71000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF770F000 pci.sys
    0xF777F000 isapnp.sys
    0xF7B83000 compbatt.sys
    0xF7B87000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xF7D37000 pciide.sys
    0xF79EF000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF76F1000 pcmcia.sys
    0xF778F000 MountMgr.sys
    0xF76D2000 ftdisk.sys
    0xF79F7000 PartMgr.sys
    0xF779F000 VolSnap.sys
    0xF76BA000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    0xF76A2000 atapi.sys
    0xF782F000 disk.sys
    0xF783F000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF763D000 fltmgr.sys
    0xF784F000 Lbd.sys
    0xF7628000 drvmcdb.sys
    0xF785F000 PxHelp20.sys
    0xF7611000 KSecDD.sys
    0xF7584000 Ntfs.sys
    0xF7557000 NDIS.sys
    0xF752A000 aswNdis2.sys
    0xF7C81000 aswNdis.sys
    0xF7510000 Mup.sys
    0xF788F000 agp440.sys
    0xF74B0000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF7C5F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xF730C000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
    0xF72F8000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF7B27000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF72D4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF7B2F000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF72A9000 \SystemRoot\system32\DRIVERS\b57xp32.sys
    0xF7292000 \SystemRoot\system32\DRIVERS\ozscr.sys
    0xF7C67000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
    0xF74A0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF727B000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
    0xF7B37000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF7B3F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF7490000 \SystemRoot\system32\DRIVERS\serial.sys
    0xF744C000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xF7267000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF7480000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF7CA9000 \SystemRoot\system32\drivers\sscdbhk5.sys
    0xF7B47000 \SystemRoot\System32\Drivers\MxlW2k.SYS
    0xF7470000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF78DF000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF7244000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF7204000 \SystemRoot\system32\drivers\stac97.sys
    0xF71E0000 \SystemRoot\system32\drivers\portcls.sys
    0xF77AF000 \SystemRoot\system32\drivers\drmk.sys
    0xF71AF000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
    0xF70B0000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
    0xF700A000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    0xF7B4F000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF7D4B000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF77BF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7444000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF6FF3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF77CF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF77DF000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF7B57000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF7B5F000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF7B67000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF77EF000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF7CAB000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF6F95000 \SystemRoot\system32\DRIVERS\update.sys
    0xF743C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF7B6F000 \SystemRoot\system32\DRIVERS\omci.sys
    0xF77FF000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF789F000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF7CB1000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF73EF000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xF7CB5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7D75000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7CB7000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF7A77000 \SystemRoot\system32\drivers\ssrtln.sys
    0xF7A7F000 \SystemRoot\System32\drivers\vga.sys
    0xF7CB9000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7CBB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF7A87000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF7A8F000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF7C2B000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xB268B000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xF787F000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xB2632000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xB261B000 \SystemRoot\System32\Drivers\aswFW.SYS
    0xF78EF000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0xB25F3000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xB25D1000 \SystemRoot\System32\drivers\afd.sys
    0xF78FF000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xB25A6000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB2536000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF790F000 \SystemRoot\System32\Drivers\Fips.SYS
    0xB2470000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xB2449000 \SystemRoot\System32\Drivers\aswSP.SYS
    0xB23F8000 \SystemRoot\System32\Drivers\aswSnx.SYS
    0xF793F000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF7A17000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0xF796F000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xB23B8000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF7CDD000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB26A2000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF7A27000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7E8C000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\ati2dvag.dll
    0xBF049000 \SystemRoot\System32\ati2cqag.dll
    0xBF081000 \SystemRoot\System32\ati3duag.dll
    0xBF290000 \SystemRoot\System32\ativvaxx.dll
    0xB26A6000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0xB2516000 \SystemRoot\system32\drivers\drvnddm.sys
    0xF7DDB000 \SystemRoot\system32\dla\tfsndres.sys
    0xB2263000 \SystemRoot\system32\dla\tfsnifs.sys
    0xF7BB7000 \SystemRoot\system32\dla\tfsnopio.sys
    0xF7D23000 \SystemRoot\system32\dla\tfsnpool.sys
    0xF7A4F000 \SystemRoot\system32\dla\tfsnboio.sys
    0xB2506000 \SystemRoot\system32\dla\tfsncofs.sys
    0xF7DDC000 \SystemRoot\system32\dla\tfsndrct.sys
    0xB224A000 \SystemRoot\system32\dla\tfsnudf.sys
    0xB2231000 \SystemRoot\system32\dla\tfsnudfa.sys
    0xB229C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xB1EFA000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0xB1D15000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xB1E8A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xB1C46000 \SystemRoot\system32\DRIVERS\srv.sys
    0xB1A79000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB1BDE000 \SystemRoot\system32\drivers\sysaudio.sys
    0xF79FF000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0xB16DE000 \SystemRoot\system32\drivers\kmixer.sys
    0xB15CD000 \SystemRoot\System32\Drivers\HTTP.sys
    0xB12BE000 \??\C:\DOCUME~1\ALBERT~1\LOCALS~1\Temp\uwdoapob.sys
    0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

    Processes (total 35):
    0 System Idle Process
    4 System
    672 C:\WINDOWS\SYSTEM32\smss.exe
    744 csrss.exe
    768 C:\WINDOWS\SYSTEM32\winlogon.exe
    812 C:\WINDOWS\SYSTEM32\services.exe
    824 C:\WINDOWS\SYSTEM32\lsass.exe
    988 C:\WINDOWS\SYSTEM32\ati2evxx.exe
    1004 C:\WINDOWS\SYSTEM32\svchost.exe
    1068 svchost.exe
    1108 C:\WINDOWS\SYSTEM32\svchost.exe
    1180 svchost.exe
    1284 svchost.exe
    1364 C:\Program Files\Alwil Software\Avast5\afwServ.exe
    1384 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    1508 C:\WINDOWS\SYSTEM32\ati2evxx.exe
    1580 C:\WINDOWS\explorer.exe
    1700 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1964 C:\WINDOWS\SYSTEM32\spoolsv.exe
    2016 scardsvr.exe
    148 svchost.exe
    1504 alg.exe
    1556 UNSECAPP.EXE
    2140 wmiprvse.exe
    2192 C:\Program Files\verizon\McciTrayApp.exe
    2200 C:\Program Files\Freecorder\FLVSrvc.exe
    2216 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    2224 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
    2264 C:\WINDOWS\SYSTEM32\ctfmon.exe
    2552 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    1160 C:\Program Files\Messenger\msmsgs.exe
    2188 C:\Program Files\Internet Explorer\iexplore.exe
    1932 C:\Program Files\Internet Explorer\iexplore.exe
    368 C:\Documents and Settings\Albert Appalucci\Desktop\hq0g4qrx.exe
    2924 C:\Documents and Settings\Albert Appalucci\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)

    PhysicalDrive0 Model Number: FUJITSUMHT2030AT, Rev: 009B

    Size Device Name MBR Status
    --------------------------------------------
    27 GB \\.\PhysicalDrive0 Dell MBR code detected
    SHA1: 84B95CE8A54B7C5C3AAF149934FC46FB70FF8365


    Done!
     
    albert1013,
    #8
  10. 2010/09/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    All good there....:)

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE. If Combofix asks you to install Recovery Console, please allow it.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #9
  11. 2010/09/04
    albert1013

    albert1013 Inactive Thread Starter

    Joined:
    2002/05/27
    Messages:
    68
    Likes Received:
    0
    trojan problem

    Hi again. I ran the Combo scan and after the long reboot it displayed the report below.

    ComboFix 10-09-03.01 - Albert Appalucci 09/04/2010 1:50.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.624 [GMT -4:00]
    Running from: c:\documents and settings\Albert Appalucci\Desktop\ComboFix.exe
    AV: avast! Internet Security *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    FW: avast! Internet Security *disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Albert Appalucci\Local Settings\Application Data\{40472737-8B67-48FB-945D-B3D52770CAD0}
    c:\documents and settings\Albert Appalucci\Local Settings\Application Data\{40472737-8B67-48FB-945D-B3D52770CAD0}\chrome.manifest
    c:\documents and settings\Albert Appalucci\Local Settings\Application Data\{40472737-8B67-48FB-945D-B3D52770CAD0}\chrome\content\_cfg.js
    c:\documents and settings\Albert Appalucci\Local Settings\Application Data\{40472737-8B67-48FB-945D-B3D52770CAD0}\chrome\content\overlay.xul
    c:\documents and settings\Albert Appalucci\Local Settings\Application Data\{40472737-8B67-48FB-945D-B3D52770CAD0}\install.rdf
    c:\windows\system32\drivers\fad.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_FAD


    ((((((((((((((((((((((((( Files Created from 2010-08-04 to 2010-09-04 )))))))))))))))))))))))))))))))
    .

    2010-09-02 01:47 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-09-02 01:47 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-09-02 01:47 . 2010-06-28 20:39 312912 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2010-09-02 01:47 . 2010-06-28 20:39 99280 ----a-w- c:\windows\system32\drivers\aswFW.sys
    2010-09-02 01:47 . 2010-06-28 20:38 188168 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
    2010-09-02 01:47 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-09-02 01:47 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-09-02 01:47 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-09-02 01:47 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-09-02 01:47 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-09-02 01:46 . 2010-06-28 20:10 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
    2010-09-02 01:46 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
    2010-09-02 01:37 . 2010-09-02 01:37 -------- d-----w- c:\documents and settings\Albert Appalucci\Local Settings\Application Data\Threat Expert
    2010-09-02 01:29 . 2010-09-02 01:29 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2010-09-02 01:05 . 2010-09-02 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2010-09-01 15:19 . 2010-09-01 15:48 -------- d-----w- c:\windows\BDOSCAN8
    2010-08-31 18:09 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
    2010-08-31 18:09 . 2001-08-18 02:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
    2010-08-31 18:09 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
    2010-08-31 18:09 . 2001-08-18 02:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
    2010-08-31 18:09 . 2001-08-18 02:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
    2010-08-31 18:09 . 2001-08-18 02:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
    2010-08-31 18:09 . 2001-08-17 16:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
    2010-08-31 18:09 . 2004-08-04 02:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
    2010-08-31 18:09 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
    2010-08-31 18:09 . 2004-08-04 02:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
    2010-08-31 18:09 . 2008-04-14 00:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
    2010-08-31 18:08 . 2008-04-13 18:36 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
    2010-08-31 18:08 . 2004-08-04 02:31 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
    2010-08-31 18:08 . 2001-08-17 16:12 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
    2010-08-31 18:08 . 2001-08-17 17:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
    2010-08-31 18:08 . 2001-08-18 02:36 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
    2010-08-31 18:08 . 2001-08-18 02:36 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
    2010-08-31 18:08 . 2004-08-04 11:00 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll
    2010-08-31 18:08 . 2004-08-04 11:00 31232 ----a-w- c:\windows\system32\dllcache\weitekp9.sys
    2010-08-31 18:08 . 2001-08-17 17:28 701386 ----a-w- c:\windows\system32\dllcache\wdhaalba.sys
    2010-08-31 18:08 . 2004-08-04 02:29 23615 ----a-w- c:\windows\system32\dllcache\wch7xxnt.sys
    2010-08-31 18:08 . 2008-04-13 18:45 31744 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys
    2010-08-31 18:08 . 2001-08-17 16:10 35871 ----a-w- c:\windows\system32\dllcache\wbfirdma.sys
    2010-08-31 18:06 . 2001-08-17 17:28 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
    2010-08-31 18:05 . 2001-08-18 02:36 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
    2010-08-31 18:04 . 2001-08-17 16:12 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
    2010-08-31 18:03 . 2001-08-17 17:52 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
    2010-08-31 18:02 . 2001-08-17 16:11 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys
    2010-08-31 18:01 . 2001-08-17 18:56 147200 ----a-w- c:\windows\system32\dllcache\smidispb.dll
    2010-08-31 18:00 . 2001-08-18 02:36 238592 ----a-w- c:\windows\system32\dllcache\sisgrv.dll
    2010-08-31 17:59 . 2001-08-17 17:53 6912 ----a-w- c:\windows\system32\dllcache\seaddsmc.sys
    2010-08-31 17:58 . 2001-08-18 02:36 62496 ----a-w- c:\windows\system32\dllcache\s3mtrio.dll
    2010-08-31 17:57 . 2001-08-17 17:51 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
    2010-08-31 17:56 . 2001-08-17 17:53 17792 ----a-w- c:\windows\system32\dllcache\ppa.sys
    2010-08-31 17:55 . 2001-08-17 16:12 26153 ----a-w- c:\windows\system32\dllcache\pcmlm56.sys
    2010-08-31 17:54 . 2001-08-17 16:20 54528 ----a-w- c:\windows\system32\dllcache\opl3sax.sys
    2010-08-31 17:53 . 2001-08-17 16:50 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys
    2010-08-31 17:52 . 2001-08-17 16:50 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
    2010-08-31 17:52 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
    2010-08-31 17:52 . 2008-04-13 18:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
    2010-08-31 17:52 . 2001-08-17 17:48 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
    2010-08-31 17:52 . 2001-08-17 18:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
    2010-08-31 17:52 . 2008-04-13 18:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
    2010-08-31 17:52 . 2001-08-17 18:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
    2010-08-31 17:52 . 2001-08-17 17:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
    2010-08-31 17:52 . 2008-04-13 18:46 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
    2010-08-31 17:52 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
    2010-08-31 17:52 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
    2010-08-31 17:50 . 2001-08-17 17:28 576746 ----a-w- c:\windows\system32\dllcache\ltmdmntl.sys
    2010-08-31 17:49 . 2001-08-17 17:49 26624 ----a-w- c:\windows\system32\dllcache\irstusb.sys
    2010-08-31 17:49 . 2001-08-17 17:51 18688 ----a-w- c:\windows\system32\dllcache\irsir.sys
    2010-08-31 17:49 . 2008-04-14 00:11 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll
    2010-08-31 17:49 . 2008-04-14 00:12 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe
    2010-08-31 17:49 . 2001-08-17 17:49 23552 ----a-w- c:\windows\system32\dllcache\irmk7.sys
    2010-08-31 17:49 . 2008-04-13 18:54 88192 ----a-w- c:\windows\system32\dllcache\irda.sys
    2010-08-31 17:49 . 2001-08-17 16:12 45632 ----a-w- c:\windows\system32\dllcache\ip5515.sys
    2010-08-31 17:49 . 2001-08-18 02:36 90200 ----a-w- c:\windows\system32\dllcache\io8ports.dll
    2010-08-31 17:49 . 2001-08-17 17:50 38784 ----a-w- c:\windows\system32\dllcache\io8.sys
    2010-08-31 17:49 . 2001-08-17 17:47 13056 ----a-w- c:\windows\system32\dllcache\inport.sys
    2010-08-31 17:49 . 2001-08-18 02:36 372824 ----a-w- c:\windows\system32\dllcache\iconf32.dll
    2010-08-31 17:49 . 2001-08-17 18:06 100992 ----a-w- c:\windows\system32\dllcache\icam5usb.sys
    2010-08-31 17:49 . 2001-08-18 02:36 20480 ----a-w- c:\windows\system32\dllcache\icam5ext.dll
    2010-08-31 17:47 . 2001-08-17 17:28 73279 ----a-w- c:\windows\system32\dllcache\hsf_spkp.sys
    2010-08-31 17:46 . 2001-08-18 02:36 101376 ----a-w- c:\windows\system32\dllcache\hpgt34.dll
    2010-08-31 17:45 . 2001-08-17 16:15 442240 ----a-w- c:\windows\system32\dllcache\fpnpbase.sys
    2010-08-31 17:44 . 2001-08-17 16:19 174464 ----a-w- c:\windows\system32\dllcache\es198x.sys
    2010-08-31 17:43 . 2001-08-17 16:20 334208 ----a-w- c:\windows\system32\dllcache\ds1wdm.sys
    2010-08-31 17:42 . 2001-08-18 02:36 256512 ----a-w- c:\windows\system32\dllcache\devcon32.dll
    2010-08-31 17:41 . 2001-08-17 18:02 272640 ----a-w- c:\windows\system32\dllcache\cinemclc.sys
    2010-08-31 17:40 . 2001-08-17 17:12 12160 ----a-w- c:\windows\system32\dllcache\brfiltlo.sys
    2010-08-31 17:39 . 2008-04-13 18:46 48128 ----a-w- c:\windows\system32\dllcache\61883.sys
    2010-08-31 17:39 . 2008-04-13 18:40 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys
    2010-08-31 17:39 . 2001-08-17 18:55 38400 ----a-w- c:\windows\system32\dllcache\8514a.dll
    2010-08-31 17:39 . 2001-08-17 18:55 689216 ----a-w- c:\windows\system32\dllcache\3dfxvs.dll
    2010-08-31 17:39 . 2001-08-17 16:48 148352 ----a-w- c:\windows\system32\dllcache\3dfxvsm.sys
    2010-08-31 17:39 . 2008-04-13 18:46 53376 ----a-w- c:\windows\system32\dllcache\1394bus.sys
    2010-08-31 17:39 . 2001-08-17 18:06 11264 ----a-w- c:\windows\system32\dllcache\1394vdbg.sys
    2010-08-31 17:39 . 2001-08-17 17:28 762780 ----a-w- c:\windows\system32\dllcache\3cwmcru.sys
    2010-08-31 17:39 . 2001-08-17 18:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
    2010-08-29 06:10 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
    2010-08-28 23:56 . 2010-08-31 09:34 120 ----a-w- c:\windows\Gyayagifinos.dat
    2010-08-28 23:56 . 2010-08-31 05:51 0 ----a-w- c:\windows\Dsotalevetec.bin
    2010-08-28 23:49 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
    2010-08-28 23:49 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
    2010-08-28 23:49 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
    2010-08-28 23:49 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-04 05:32 . 2010-09-02 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-09-04 04:08 . 2010-09-04 04:08 -------- d-----w- c:\documents and settings\Albert Appalucci\Application Data\Malwarebytes
    2010-09-04 04:08 . 2010-09-04 04:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-04 04:08 . 2010-09-04 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-09-04 01:37 . 2009-04-12 00:24 -------- d-----w- c:\program files\Windows Live Safety Center
    2010-09-03 16:10 . 2010-06-25 22:17 -------- d-----w- c:\program files\Freecorder
    2010-09-03 06:36 . 2010-09-03 06:36 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-09-02 03:49 . 2009-10-23 03:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp
    2010-09-02 01:47 . 2010-09-02 01:28 662750 ----a-w- c:\windows\system32\drivers\Cat.DB
    2010-09-02 01:46 . 2010-06-19 16:18 -------- d-----w- c:\program files\Alwil Software
    2010-08-10 22:00 . 2006-05-08 16:08 -------- d-----w- c:\documents and settings\Albert Appalucci\Application Data\U3
    2010-08-06 01:33 . 2010-07-12 17:46 -------- d-----w- c:\documents and settings\Albert Appalucci\Application Data\vlc
    2010-07-27 02:01 . 2010-07-27 02:00 -------- d-----w- c:\documents and settings\Albert Appalucci\Application Data\dvdcss
    2010-07-15 01:40 . 2010-03-28 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
    2010-07-15 01:38 . 2009-08-24 17:26 -------- d-----w- c:\program files\Common Files\DivX Shared
    2010-06-30 12:31 . 2007-06-13 17:52 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44 . 2007-04-04 15:19 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 2006-07-12 03:33 354304 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-17 14:03 . 2004-08-04 11:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 14:31 . 2004-08-04 11:00 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe
    2010-06-14 07:41 . 2004-08-04 11:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-09 23:01 . 2008-01-31 18:45 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
    2010-06-09 23:01 . 2008-01-31 18:45 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
    2010-06-09 23:01 . 2008-01-31 18:45 133616 ------w- c:\windows\system32\pxafs.dll
    2010-06-09 23:01 . 2008-01-31 18:45 126448 ------w- c:\windows\system32\pxinsi64.exe
    2010-06-09 23:01 . 2008-01-31 18:45 123888 ------w- c:\windows\system32\pxcpyi64.exe
    2010-06-09 23:01 . 2004-03-03 08:02 45648 -c----w- c:\windows\system32\drivers\pxhelp20.sys
    2005-06-26 19:32 . 2005-06-26 19:32 616448 --sha-r- c:\windows\SYSTEM32\cygwin1.dll
    2005-06-22 02:37 . 2005-06-22 02:37 45568 --sha-r- c:\windows\SYSTEM32\cygz.dll
    2009-04-13 16:58 . 2009-04-13 16:58 2098 --sh--w- c:\windows\SYSTEM32\dawusere.exe
    2004-01-25 04:00 . 2004-01-25 04:00 70656 --sha-r- c:\windows\SYSTEM32\i420vfw.dll
    2005-02-28 17:16 . 2005-02-28 17:16 240128 --sha-r- c:\windows\SYSTEM32\x.264.exe
    2004-01-25 04:00 . 2004-01-25 04:00 70656 --sha-r- c:\windows\SYSTEM32\yv12vfw.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612} "= "c:\program files\Freecorder\tbFre0.dll" [2010-09-03 2734688]

    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    2010-09-03 16:10 2734688 ----a-w- c:\program files\Freecorder\tbFre0.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612} "= "c:\program files\Freecorder\tbFre0.dll" [2010-09-03 2734688]

    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{1392B8D2-5C05-419F-A8F6-B9F15A596612} "= "c:\program files\Freecorder\tbFre0.dll" [2010-09-03 2734688]

    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
    @= "{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE} "
    [HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
    2010-06-28 20:59 153184 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Verizon_McciTrayApp "= "c:\program files\Verizon\McciTrayApp.exe" [2007-09-28 936960]
    "Freecorder FLV Service "= "c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-05-06 155648]
    "DVDLauncher "= "c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-07-07 53248]
    "avast5 "= "c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
    backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LaunchU3.exe.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
    backup=c:\windows\pss\LaunchU3.exe.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xwpmdtin

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-01-12 02:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    2004-06-11 03:10 339968 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    2004-07-19 12:51 306688 ----a-w- c:\program files\Dell Support\DSAgnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    2004-03-15 07:04 122933 -c--a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2004-07-07 21:58 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service]
    2010-06-26 17:09 167936 ----a-w- c:\program files\Freecorder\FLVSrvc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
    2003-12-06 04:08 50688 -c----w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    2004-04-19 20:45 53248 -c--a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    2004-04-19 20:45 131072 -c--a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    2004-04-12 02:15 290816 -c----w- c:\program files\Dell\Media Experience\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2006-05-06 20:55 155648 ----a-w- c:\program files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    2006-05-20 18:13 208941 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2003-11-19 23:48 32881 -c--a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2006-05-20 18:13 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    2003-08-19 07:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe "=

    R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\SYSTEM32\DRIVERS\aswNdis.sys [9/1/2010 9:46 PM 12112]
    R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\SYSTEM32\DRIVERS\aswNdis2.sys [9/1/2010 9:47 PM 188168]
    R1 aswFW;avast! TDI Firewall driver;c:\windows\SYSTEM32\DRIVERS\aswFW.sys [9/1/2010 9:47 PM 99280]
    R1 aswSnx;aswSnx;c:\windows\SYSTEM32\DRIVERS\aswSnx.sys [9/1/2010 9:47 PM 312912]
    R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [9/1/2010 9:47 PM 165456]
    R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [9/1/2010 9:47 PM 17744]
    R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [9/1/2010 9:46 PM 119200]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe "
    uInternet Settings,ProxyServer = http=127.0.0.1:5643
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Albert Appalucci\Application Data\Mozilla\Firefox\Profiles\vvafqfrv.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: network.proxy.type - 1
    FF - component: c:\documents and settings\Albert Appalucci\Application Data\Mozilla\Firefox\Profiles\vvafqfrv.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\Albert Appalucci\Application Data\Mozilla\Firefox\Profiles\vvafqfrv.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{d1fb2090-8bb1-4e4b-ab97-e1b3a10b5c0a} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
    MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
    MSConfigStartUp-VerizonServicepoint - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-04 02:46
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3718143043-152736964-3013386423-1006\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101 "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(764)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'Explorer.EXE'(1516)
    c:\windows\system32\WININET.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\documents and settings\Albert Appalucci\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\System32\SCardSvr.exe
    .
    **************************************************************************
    .
    Completion time: 2010-09-04 02:58:28 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-09-04 06:58

    Pre-Run: 7,664,238,592 bytes free
    Post-Run: 8,175,763,456 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug= "do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - BBF0CE90FAF0A55E8FA7BB6FFF82E4A6
     
    Last edited: 2010/09/04
    albert1013,
    #10
  12. 2010/09/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    How is computer doing at the moment?


    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #11
  13. 2010/09/04
    albert1013

    albert1013 Inactive Thread Starter

    Joined:
    2002/05/27
    Messages:
    68
    Likes Received:
    0
    trojan

    Hi broni. I have downloaded the file and will run the scan and post the reports. Give me a few minutes to read your post and remember everything. Thanks.
     
    albert1013,
    #12
  14. 2010/09/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok....
     
    broni,
    #13
  15. 2010/09/04
    albert1013

    albert1013 Inactive Thread Starter

    Joined:
    2002/05/27
    Messages:
    68
    Likes Received:
    0
    trojans

    The scan only gave me one report so I am going to run it again. Sorry. Just a few more minutes.
     
    albert1013,
    #14
  16. 2010/09/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It happens sometimes.
    Post what you got.
     
    broni,
    #15
  17. 2010/09/04
    albert1013

    albert1013 Inactive Thread Starter

    Joined:
    2002/05/27
    Messages:
    68
    Likes Received:
    0
    trojans

    The reports are too long and they won't post unless they are shorter. Any suggestions? Should I cut them in half?
     
    albert1013,
    #16
  18. 2010/09/04
    albert1013

    albert1013 Inactive Thread Starter

    Joined:
    2002/05/27
    Messages:
    68
    Likes Received:
    0
    Ok I got just one report and I will have to give it to you in 2 parts. Here is part one:

    OTL logfile created on: 9/4/2010 12:49:36 PM - Run 4
    OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Albert Appalucci\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,023.00 Mb Total Physical Memory | 662.00 Mb Available Physical Memory | 65.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 86.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 24.39 Gb Total Space | 7.74 Gb Free Space | 31.72% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: DJ3Y3Z51
    Current User Name: Albert Appalucci
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/09/04 12:05:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Albert Appalucci\Desktop\OTL.exe
    PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/06/28 16:57:02 | 000,119,200 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
    PRC - [2010/06/26 13:09:18 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/09/28 14:30:48 | 000,936,960 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\verizon\McciTrayApp.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/09/04 12:05:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Albert Appalucci\Desktop\OTL.exe
    MOD - [2010/09/04 11:54:02 | 000,018,432 | ---- | M] (Applian Technologies, Inc.) -- C:\Documents and Settings\Albert Appalucci\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
    MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
    MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/06/28 16:57:02 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010/06/28 16:39:55 | 000,099,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
    DRV - [2010/06/28 16:39:38 | 000,312,912 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2010/06/28 16:38:56 | 000,188,168 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
    DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2010/06/28 16:10:45 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
    DRV - [2008/04/13 14:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
    DRV - [2008/04/13 14:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
    DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2004/11/02 02:49:04 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
    DRV - [2004/06/11 00:57:04 | 000,746,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
    DRV - [2004/05/12 22:30:14 | 000,258,704 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\stac97.sys -- (STAC97) Audio Driver (WDM)
    DRV - [2004/03/15 03:04:00 | 000,100,597 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
    DRV - [2004/03/15 03:04:00 | 000,098,580 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
    DRV - [2004/03/15 03:04:00 | 000,085,972 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
    DRV - [2004/03/15 03:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
    DRV - [2004/03/15 03:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
    DRV - [2004/03/15 03:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
    DRV - [2004/03/15 03:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
    DRV - [2004/03/15 03:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
    DRV - [2004/03/15 03:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
    DRV - [2004/02/27 04:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
    DRV - [2004/02/13 13:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
    DRV - [2004/02/13 05:21:00 | 000,086,160 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
    DRV - [2004/01/14 21:18:16 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
    DRV - [2004/01/14 21:18:04 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
    DRV - [2003/12/11 14:53:22 | 000,091,395 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ozscr.sys -- (O2SCBUS)
    DRV - [2003/11/13 20:21:16 | 000,197,120 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys -- (HSFHWICH)
    DRV - [2003/11/13 20:18:36 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
    DRV - [2003/11/13 20:17:00 | 001,042,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
    DRV - [2003/08/21 21:25:52 | 000,094,600 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Apfiltr.sys -- (ApfiltrService)
    DRV - [2003/05/21 18:47:12 | 000,175,360 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
    DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/ "
    FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
    FF - prefs.js..extensions.enabledItems: {7102aba3-045c-4ec2-b921-46d87636d84b}:2.10
    FF - prefs.js..extensions.enabledItems: yetanothersmoothscrolling@kataho:3.0.13
    FF - prefs.js..extensions.enabledItems: nosquint@urandom.ca:2.0.3
    FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.7.1.3
    FF - prefs.js..extensions.enabledItems: {40472737-8B67-48FB-945D-B3D52770CAD0}:1.9.1
    FF - prefs.js..network.proxy.type: 1

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/30 19:34:11 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/30 19:34:11 | 000,000,000 | ---D | M]

    [2010/02/02 16:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Albert Appalucci\Application Data\Mozilla\Extensions
    [2010/08/31 14:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Albert Appalucci\Application Data\Mozilla\Firefox\Profiles\vvafqfrv.default\extensions
    [2010/07/21 15:29:00 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Documents and Settings\Albert Appalucci\Application Data\Mozilla\Firefox\Profiles\vvafqfrv.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
    [2010/04/29 17:17:09 | 000,000,000 | ---D | M] (History Submenus) -- C:\Documents and Settings\Albert Appalucci\Application Data\Mozilla\Firefox\Profiles\vvafqfrv.default\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b}
    [2010/02/02 18:11:51 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Documents and Settings\Albert Appalucci\Application Data\Mozilla\Firefox\Profiles\vvafqfrv.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
    [2010/06/21 13:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Albert Appalucci\Application Data\Mozilla\Firefox\Profiles\vvafqfrv.default\extensions\nosquint@urandom.ca
    [2010/04/29 17:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Albert Appalucci\Application Data\Mozilla\Firefox\Profiles\vvafqfrv.default\extensions\yetanothersmoothscrolling@kataho
    [2010/02/02 16:54:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010/09/04 02:45:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll (Conduit Ltd.)
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFre0.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
    O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\verizon\McciTrayApp.exe (Motive Communications, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab (Support.com Configuration Class)
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120832065743 (WUWebControl Class)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6093/mcfscan.cab (McFreeScan Class)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
    O24 - Desktop WallPaper: C:\WINDOWS\DELL.BMP
    O24 - Desktop BackupWallPaper: C:\WINDOWS\DELL.BMP
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found

    Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\WINDOWS\System32\MSG711.ACM (Microsoft Corporation)
    Drivers32: msacm.msg723 - C:\WINDOWS\System32\MSG723.ACM (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\MSGSM32.ACM (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
    Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
    Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wavemapper - C:\WINDOWS\System32\MSACM32.DRV (Microsoft Corporation)
    Unable to start service SrService!

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/09/04 12:05:33 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Albert Appalucci\Desktop\OTL.exe
    [2010/09/04 03:08:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/09/04 02:38:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2010/09/04 01:36:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/09/04 01:32:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/09/04 01:32:43 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/09/04 01:32:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/09/04 01:32:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/09/04 01:32:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/09/04 01:29:08 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/09/04 00:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Albert Appalucci\Application Data\Malwarebytes
    [2010/09/04 00:08:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/09/04 00:08:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/09/04 00:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/09/04 00:08:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/09/04 00:04:43 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Albert Appalucci\Desktop\mbam-setup-1.46.exe
    [2010/09/03 12:13:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\McAfee.com
    [2010/09/03 02:36:36 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/09/02 19:07:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Albert Appalucci\Local Settings\Application Data\Sunbelt Software
    [2010/09/02 19:05:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
    [2010/09/02 17:02:22 | 001,870,496 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Albert Appalucci\Desktop\HousecallLauncher.exe
    [2010/09/01 21:47:56 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/09/01 21:47:55 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/09/01 21:47:53 | 000,312,912 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2010/09/01 21:47:52 | 000,099,280 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
    [2010/09/01 21:47:17 | 000,188,168 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
    [2010/09/01 21:47:16 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/09/01 21:47:14 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/09/01 21:47:12 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/09/01 21:47:12 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/09/01 21:47:11 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/09/01 21:46:47 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
    [2010/09/01 21:46:44 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/09/01 21:37:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Albert Appalucci\Local Settings\Application Data\Threat Expert
    [2010/09/01 21:05:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
    [2010/09/01 11:19:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
    [2010/08/31 14:09:46 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
    [2010/08/31 14:09:41 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
    [2010/08/31 14:09:24 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
    [2010/08/31 14:09:19 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
    [2010/08/31 14:08:39 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
    [2010/08/31 14:08:35 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
    [2010/08/31 14:08:25 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
    [2010/08/31 14:08:01 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
    [2010/08/31 14:07:46 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
    [2010/08/31 14:07:42 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
    [2010/08/31 14:07:37 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
    [2010/08/31 14:07:32 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
    [2010/08/31 14:07:27 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
    [2010/08/31 14:07:22 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
    [2010/08/31 14:07:17 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
    [2010/08/31 14:07:00 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
    [2010/08/31 14:06:41 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
    [2010/08/31 14:06:36 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
    [2010/08/31 14:06:32 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
    [2010/08/31 14:06:22 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
    [2010/08/31 14:05:59 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
    [2010/08/31 14:05:42 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
    [2010/08/31 14:05:37 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
    [2010/08/31 14:05:25 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
    [2010/08/31 14:05:21 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
    [2010/08/31 14:05:17 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
    [2010/08/31 14:05:13 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
    [2010/08/31 14:05:08 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
    [2010/08/31 14:05:04 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
    [2010/08/31 14:04:31 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
    [2010/08/31 14:04:25 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
    [2010/08/31 14:04:21 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
    [2010/08/31 14:04:20 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
    [2010/08/31 14:04:14 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
    [2010/08/31 14:04:11 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
    [2010/08/31 14:03:55 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
    [2010/08/31 14:03:51 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
    [2010/08/31 14:03:14 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
    [2010/08/31 14:03:10 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
    [2010/08/31 14:03:06 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
    [2010/08/31 14:03:02 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
    [2010/08/31 14:02:56 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
    [2010/08/31 14:02:03 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
    [2010/08/31 14:01:58 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
    [2010/08/31 14:01:54 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
    [2010/08/31 14:01:50 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
    [2010/08/31 14:01:47 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
    [2010/08/31 14:01:18 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
    [2010/08/31 14:01:14 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
    [2010/08/31 14:01:10 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
    [2010/08/31 14:01:01 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
    [2010/08/31 14:00:27 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
    [2010/08/31 14:00:24 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
    [2010/08/31 14:00:20 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
    [2010/08/31 14:00:16 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
    [2010/08/31 13:59:47 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
    [2010/08/31 13:59:39 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
    [2010/08/31 13:59:35 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
    [2010/08/31 13:59:17 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
    [2010/08/31 13:59:13 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
    [2010/08/31 13:59:10 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
    [2010/08/31 13:59:06 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
    [2010/08/31 13:59:02 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
    [2010/08/31 13:58:58 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
    [2010/08/31 13:58:55 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
    [2010/08/31 13:58:51 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
    [2010/08/31 13:58:47 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
    [2010/08/31 13:58:39 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
    [2010/08/31 13:58:36 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
    [2010/08/31 13:58:35 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
    [2010/08/31 13:58:35 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
    [2010/08/31 13:58:34 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
    [2010/08/31 13:58:33 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
    [2010/08/31 13:58:30 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
    [2010/08/31 13:58:27 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
    [2010/08/31 13:58:18 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
    [2010/08/31 13:58:11 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
    [2010/08/31 13:58:07 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
    [2010/08/31 13:58:02 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
    [2010/08/31 13:57:47 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
    [2010/08/31 13:57:43 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
    [2010/08/31 13:57:26 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
    [2010/08/31 13:57:22 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
    [2010/08/31 13:57:18 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
    [2010/08/31 13:57:04 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
    [2010/08/31 13:56:17 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
    [2010/08/31 13:56:14 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
    [2010/08/31 13:55:59 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
    [2010/08/31 13:55:57 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
    [2010/08/31 13:55:54 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
    [2010/08/31 13:55:09 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
    [2010/08/31 13:55:05 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
    [2010/08/31 13:55:01 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
    [2010/08/31 13:54:57 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
    [2010/08/31 13:54:33 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
    [2010/08/31 13:54:19 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
    [2010/08/31 13:54:15 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
    [2010/08/31 13:54:10 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
    [2010/08/31 13:54:09 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
    [2010/08/31 13:53:59 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
    [2010/08/31 13:53:55 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
    [2010/08/31 13:53:44 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
    [2010/08/31 13:53:41 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
    [2010/08/31 13:53:37 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
     
    albert1013,
    #17
  19. 2010/09/04
    albert1013

    albert1013 Inactive Thread Starter

    Joined:
    2002/05/27
    Messages:
    68
    Likes Received:
    0
    Here is part 2.

    ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
    [2010/08/31 13:53:30 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
    [2010/08/31 13:53:27 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
    [2010/08/31 13:53:16 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
    [2010/08/31 13:53:12 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
    [2010/08/31 13:53:09 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
    [2010/08/31 13:53:05 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
    [2010/08/31 13:53:02 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
    [2010/08/31 13:52:58 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
    [2010/08/31 13:51:29 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
    [2010/08/31 13:51:06 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
    [2010/08/31 13:51:03 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
    [2010/08/31 13:51:02 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
    [2010/08/31 13:50:59 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
    [2010/08/31 13:50:58 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
    [2010/08/31 13:50:55 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
    [2010/08/31 13:50:46 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
    [2010/08/31 13:50:43 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
    [2010/08/31 13:50:39 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
    [2010/08/31 13:50:36 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
    [2010/08/31 13:50:32 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
    [2010/08/31 13:50:29 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
    [2010/08/31 13:49:50 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
    [2010/08/31 13:49:42 | 000,045,632 | ---- | C] (Interphase (R) Corporation a Windows (R) 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
    [2010/08/31 13:49:07 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
    [2010/08/31 13:47:12 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
    [2010/08/31 13:47:00 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
    [2010/08/31 13:46:30 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
    [2010/08/31 13:46:28 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
    [2010/08/31 13:46:25 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
    [2010/08/31 13:46:10 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
    [2010/08/31 13:46:03 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
    [2010/08/31 13:46:01 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
    [2010/08/31 13:45:57 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
    [2010/08/31 13:45:54 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
    [2010/08/31 13:45:52 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
    [2010/08/31 13:45:51 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
    [2010/08/31 13:45:34 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
    [2010/08/31 13:45:29 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
    [2010/08/31 13:45:27 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
    [2010/08/31 13:44:56 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
    [2010/08/31 13:43:54 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
    [2010/08/31 13:43:50 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
    [2010/08/31 13:43:40 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
    [2010/08/31 13:43:38 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
    [2010/08/31 13:43:37 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
    [2010/08/31 13:43:31 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
    [2010/08/31 13:43:30 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
    [2010/08/31 13:43:29 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
    [2010/08/31 13:43:27 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
    [2010/08/31 13:43:25 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
    [2010/08/31 13:43:02 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
    [2010/08/31 13:43:01 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
    [2010/08/31 13:42:57 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
    [2010/08/31 13:42:33 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
    [2010/08/31 13:42:32 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
    [2010/08/31 13:42:31 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
    [2010/08/31 13:42:30 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
    [2010/08/31 13:42:29 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
    [2010/08/31 13:42:27 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
    [2010/08/31 13:42:26 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
    [2010/08/31 13:42:24 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
    [2010/08/31 13:42:16 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
    [2010/08/31 13:42:14 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
    [2010/08/31 13:42:04 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
    [2010/08/31 13:41:57 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
    [2010/08/31 13:41:51 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
    [2010/08/31 13:41:51 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
    [2010/08/31 13:41:50 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
    [2010/08/31 13:41:49 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
    [2010/08/31 13:41:48 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
    [2010/08/31 13:41:46 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
    [2010/08/31 13:41:45 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
    [2010/08/31 13:41:45 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
    [2010/08/31 13:41:44 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
    [2010/08/31 13:41:42 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
    [2010/08/31 13:41:40 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
    [2010/08/31 13:41:40 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
    [2010/08/31 13:41:10 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
    [2010/08/31 13:41:09 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
    [2010/08/31 13:41:08 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
    [2010/08/31 13:41:07 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
    [2010/08/31 13:41:07 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
    [2010/08/31 13:41:06 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
    [2010/08/31 13:41:05 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
    [2010/08/31 13:41:04 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
    [2010/08/31 13:41:03 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
    [2010/08/31 13:41:03 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
    [2010/08/31 13:41:02 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
    [2010/08/31 13:41:01 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
    [2010/08/31 13:41:00 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
    [2010/08/31 13:40:59 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
    [2010/08/31 13:40:59 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
    [2010/08/31 13:40:58 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
    [2010/08/31 13:40:57 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
    [2010/08/31 13:40:57 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
    [2010/08/31 13:40:46 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
    [2010/08/31 13:40:43 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
    [2010/08/31 13:40:42 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
    [2010/08/31 13:40:41 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
    [2010/08/31 13:40:41 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
    [2010/08/31 13:40:40 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
    [2010/08/31 13:40:39 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
    [2010/08/31 13:40:39 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
    [2010/08/31 13:40:20 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
    [2010/08/31 13:40:18 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
    [2010/08/31 13:40:14 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
    [2010/08/31 13:40:07 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
    [2010/08/31 13:40:06 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
    [2010/08/31 13:40:06 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
    [2010/08/31 13:40:05 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
    [2010/08/31 13:40:05 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
    [2010/08/31 13:40:04 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
    [2010/08/31 13:40:02 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
    [2010/08/31 13:40:01 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
    [2010/08/31 13:40:00 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
    [2010/08/31 13:40:00 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
    [2010/08/31 13:39:58 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
    [2010/08/31 13:39:58 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
    [2010/08/31 13:39:57 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
    [2010/08/29 02:10:51 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
    [2010/08/27 21:22:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Albert Appalucci\Recent
    [2010/07/27 22:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Albert Appalucci\Local Settings\Application Data\jynvehlrm
    [2010/07/26 22:00:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Albert Appalucci\Application Data\dvdcss
    [2010/07/12 13:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Albert Appalucci\Application Data\vlc
    [2010/06/25 18:19:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Albert Appalucci\Local Settings\Application Data\Conduit
    [2010/06/25 18:19:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Albert Appalucci\Local Settings\Application Data\Freecorder
    [2010/06/25 18:19:03 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
    [2010/06/25 18:18:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Albert Appalucci\My Documents\Freecorder 4
    [2010/06/25 18:18:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Albert Appalucci\Local Settings\Application Data\FLVService
    [2010/06/25 18:17:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Freecorder
    [2010/06/25 18:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\Freecorder
    [2010/06/20 18:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Albert Appalucci\My Documents\DivX Movies
    [2010/06/19 20:13:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Albert Appalucci\My Documents\Downloads
    [2010/06/19 12:18:43 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/06/19 12:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [1980/01/01 02:00:00 | 000,131,072 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/09/04 12:05:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Albert Appalucci\Desktop\OTL.exe
    [2010/09/04 11:54:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
    [2010/09/04 11:54:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/09/04 11:53:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
    [2010/09/04 11:53:53 | 1073,000,448 | -HS- | M] () -- C:\hiberfil.sys
    [2010/09/04 04:15:27 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Albert Appalucci\NTUSER.DAT
    [2010/09/04 04:15:27 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Albert Appalucci\NTUSER.INI
    [2010/09/04 02:46:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/09/04 02:45:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
    [2010/09/04 01:36:41 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
    [2010/09/04 01:23:59 | 003,835,232 | R--- | M] () -- C:\Documents and Settings\Albert Appalucci\Desktop\ComboFix.exe
    [2010/09/04 00:26:50 | 006,617,422 | -H-- | M] () -- C:\Documents and Settings\Albert Appalucci\Local Settings\Application Data\IconCache.db
    [2010/09/04 00:08:15 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/09/04 00:06:34 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Albert Appalucci\Desktop\MBRCheck.exe
    [2010/09/04 00:05:41 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Albert Appalucci\Desktop\hq0g4qrx.exe
    [2010/09/04 00:04:47 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Albert Appalucci\Desktop\mbam-setup-1.46.exe
    [2010/09/03 02:36:33 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/09/02 17:05:38 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Albert Appalucci\Local Settings\Application Data\housecall.guid.cache
    [2010/09/02 17:02:22 | 001,870,496 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Albert Appalucci\Desktop\HousecallLauncher.exe
    [2010/09/01 21:47:56 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
    [2010/09/01 21:47:38 | 000,662,750 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
    [2010/09/01 21:47:13 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/09/01 11:14:37 | 058,486,480 | ---- | M] () -- C:\Documents and Settings\Albert Appalucci\My Documents\setup_ais.exe
    [2010/08/31 05:34:22 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Gyayagifinos.dat
    [2010/08/31 01:51:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Dsotalevetec.bin
    [2010/08/10 17:54:33 | 000,228,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/08/10 17:53:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/07/28 14:57:51 | 000,000,507 | ---- | M] () -- C:\WINDOWS\WIN.INI
    [2010/07/28 14:57:51 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/07/24 11:06:22 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
    [2010/07/22 15:48:44 | 000,010,622 | -HS- | M] () -- C:\Documents and Settings\Albert Appalucci\My Documents\Folder.jpg
    [2010/07/22 15:48:44 | 000,010,622 | -HS- | M] () -- C:\Documents and Settings\Albert Appalucci\My Documents\AlbumArt_{68F899DA-4948-45F1-9D5E-ED6FB7C38E4B}_Large.jpg
    [2010/07/22 15:48:44 | 000,002,890 | -HS- | M] () -- C:\Documents and Settings\Albert Appalucci\My Documents\AlbumArtSmall.jpg
    [2010/07/22 15:48:44 | 000,002,890 | -HS- | M] () -- C:\Documents and Settings\Albert Appalucci\My Documents\AlbumArt_{68F899DA-4948-45F1-9D5E-ED6FB7C38E4B}_Small.jpg
    [2010/07/22 15:24:35 | 000,011,267 | -HS- | M] () -- C:\Documents and Settings\Albert Appalucci\My Documents\AlbumArt_{DE6B93AE-DA8E-4FAD-B8C0-17292C4BE2A7}_Large.jpg
    [2010/07/22 15:24:35 | 000,002,747 | -HS- | M] () -- C:\Documents and Settings\Albert Appalucci\My Documents\AlbumArt_{DE6B93AE-DA8E-4FAD-B8C0-17292C4BE2A7}_Small.jpg
    [2010/07/21 15:28:23 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\Albert Appalucci\Desktop\FCVideos Application.lnk
    [2010/07/21 14:43:11 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
    [2010/07/14 21:54:49 | 000,155,136 | ---- | M] () -- C:\Documents and Settings\Albert Appalucci\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/07/12 13:46:11 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
    [2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
    [2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/06/28 16:39:55 | 000,099,280 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
    [2010/06/28 16:39:38 | 000,312,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2010/06/28 16:38:56 | 000,188,168 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
    [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/06/28 16:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/06/28 16:10:45 | 000,012,112 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
    [2010/06/19 12:29:33 | 000,375,974 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
    [2010/06/19 12:29:33 | 000,051,606 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
    [2010/06/13 20:17:11 | 000,008,982 | -HS- | M] () -- C:\Documents and Settings\Albert Appalucci\My Documents\AlbumArt_{4CCB31B9-86D1-483B-B932-594D5AC81D5A}_Large.jpg
    [2010/06/13 20:17:11 | 000,002,463 | -HS- | M] () -- C:\Documents and Settings\Albert Appalucci\My Documents\AlbumArt_{4CCB31B9-86D1-483B-B932-594D5AC81D5A}_Small.jpg
    [2010/06/13 20:07:40 | 000,011,170 | -HS- | M] () -- C:\Documents and Settings\Albert Appalucci\My Documents\AlbumArt_{F3B9F80B-927A-43C2-AF6E-221D5B5405AB}_Large.jpg
    [2010/06/13 20:07:40 | 000,002,625 | -HS- | M] () -- C:\Documents and Settings\Albert Appalucci\My Documents\AlbumArt_{F3B9F80B-927A-43C2-AF6E-221D5B5405AB}_Small.jpg
    [2010/06/13 01:39:50 | 000,010,985 | -HS- | M] () -- C:\Documents and Settings\Albert Appalucci\My Documents\AlbumArt_{B5D2AD0B-BE2E-40D0-9D1C-146256FFE8FB}_Large.jpg
    [2010/06/13 01:39:50 | 000,002,546 | -HS- | M] () -- C:\Documents and Settings\Albert Appalucci\My Documents\AlbumArt_{B5D2AD0B-BE2E-40D0-9D1C-146256FFE8FB}_Small.jpg
    [2010/06/13 01:30:03 | 000,010,685 | -HS- | M] () -- C:\Documents and Settings\Albert Appalucci\My Documents\AlbumArt_{E2390807-C57D-4DA7-8D3A-A02FF8EB2B69}_Large.jpg
    [2010/06/13 01:30:03 | 000,002,477 | -HS- | M] () -- C:\Documents and Settings\Albert Appalucci\My Documents\AlbumArt_{E2390807-C57D-4DA7-8D3A-A02FF8EB2B69}_Small.jpg
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/09/04 01:36:41 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/09/04 01:36:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/09/04 01:32:43 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/09/04 01:32:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/09/04 01:32:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/09/04 01:32:43 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/09/04 01:32:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/09/04 01:23:59 | 003,835,232 | R--- | C] () -- C:\Documents and Settings\Albert Appalucci\Desktop\ComboFix.exe
    [2010/09/04 00:08:15 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/09/04 00:06:34 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Albert Appalucci\Desktop\MBRCheck.exe
    [2010/09/04 00:05:41 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Albert Appalucci\Desktop\hq0g4qrx.exe
    [2010/09/02 17:05:38 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Albert Appalucci\Local Settings\Application Data\housecall.guid.cache
    [2010/09/01 21:47:56 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
    [2010/09/01 21:28:20 | 000,662,750 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
    [2010/09/01 21:13:38 | 1073,000,448 | -HS- | C] () -- C:\hiberfil.sys
    [2010/09/01 11:14:29 | 058,486,480 | ---- | C] () -- C:\Documents and Settings\Albert Appalucci\My Documents\setup_ais.exe
    [2010/08/31 14:09:40 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
    [2010/08/31 14:09:35 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
    [2010/08/31 13:57:12 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
    [2010/08/31 13:57:07 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
    [2010/08/31 13:52:16 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
    [2010/08/31 13:47:09 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
    [2010/08/31 13:47:03 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
    [2010/08/31 13:46:58 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
    [2010/08/31 13:46:52 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
    [2010/08/31 13:46:47 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
    [2010/08/31 13:43:35 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
    [2010/08/31 13:43:34 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
    [2010/08/31 13:43:33 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
    [2010/08/31 13:41:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
    [2010/08/31 13:41:31 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
    [2010/08/31 13:41:31 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
    [2010/08/31 13:41:30 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
    [2010/08/31 13:41:29 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
    [2010/08/31 13:41:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
    [2010/08/31 13:41:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
    [2010/08/31 13:41:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
    [2010/08/31 13:41:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
    [2010/08/31 13:41:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
    [2010/08/31 13:41:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
    [2010/08/31 13:41:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
    [2010/08/31 13:41:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
    [2010/08/31 13:41:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
    [2010/08/31 13:41:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
    [2010/08/31 13:41:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
    [2010/08/31 13:41:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
    [2010/08/31 13:41:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
    [2010/08/31 13:41:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
    [2010/08/31 13:41:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
    [2010/08/31 13:41:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
    [2010/08/31 13:41:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
    [2010/08/31 13:41:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
    [2010/08/31 13:41:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
    [2010/08/31 13:41:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
    [2010/08/31 13:41:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
    [2010/08/31 13:41:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
    [2010/08/31 13:41:20 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
    [2010/08/31 13:41:20 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
    [2010/08/31 13:41:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
    [2010/08/31 13:41:19 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
    [2010/08/31 13:41:19 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
    [2010/08/31 13:41:19 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
    [2010/08/31 13:41:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
    [2010/08/31 13:41:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
    [2010/08/31 13:41:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
    [2010/08/31 13:41:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
    [2010/08/31 13:41:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
    [2010/08/31 13:41:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
    [2010/08/31 13:41:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
    [2010/08/31 13:41:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
    [2010/08/31 13:41:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
    [2010/08/31 13:41:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
    [2010/08/31 13:41:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
    [2010/08/31 13:41:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
    [2010/08/31 13:41:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
    [2010/08/31 13:41:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
    [2010/08/31 13:40:33 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
    [2010/08/31 13:40:32 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
    [2010/08/31 13:40:32 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
    [2010/08/31 13:40:31 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
    [2010/08/31 13:40:30 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
    [2010/08/31 13:40:30 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
    [2010/08/31 13:40:29 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
    [2010/08/31 13:40:29 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
    [2010/08/31 13:40:27 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
    [2010/08/31 13:40:22 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
    [2010/08/28 19:56:50 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Gyayagifinos.dat
    [2010/08/28 19:56:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dsotalevetec.bin
    [2010/07/22 21:46:44 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\Albert Appalucci\Desktop\FCVideos Application.lnk
    [2010/07/22 15:49:09 | 000,010,622 | -HS- | C] () -- C:\Documents and Settings\Albert Appalucci\My Documents\AlbumArt_{68F899DA-4948-45F1-9D5E-ED6FB7C38E4B}_Large.jpg
    [2010/07/22 15:49:09 | 000,002,890 | -HS- | C] () -- C:\Documents and Settings\Albert Appalucci\My Documents\AlbumArt_{68F899DA-4948-45F1-9D5E-ED6FB7C38E4B}_Small.jpg
    [2010/07/22 15:24:36 | 000,011,267 | -HS- | C] () -- C:\Documents and Settings\Albert Appalucci\My Documents\AlbumArt_{DE6B93AE-DA8E-4FAD-B8C0-17292C4BE2A7}_Large.jpg
    [2010/07/22 15:24:35 | 000,002,747 | -HS- | C] () -- C:\Documents and Settings\Albert Appalucci\My Documents\AlbumArt_{DE6B93AE-DA8E-4FAD-B8C0-17292C4BE2A7}_Small.jpg
    [2010/07/21 14:43:11 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
    [2010/07/21 14:43:11 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
    [2010/07/12 13:46:11 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
    [2010/06/13 20:17:30 | 000,008,982 | -HS- | C] () -- C:\Documents and Settings\Albert Appalucci\My Documents\AlbumArt_{4CCB31B9-86D1-483B-B932-594D5AC81D5A}_Large.jpg
    [2010/06/13 20:17:12 | 000,002,463 | -HS- | C] () -- C:\Documents and Settings\Albert Appalucci\My Documents\AlbumArt_{4CCB31B9-86D1-483B-B932-594D5AC81D5A}_Small.jpg
    [2010/06/13 20:05:21 | 000,011,170 | -HS- | C] () -- C:\Documents and Settings\Albert Appalucci\My Documents\AlbumArt_{F3B9F80B-927A-43C2-AF6E-221D5B5405AB}_Large.jpg
    [2010/06/13 20:05:21 | 000,002,625 | -HS- | C] () -- C:\Documents and Settings\Albert Appalucci\My Documents\AlbumArt_{F3B9F80B-927A-43C2-AF6E-221D5B5405AB}_Small.jpg
    [2010/06/13 01:39:50 | 000,010,985 | -HS- | C] () -- C:\Documents and Settings\Albert Appalucci\My Documents\AlbumArt_{B5D2AD0B-BE2E-40D0-9D1C-146256FFE8FB}_Large.jpg
    [2010/06/13 01:39:50 | 000,002,546 | -HS- | C] () -- C:\Documents and Settings\Albert Appalucci\My Documents\AlbumArt_{B5D2AD0B-BE2E-40D0-9D1C-146256FFE8FB}_Small.jpg
    [2010/06/13 01:30:03 | 000,010,685 | -HS- | C] () -- C:\Documents and Settings\Albert Appalucci\My Documents\AlbumArt_{E2390807-C57D-4DA7-8D3A-A02FF8EB2B69}_Large.jpg
    [2010/06/13 01:30:03 | 000,002,477 | -HS- | C] () -- C:\Documents and Settings\Albert Appalucci\My Documents\AlbumArt_{E2390807-C57D-4DA7-8D3A-A02FF8EB2B69}_Small.jpg
    [2009/06/12 20:53:22 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
    [2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
    [2008/01/07 16:21:25 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
    [2008/01/04 17:58:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2008/01/04 17:57:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
    [2006/05/07 16:46:45 | 000,001,404 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2006/04/27 10:24:24 | 000,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
    [2005/07/14 12:31:20 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
    [2005/06/21 22:37:42 | 000,045,568 | RHS- | C] () -- C:\WINDOWS\System32\cygz.dll
    [2004/11/09 16:42:19 | 000,009,968 | ---- | C] () -- C:\Documents and Settings\Albert Appalucci\Application Data\wklnhst.dat
    [2004/11/09 12:22:35 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2004/11/08 19:11:10 | 000,155,136 | ---- | C] () -- C:\Documents and Settings\Albert Appalucci\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2004/11/02 02:52:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2004/11/02 02:37:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2004/11/02 02:28:54 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2004/11/02 01:53:20 | 000,000,516 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2004/08/10 15:13:12 | 000,000,831 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
    [2004/08/04 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
    [2004/03/26 18:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [1980/01/01 02:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

    ========== LOP Check ==========

    [2006/03/12 12:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Albert Appalucci\Application Data\Leadertech
    [2008/01/07 16:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Albert Appalucci\Application Data\Megaupload
    [2010/01/14 00:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Albert Appalucci\Application Data\QuickScan
    [2004/12/21 15:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Albert Appalucci\Application Data\spweng
    [2007/03/27 13:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Albert Appalucci\Application Data\Viewpoint
    [2010/06/19 12:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2004/11/09 12:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
    [2010/09/01 23:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
    [2009/06/02 22:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThinkingSoft
    [2007/03/27 13:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/09/03 09:35:09 | 000,000,604 | ---- | M] () -- C:\aaw7boot.log
    [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/07/28 14:57:51 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/09/04 01:36:41 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/09/04 02:58:29 | 000,027,365 | ---- | M] () -- C:\ComboFix.txt
    [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2004/11/02 02:04:46 | 000,004,089 | RH-- | M] () -- C:\DELL.SDR
    [2008/05/01 13:50:14 | 000,000,061 | ---- | M] () -- C:\DVDPATH.TXT
    [2010/09/04 11:53:53 | 1073,000,448 | -HS- | M] () -- C:\hiberfil.sys
    [2004/08/10 15:14:36 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2004/08/10 15:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2004/11/02 02:35:59 | 000,000,855 | -H-- | M] () -- C:\IPH.PH
    [2004/08/10 15:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2008/04/24 15:13:15 | 000,001,142 | ---- | M] () -- C:\NTDClient.log
    [2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/10/20 14:26:20 | 000,250,048 | RHS- | M] () -- C:\NTLDR
    [2010/09/04 11:53:51 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
    [2004/11/02 02:36:13 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

    < %systemroot%\system32\*.wt >

    < %systemroot%\system32\*.ruy >

    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

    < %systemroot%\*. /mp /s >


    < %systemroot%\system32\*.dll /lockedfiles >
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2004/08/10 14:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
    [2004/08/10 14:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
    [2004/08/10 14:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

    < %systemroot%\system32\user32.dll /md5 >
    [2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\SYSTEM32\user32.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\ws2_32.dll /md5 >
    [2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SYSTEM32\ws2_32.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\ws2help.dll /md5 >
    [2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\SYSTEM32\ws2help.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:DFC5A2B2
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:A8ADE5D8
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:430C6D84
    < End of report >
     
    albert1013,
    #18
  20. 2010/09/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ================================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyServer" = http=127.0.0.1:5643
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
[2010/07/27 22:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Albert Appalucci\Local Settings\Application Data\jynvehlrm
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2010/08/31 05:34:22 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Gyayagifinos.dat
[2010/08/31 01:51:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Dsotalevetec.bin
[2007/03/27 13:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Albert Appalucci\Application Data\Viewpoint
[2007/03/27 13:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:A8ADE5D8
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:430C6D84

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =============================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Go to Kaspersky website and perform an online antivirus scan.

    • Disable your active antivirus program.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
      • Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
    broni,
    #19
  21. 2010/09/04
    albert1013

    albert1013 Inactive Thread Starter

    Joined:
    2002/05/27
    Messages:
    68
    Likes Received:
    0
    I think I posted the same report twice. I could not find the EXTRAS report. The first time I ran the OTL scan I forgot to paste the custom section to the scan and had to do it twice. On that first scan I got two reports but I deleted them and did the second scan properly but only got one report. Sorry again. This report I sent you in two parts was done properly with the custom details pasted in.
     
    albert1013,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...