Solved "Generic Host Process for Win 32 Services", svchost.exe virus

RedFOX · 2010/11/05

[Resolved] "Generic Host Process for Win 32 Services ", svchost.exe virus

Hey guys,

I recently posted in the Windows XP forum on this site and got redirected back to her after i did some scans and got some logs.

My problem is that I keep getting the "Generic Host Process for Win32 services has encountered a problem and needs to close" error. My anti-virus software also continuously detects viruses from the process svchost.exe.

I've done huge amounts of searching, reading and trying solutions but so far, none of them have worked.

If you could be the one to solve my problem I would be very grateful.

I have also posted the same sort of problem on the tech support guy forum (http://forums.techguy.org/windows-xp/960396-generic-host-process-win-32-a.html) but no one has replied as of yet.

Cheers,
RedFOX

ps- there are no dds logs as it wouldn't work

LOGS

MBAM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5041

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

4/11/2010 7:24:34 PM
mbam-log-2010-11-04 (19-24-34).txt

Scan type: Quick scan
Objects scanned: 138068
Time elapsed: 5 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-11-04 21:28:24
Windows 5.1.2600 Service Pack 2
Running: lec9u22o.exe; Driver: C:\DOCUME~1\Kurt\LOCALS~1\Temp\kfeoqfow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xA650ECF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xA650EBAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xA650F160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xA650F08A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xA650E782]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xA650EC86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xA650E6C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xA650E726]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xA650EDA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA650F22E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xA650ED66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xA650EEE6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA651BBAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA651B9D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA651BB0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ObInsertObject 8056EBBF 5 Bytes JMP A6518FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!NtCreateSection 8056EE25 7 Bytes JMP A651B9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B5EC 7 Bytes JMP A651BBB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A9184 5 Bytes JMP A65175D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805AD35E 7 Bytes JMP A651BB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xA8E223A0, 0x5CC259, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 0094000A
.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 0095000A
.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 0093000C
.text C:\WINDOWS\System32\svchost.exe[1396] USER32.dll!GetCursorPos 77D4C566 5 Bytes JMP 008F000A
.text C:\WINDOWS\System32\svchost.exe[1396] ole32.dll!CoCreateInstance 7750055E 5 Bytes JMP 00FD000A
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1868] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\WINDOWS\Explorer.EXE[3092] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 00C6000A
.text C:\WINDOWS\Explorer.EXE[3092] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 00C7000A
.text C:\WINDOWS\Explorer.EXE[3092] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 00A0000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3772] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 013F000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3772] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 0140000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3772] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 013E000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3772] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4012] USER32.dll!TrackPopupMenu 77D94F16 5 Bytes JMP 10405CF5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[940] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003C0002
IAT C:\WINDOWS\system32\services.exe[940] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003C0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\nvata -> DriverStartIo \Device\NvAta0 8A303292
Device \Driver\nvata -> DriverStartIo \Device\NvAta1 8A303292
Device \Device\0000006e -> \??\IDE#DiskWDC_WD1001FALS-00E8B0___________________05.00K05#2020202057202D444D5754413456333134373034#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----

MBRCheck

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 132):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80701000 \WINDOWS\system32\hal.dll
0x8A345000 \WINDOWS\system32\KDCOM.DLL
0xF789B000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7987000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7607000 ohci1394.sys
0xF7617000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7627000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF7989000 dmload.sys
0xF74B2000 dmio.sys
0xF770F000 PartMgr.sys
0xF7637000 VolSnap.sys
0xF749A000 atapi.sys
0xF7483000 nvata.sys
0xF7472000 SI3132.sys
0xF745A000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF7647000 disk.sys
0xF7657000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF743B000 fltmgr.sys
0xF7667000 Lbd.sys
0xF789F000 SiWinAcc.sys
0xF7870000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7843000 NDIS.sys
0xF7828000 Mup.sys
0xF7587000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF7577000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xA8E22000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xA8E0E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xA8DD5000 \SystemRoot\system32\DRIVERS\yk51x86.sys
0xB103E000 \SystemRoot\system32\DRIVERS\fdc.sys
0xA8DC1000 \SystemRoot\system32\DRIVERS\parport.sys
0xB87FC000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xB82FA000 \SystemRoot\system32\drivers\msmpu401.sys
0xA8D9D000 \SystemRoot\system32\drivers\portcls.sys
0xF7567000 \SystemRoot\system32\drivers\drmk.sys
0xA8D7A000 \SystemRoot\system32\drivers\ks.sys
0xAA86D000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0xF7557000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7547000 \SystemRoot\system32\DRIVERS\serial.sys
0xB87EC000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7807000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xA8D57000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB79C5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xA89DD000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xB8390000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8380000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8370000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF77CF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB35B3000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xA8993000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xA895C000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xB8061000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB8360000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB35AB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xA8945000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB8350000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB8340000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xA9C4C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xA8934000 \SystemRoot\system32\DRIVERS\psched.sys
0xB8330000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xA97E0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xA97D0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xA8903000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB8320000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF774F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79A5000 \SystemRoot\system32\DRIVERS\swenum.sys
0xA88CF000 \SystemRoot\system32\DRIVERS\update.sys
0xA9843000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8310000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xB8300000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF74F7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79AD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB79F5000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF79F5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7AA8000 \SystemRoot\System32\Drivers\Null.SYS
0xF79F9000 \SystemRoot\System32\Drivers\Beep.SYS
0xB79D5000 \SystemRoot\System32\drivers\vga.sys
0xF79FD000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A01000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB79E5000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77C7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB86D4000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA66B3000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA665B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF741B000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xA663A000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA6612000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF740B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA65F0000 \SystemRoot\System32\drivers\afd.sys
0xB2E3C000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB2E4C000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA659C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA652D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB2E5C000 \SystemRoot\System32\Drivers\Fips.SYS
0xA6506000 \SystemRoot\System32\Drivers\aswSP.SYS
0xB79AD000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xA64F5000 \SystemRoot\System32\Drivers\Udfs.SYS
0xA65CC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB23D6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB1066000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xAFE6C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA64DE000 \SystemRoot\System32\Drivers\dump_nvata.sys
0xA992C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF77EF000 \SystemRoot\System32\watchdog.sys
0xB87E8000 \SystemRoot\System32\drivers\Dxapi.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB05C4000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA5914000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA58C0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA5769000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA5584000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAA873000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA54F3000 \SystemRoot\System32\Drivers\HTTP.sys
0xA53B0000 \SystemRoot\system32\DRIVERS\srv.sys
0xF780F000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA4FDB000 \SystemRoot\system32\drivers\wdmaud.sys
0xA51B0000 \SystemRoot\system32\drivers\sysaudio.sys
0xA5018000 \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
0xA4A23000 \??\C:\DOCUME~1\Kurt\LOCALS~1\Temp\kfeoqfow.sys
0x9D3AF000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 40):
0 System Idle Process
4 System
804 C:\WINDOWS\system32\smss.exe
864 csrss.exe
896 C:\WINDOWS\system32\winlogon.exe
940 C:\WINDOWS\system32\services.exe
952 C:\WINDOWS\system32\lsass.exe
1124 C:\WINDOWS\system32\nvsvc32.exe
1204 C:\WINDOWS\system32\svchost.exe
1252 svchost.exe
1396 C:\WINDOWS\system32\svchost.exe
1460 svchost.exe
1608 svchost.exe
1744 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1868 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
264 C:\WINDOWS\system32\spoolsv.exe
436 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
448 C:\Program Files\Bonjour\mDNSResponder.exe
548 C:\WINDOWS\system32\svchost.exe
684 C:\Program Files\Java\jre6\bin\jqs.exe
748 C:\WINDOWS\system32\PnkBstrA.exe
796 C:\WINDOWS\system32\PnkBstrB.exe
844 C:\WINDOWS\system32\svchost.exe
1476 wmpnetwk.exe
644 unsecapp.exe
664 alg.exe
1644 wmiprvse.exe
3092 C:\WINDOWS\explorer.exe
3368 C:\WINDOWS\SOUNDMAN.EXE
3396 C:\Program Files\iTunes\iTunesHelper.exe
3408 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3436 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3444 C:\WINDOWS\system32\rundll32.exe
3476 C:\WINDOWS\system32\ctfmon.exe
3592 C:\Program Files\iPod\bin\iPodService.exe
3748 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
3772 C:\Program Files\Mozilla Firefox\firefox.exe
4012 C:\Program Files\Mozilla Firefox\plugin-container.exe
2484 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
656 C:\Documents and Settings\Kurt\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1001FALS-00E8B0, Rev: 05.00K05

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Admin. · 2010/11/05

"RedFOX said: ↑

I have also posted the same sort of problem on the tech support guy forum (http://forums.techguy.org/windows-xp/960396-generic-host-process-win-32-a.html) but no one has replied as of yet.
Click to expand...

Yup, that tends to happen if you don't post in the right place.

broni · 2010/11/05

Welcome aboard
We still need DDS logs.

RedFOX · 2010/11/05

when i go and run dds, it does the scan, then I get the BSOD which results in my computer crashing and restarting

broni · 2010/11/05

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

RedFOX · 2010/11/05

Ok, so here is the log from the TDSSKiller scan.

2010/11/06 09:02:49.0203 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43
2010/11/06 09:02:49.0203 ================================================================================
2010/11/06 09:02:49.0203 SystemInfo:
2010/11/06 09:02:49.0203
2010/11/06 09:02:49.0203 OS Version: 5.1.2600 ServicePack: 2.0
2010/11/06 09:02:49.0203 Product type: Workstation
2010/11/06 09:02:49.0203 ComputerName: KURT-CF6A65E8DE
2010/11/06 09:02:49.0203 UserName: Kurt
2010/11/06 09:02:49.0203 Windows directory: C:\WINDOWS
2010/11/06 09:02:49.0203 System windows directory: C:\WINDOWS
2010/11/06 09:02:49.0203 Processor architecture: Intel x86
2010/11/06 09:02:49.0203 Number of processors: 2
2010/11/06 09:02:49.0203 Page size: 0x1000
2010/11/06 09:02:49.0203 Boot type: Normal boot
2010/11/06 09:02:49.0203 ================================================================================
2010/11/06 09:02:49.0578 Initialize success
2010/11/06 09:03:05.0015 ================================================================================
2010/11/06 09:03:05.0015 Scan started
2010/11/06 09:03:05.0015 Mode: Manual;
2010/11/06 09:03:05.0015 ================================================================================
2010/11/06 09:03:05.0468 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/11/06 09:03:05.0859 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/06 09:03:06.0031 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/06 09:03:06.0296 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2010/11/06 09:03:06.0500 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2010/11/06 09:03:07.0765 ALCXWDM (92ae420be14b0d97d14dac4aba22a702) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/11/06 09:03:08.0656 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/06 09:03:09.0109 Asushwio (de91d0d73c3e61e6826d98fac2fac729) C:\WINDOWS\system32\drivers\Asushwio.sys
2010/11/06 09:03:09.0218 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/11/06 09:03:09.0359 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/11/06 09:03:09.0484 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/11/06 09:03:09.0625 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/11/06 09:03:09.0750 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/11/06 09:03:09.0859 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/06 09:03:09.0984 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/06 09:03:10.0250 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/06 09:03:10.0375 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/06 09:03:10.0625 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/06 09:03:10.0750 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/06 09:03:10.0968 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/06 09:03:11.0093 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/06 09:03:11.0218 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/06 09:03:11.0890 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/06 09:03:12.0187 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/06 09:03:12.0484 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/06 09:03:12.0625 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/06 09:03:12.0750 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/06 09:03:12.0984 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/06 09:03:13.0156 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/06 09:03:13.0281 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/06 09:03:13.0421 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/06 09:03:13.0531 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/06 09:03:13.0671 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/06 09:03:13.0796 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/06 09:03:13.0921 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/06 09:03:14.0062 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/11/06 09:03:14.0187 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/11/06 09:03:14.0296 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/06 09:03:14.0421 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/06 09:03:14.0718 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/06 09:03:15.0125 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/06 09:03:15.0234 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/06 09:03:15.0593 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/06 09:03:15.0734 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/06 09:03:15.0843 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/06 09:03:15.0953 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/06 09:03:16.0093 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/06 09:03:16.0250 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/06 09:03:16.0375 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/06 09:03:16.0515 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/06 09:03:16.0640 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/06 09:03:16.0828 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/06 09:03:17.0015 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/06 09:03:17.0093 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2010/11/06 09:03:17.0218 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/11/06 09:03:17.0500 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/06 09:03:17.0640 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/06 09:03:17.0765 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/06 09:03:17.0890 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/06 09:03:18.0015 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/06 09:03:18.0265 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/06 09:03:18.0500 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/06 09:03:18.0703 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/06 09:03:18.0843 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/06 09:03:18.0953 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/06 09:03:19.0078 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/06 09:03:19.0187 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/06 09:03:19.0312 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2010/11/06 09:03:19.0437 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2010/11/06 09:03:19.0578 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/06 09:03:19.0734 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/06 09:03:19.0906 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/06 09:03:20.0015 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/06 09:03:20.0140 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/06 09:03:20.0281 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/06 09:03:20.0390 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/06 09:03:20.0562 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/06 09:03:20.0734 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/06 09:03:20.0859 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/06 09:03:21.0078 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/06 09:03:21.0328 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/06 09:03:23.0453 nv (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/06 09:03:25.0265 nvata (0344aa9113dc16eec379f4652020849d) C:\WINDOWS\system32\DRIVERS\nvata.sys
2010/11/06 09:03:25.0375 NVENETFD (a545df28f75bcb109a3aadbb07552b12) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/11/06 09:03:25.0500 nvnetbus (ea41f641420f3d8271804d287c1ef461) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/11/06 09:03:25.0625 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/06 09:03:25.0750 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/06 09:03:25.0875 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/06 09:03:26.0031 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/06 09:03:26.0140 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/06 09:03:26.0265 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/06 09:03:26.0390 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/06 09:03:26.0625 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/06 09:03:26.0750 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/06 09:03:27.0593 PnkBstrK (4804b7e3cf2880fe31ccfff440c762a8) C:\WINDOWS\system32\drivers\PnkBstrK.sys
2010/11/06 09:03:27.0703 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/06 09:03:27.0828 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/06 09:03:27.0937 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/06 09:03:28.0578 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/06 09:03:28.0703 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/06 09:03:28.0828 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/06 09:03:28.0953 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/06 09:03:29.0125 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/06 09:03:29.0265 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/06 09:03:29.0421 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/06 09:03:29.0625 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/06 09:03:29.0781 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/06 09:03:29.0953 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/06 09:03:30.0093 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/06 09:03:30.0218 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/06 09:03:30.0343 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/06 09:03:30.0500 SI3132 (9604998d0c578608151b6e59266fcae1) C:\WINDOWS\system32\DRIVERS\SI3132.sys
2010/11/06 09:03:30.0609 SiFilter (72cf151fb410e544904dbc7d7f29b796) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
2010/11/06 09:03:30.0953 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/06 09:03:31.0109 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/06 09:03:31.0312 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/06 09:03:31.0500 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/06 09:03:31.0625 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/06 09:03:32.0171 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/06 09:03:32.0375 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/06 09:03:32.0562 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/06 09:03:32.0671 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/06 09:03:33.0062 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/06 09:03:33.0328 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/06 09:03:33.0609 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/06 09:03:33.0796 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/11/06 09:03:33.0921 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/06 09:03:34.0046 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/06 09:03:34.0171 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/11/06 09:03:34.0328 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/06 09:03:34.0468 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/06 09:03:34.0578 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/11/06 09:03:34.0828 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/06 09:03:34.0937 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/06 09:03:35.0171 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/06 09:03:35.0375 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/06 09:03:35.0625 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/06 09:03:35.0875 yukonwxp (e279c4e1287751dffa0a1f3ec4097491) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2010/11/06 09:03:35.0953 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/11/06 09:03:35.0953 ================================================================================
2010/11/06 09:03:35.0953 Scan finished
2010/11/06 09:03:35.0953 ================================================================================
2010/11/06 09:03:35.0968 Detected object count: 1
2010/11/06 09:04:14.0906 \HardDisk0 - will be cured after reboot
2010/11/06 09:04:14.0906 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/11/06 09:04:17.0421 Deinitialize success

broni · 2010/11/05

Good
See, if you can run DDS now.

RedFOX · 2010/11/05

Unfortunately, It did not work.

broni · 2010/11/05

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

NOTE.
If, for some reason, Combofix refuses to run, try the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

RedFOX · 2010/11/05

here is the combofix log

ComboFix 10-11-05.05 - Kurt 06/11/2010 14:38:01.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1568 [GMT 10:00]
Running from: c:\documents and settings\Kurt\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.

((((((((((((((((((((((((( Files Created from 2010-10-06 to 2010-11-06 )))))))))))))))))))))))))))))))
.

2010-11-05 23:52 . 2010-11-05 23:52 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\NVIDIA Corporation
2010-11-05 23:52 . 2010-11-05 23:52 -------- d-----w- c:\documents and settings\Kurt\Local Settings\Application Data\NVIDIA Corporation
2010-11-05 23:51 . 2010-11-05 23:51 -------- d-----w- c:\program files\NVIDIA nTune Performance Application
2010-10-31 02:04 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-31 02:04 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-31 01:24 . 2010-10-31 01:24 -------- d-----w- c:\documents and settings\Kurt\Local Settings\Application Data\AVG Security Toolbar
2010-10-30 23:08 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-30 23:08 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-30 23:08 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-30 23:08 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-30 23:08 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-30 23:08 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-30 23:08 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-30 23:07 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-30 23:07 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-30 07:57 . 2010-09-23 07:46 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-10-30 06:29 . 2010-09-23 07:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-10-30 06:29 . 2010-11-05 11:02 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-10-30 06:26 . 2010-10-30 06:26 -------- d-----w- c:\documents and settings\Kurt\Local Settings\Application Data\Sunbelt Software
2010-10-30 06:24 . 2010-10-30 06:24 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-10-30 06:23 . 2010-10-30 06:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-10-30 06:23 . 2010-10-30 06:23 -------- d-----w- c:\program files\Lavasoft
2010-10-30 05:44 . 2010-11-05 13:30 -------- d-----w- c:\program files\Svchost Fix Wizard
2010-10-30 05:44 . 2009-04-16 04:13 81920 ----a-w- c:\windows\eSellerateControl350.dll
2010-10-30 05:44 . 2009-04-16 04:13 356352 ----a-w- c:\windows\eSellerateEngine.dll
2010-10-30 03:05 . 2010-10-30 03:05 -------- d-----w- C:\$AVG
2010-10-30 00:22 . 2010-10-31 02:15 -------- d--h--w- c:\windows\$hf_mig$
2010-10-29 22:58 . 2010-10-29 22:58 -------- d-----w- c:\documents and settings\Kurt\Application Data\AVG10
2010-10-29 22:55 . 2010-10-29 22:55 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-10-29 22:47 . 2010-10-29 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-29 11:54 . 2010-10-29 11:54 -------- d-----w- c:\documents and settings\Kurt\Local Settings\Application Data\Activision
2010-10-29 11:42 . 2010-10-29 11:42 682280 ----a-w- c:\windows\system32\pbsvc.exe
2010-10-27 07:26 . 2010-10-27 07:26 -------- d-s---w- c:\documents and settings\LocalService\UserData
2010-10-27 07:01 . 2010-10-27 07:01 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-10-24 10:31 . 2010-10-24 10:31 -------- d-----w- c:\documents and settings\Kurt\Application Data\TuneUp Software
2010-10-24 10:31 . 2010-10-24 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-10-24 10:31 . 2010-10-24 10:31 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-10-23 08:25 . 2010-10-23 08:25 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-23 07:50 . 2010-10-23 07:50 -------- d-----w- c:\documents and settings\Kurt\Application Data\Malwarebytes
2010-10-23 07:50 . 2010-10-31 02:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-23 07:50 . 2010-10-23 07:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-20 07:00 . 2010-10-23 08:25 -------- d-----w- c:\program files\PowerISO
2010-10-20 06:42 . 2010-10-23 08:25 -------- d-----w- c:\documents and settings\Kurt\Application Data\DAEMON Tools Pro
2010-10-20 06:42 . 2010-10-20 06:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2010-10-17 10:35 . 2010-10-17 10:35 -------- d-----w- c:\documents and settings\Kurt\Application Data\Red Kawa
2010-10-17 09:57 . 2010-10-17 09:57 -------- d-----w- c:\documents and settings\Kurt\Local Settings\Application Data\Geckofx
2010-10-17 09:55 . 2010-10-17 09:55 -------- d-----w- c:\program files\Regensoft
2010-10-17 09:55 . 2010-10-17 09:55 -------- d-----w- c:\program files\AviSynth 2.5
2010-10-17 09:55 . 2010-10-17 09:57 -------- d-----w- c:\program files\Red Kawa
2010-10-17 09:40 . 2010-10-17 09:40 -------- d-----w- C:\YouTubeDownload
2010-10-17 09:40 . 2010-10-17 09:40 -------- d-----w- C:\ConverterOutput
2010-10-17 09:39 . 2003-03-30 10:08 372736 ----a-w- c:\windows\system32\xvid.ax
2010-10-17 09:39 . 2003-03-18 12:20 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2010-10-17 09:39 . 2010-10-17 09:39 -------- d-----w- c:\program files\Cucusoft
2010-10-17 08:06 . 2010-10-17 08:06 -------- d-----w- c:\windows\Sun
2010-10-16 02:04 . 2010-10-16 02:04 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 02:04 . 2010-10-16 02:04 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 02:04 . 2010-10-16 02:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 02:04 . 2010-10-16 02:04 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 02:04 . 2010-10-16 02:04 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 02:04 . 2010-10-16 02:04 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-10-10 10:37 . 2010-10-10 10:37 -------- d-----w- c:\windows\ServicePackFiles
2010-10-10 08:19 . 2010-11-05 13:45 215152 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-10-10 08:12 . 2010-10-30 00:39 -------- d-----w- c:\documents and settings\Kurt\Local Settings\Application Data\PunkBuster
2010-10-10 07:58 . 2010-10-10 07:58 -------- d-----w- c:\windows\system32\XPSViewer
2010-10-10 07:58 . 2010-10-10 07:58 -------- d-----w- c:\program files\Reference Assemblies
2010-10-10 07:57 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-10-10 07:57 . 2010-10-10 07:57 -------- d-----w- C:\fbcfde3366dcc88be3272bba
2010-10-10 07:57 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-10-10 07:57 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-10-10 07:57 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-10-10 07:57 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-10-10 07:57 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-10-10 07:57 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-10-10 07:57 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-10-10 07:57 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-10-10 07:55 . 2010-10-10 07:55 -------- d-----w- c:\program files\MSXML 6.0
2010-10-10 03:37 . 2010-10-10 03:38 -------- d-----w- c:\program files\GameSpy Arcade
2010-10-10 03:32 . 2010-10-21 07:59 -------- d-----w- c:\program files\EA GAMES
2010-10-10 03:32 . 2004-10-21 16:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2010-10-10 03:32 . 2004-10-21 16:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2010-10-10 03:32 . 2004-10-21 16:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2010-10-10 03:32 . 2004-10-21 16:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2010-10-10 03:32 . 2004-10-21 16:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2010-10-10 03:32 . 2010-10-10 03:32 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2010-10-10 03:32 . 2010-10-10 03:32 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2010-10-09 11:14 . 2010-10-09 11:14 -------- d-----w- c:\windows\system32\URTTemp
2010-10-09 10:45 . 2004-08-04 12:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-10-09 10:03 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-09 10:03 . 2010-10-09 10:03 -------- d-----w- c:\program files\Windows Media Connect 2
2010-10-09 10:02 . 2010-10-09 10:03 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-10-09 10:02 . 2007-11-30 11:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-10-09 09:43 . 2009-06-25 03:20 1446264 ----a-w- c:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
2010-10-09 07:55 . 2010-11-05 13:44 137200 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-10-09 07:55 . 2010-10-29 11:43 22328 ----a-w- c:\documents and settings\Kurt\Application Data\PnkBstrK.sys
2010-10-09 07:55 . 2010-11-05 13:44 215152 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-09 07:55 . 2010-10-10 08:15 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-10-09 07:55 . 2010-10-10 02:52 -------- d-----w- c:\windows\system32\LogFiles
2010-10-09 07:42 . 2010-10-29 11:29 -------- d-----w- c:\program files\Activision
2010-10-09 07:39 . 2010-10-09 07:39 -------- d-sh--w- c:\windows\ftpcache
2010-10-09 04:22 . 2010-10-29 11:56 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-10-09 04:22 . 2010-10-29 11:56 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2010-10-09 04:11 . 2010-10-10 10:28 -------- d-----w- c:\documents and settings\Kurt\Application Data\vlc
2010-10-09 04:07 . 2010-10-09 04:07 -------- d-----w- c:\documents and settings\Kurt\Local Settings\Application Data\WMTools Downloaded Files
2010-10-09 01:46 . 2010-10-09 01:46 -------- d-----w- c:\windows\Logs
2010-10-09 01:38 . 2010-10-30 05:53 -------- d-----w- c:\program files\Steam
2010-10-08 11:36 . 2010-10-08 11:36 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-08 11:35 . 2010-10-08 11:35 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-10-08 11:35 . 2010-10-27 21:53 -------- d-----w- c:\documents and settings\Kurt\Local Settings\Application Data\Adobe
2010-10-08 11:35 . 2010-10-08 11:35 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-16 18:55 . 2010-10-03 05:12 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-10-16 18:55 . 2010-10-03 05:12 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-05 08:03 . 2010-10-05 08:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-05 08:03 . 2010-10-05 08:03 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-09-08 01:17 . 2010-09-08 01:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 01:17 . 2010-09-08 01:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan "= "SOUNDMAN.EXE" [2005-08-17 90112]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-09-23 421160]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"avast5 "= "c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz "= "c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^Kurt^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Kurt\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 14:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-10-09 01:39 1242448 ----a-w- c:\program files\Steam\Steam.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe "=
"c:\\Program Files\\Steam\\Steam.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe "=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe "=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe "=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe "=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [30/10/2010 4:29 PM 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [31/10/2010 9:08 AM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/10/2010 9:08 AM 17744]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [23/09/2010 5:46 PM 1375992]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [23/09/2010 5:46 PM 15264]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [3/10/2010 1:18 PM 5824]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
Contents of the 'Scheduled Tasks' folder

2010-11-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 11:02]

2010-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 01:50]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\Kurt\Application Data\Mozilla\Firefox\Profiles\s1j1yhg7.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqz9s ", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqs8s ", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--j6w193g ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4a87g ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7c0a67fbc ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7cvafr ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kpry57d ", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kprw13d ", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-06 14:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
Completion time: 2010-11-06 14:44:15
ComboFix-quarantined-files.txt 2010-11-06 04:44

Pre-Run: 764,101,152,768 bytes free
Post-Run: 764,069,310,464 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 8C8C7BCDEB42196C2651DE5F59F57A89

broni · 2010/11/06

I'm not sure why DDS won't run, since Combofix log doesn't look bad....

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
Folder::
C:\$AVG
c:\documents and settings\Kurt\Application Data\AVG10


Driver::
AVGIDSShim
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

RedFOX · 2010/11/06

Here are the second ComboFix Log.

I would also just like to say that I appreciate all your help you're giving me so far. I understand you guys are volunteers and I think its great that you do this for people.
And no, I'm not trying to kiss ass.

ComboFix 10-11-05.05 - Kurt 06/11/2010 16:16:13.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1569 [GMT 10:00]
Running from: c:\documents and settings\Kurt\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kurt\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\$AVG
c:\$avg\$VAULT\V_00000001.fil
c:\$avg\$VAULT\V_00000002.fil
c:\$avg\$VAULT\V_00000003.fil
c:\$avg\$VAULT\V_00000004.fil
c:\$avg\$VAULT\V_00000005.fil
c:\$avg\$VAULT\vvfolder.idx
c:\documents and settings\Kurt\.exe
c:\documents and settings\Kurt\Application Data\AVG10
c:\documents and settings\Kurt\Application Data\AVG10\cfgall\usergui.cfg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AVGIDSSHIM
-------\Service_AVGIDSShim

((((((((((((((((((((((((( Files Created from 2010-10-06 to 2010-11-06 )))))))))))))))))))))))))))))))
.

2010-11-05 23:52 . 2010-11-05 23:52 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\NVIDIA Corporation
2010-11-05 23:52 . 2010-11-05 23:52 -------- d-----w- c:\documents and settings\Kurt\Local Settings\Application Data\NVIDIA Corporation
2010-11-05 23:51 . 2010-11-05 23:51 -------- d-----w- c:\program files\NVIDIA nTune Performance Application
2010-10-31 02:04 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-31 02:04 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-31 01:24 . 2010-10-31 01:24 -------- d-----w- c:\documents and settings\Kurt\Local Settings\Application Data\AVG Security Toolbar
2010-10-30 23:08 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-30 23:08 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-30 23:08 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-30 23:08 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-30 23:08 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-30 23:08 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-30 23:08 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-30 23:07 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-30 23:07 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-30 07:57 . 2010-09-23 07:46 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-10-30 06:29 . 2010-09-23 07:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-10-30 06:29 . 2010-11-05 11:02 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-10-30 06:26 . 2010-10-30 06:26 -------- d-----w- c:\documents and settings\Kurt\Local Settings\Application Data\Sunbelt Software
2010-10-30 06:24 . 2010-10-30 06:24 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-10-30 06:23 . 2010-10-30 06:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-10-30 06:23 . 2010-10-30 06:23 -------- d-----w- c:\program files\Lavasoft
2010-10-30 05:44 . 2010-11-05 13:30 -------- d-----w- c:\program files\Svchost Fix Wizard
2010-10-30 05:44 . 2009-04-16 04:13 81920 ----a-w- c:\windows\eSellerateControl350.dll
2010-10-30 05:44 . 2009-04-16 04:13 356352 ----a-w- c:\windows\eSellerateEngine.dll
2010-10-30 00:22 . 2010-10-31 02:15 -------- d--h--w- c:\windows\$hf_mig$
2010-10-29 22:55 . 2010-10-29 22:55 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-10-29 22:47 . 2010-10-29 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-29 11:54 . 2010-10-29 11:54 -------- d-----w- c:\documents and settings\Kurt\Local Settings\Application Data\Activision
2010-10-29 11:42 . 2010-10-29 11:42 682280 ----a-w- c:\windows\system32\pbsvc.exe
2010-10-27 07:26 . 2010-10-27 07:26 -------- d-s---w- c:\documents and settings\LocalService\UserData
2010-10-27 07:01 . 2010-10-27 07:01 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-10-24 10:31 . 2010-10-24 10:31 -------- d-----w- c:\documents and settings\Kurt\Application Data\TuneUp Software
2010-10-24 10:31 . 2010-10-24 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-10-24 10:31 . 2010-10-24 10:31 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-10-23 08:25 . 2010-10-23 08:25 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-23 07:50 . 2010-10-23 07:50 -------- d-----w- c:\documents and settings\Kurt\Application Data\Malwarebytes
2010-10-23 07:50 . 2010-10-31 02:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-23 07:50 . 2010-10-23 07:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-20 07:00 . 2010-10-23 08:25 -------- d-----w- c:\program files\PowerISO
2010-10-20 06:42 . 2010-10-23 08:25 -------- d-----w- c:\documents and settings\Kurt\Application Data\DAEMON Tools Pro
2010-10-20 06:42 . 2010-10-20 06:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2010-10-17 10:35 . 2010-10-17 10:35 -------- d-----w- c:\documents and settings\Kurt\Application Data\Red Kawa
2010-10-17 09:57 . 2010-10-17 09:57 -------- d-----w- c:\documents and settings\Kurt\Local Settings\Application Data\Geckofx
2010-10-17 09:55 . 2010-10-17 09:55 -------- d-----w- c:\program files\Regensoft
2010-10-17 09:55 . 2010-10-17 09:55 -------- d-----w- c:\program files\AviSynth 2.5
2010-10-17 09:55 . 2010-10-17 09:57 -------- d-----w- c:\program files\Red Kawa
2010-10-17 09:40 . 2010-10-17 09:40 -------- d-----w- C:\YouTubeDownload
2010-10-17 09:40 . 2010-10-17 09:40 -------- d-----w- C:\ConverterOutput
2010-10-17 09:39 . 2003-03-30 10:08 372736 ----a-w- c:\windows\system32\xvid.ax
2010-10-17 09:39 . 2003-03-18 12:20 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2010-10-17 09:39 . 2010-10-17 09:39 -------- d-----w- c:\program files\Cucusoft
2010-10-17 08:06 . 2010-10-17 08:06 -------- d-----w- c:\windows\Sun
2010-10-16 02:04 . 2010-10-16 02:04 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 02:04 . 2010-10-16 02:04 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 02:04 . 2010-10-16 02:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 02:04 . 2010-10-16 02:04 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 02:04 . 2010-10-16 02:04 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 02:04 . 2010-10-16 02:04 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-10-10 10:37 . 2010-10-10 10:37 -------- d-----w- c:\windows\ServicePackFiles
2010-10-10 08:19 . 2010-11-05 13:45 215152 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-10-10 08:12 . 2010-10-30 00:39 -------- d-----w- c:\documents and settings\Kurt\Local Settings\Application Data\PunkBuster
2010-10-10 07:58 . 2010-10-10 07:58 -------- d-----w- c:\windows\system32\XPSViewer
2010-10-10 07:58 . 2010-10-10 07:58 -------- d-----w- c:\program files\Reference Assemblies
2010-10-10 07:57 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-10-10 07:57 . 2010-10-10 07:57 -------- d-----w- C:\fbcfde3366dcc88be3272bba
2010-10-10 07:57 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-10-10 07:57 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-10-10 07:57 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-10-10 07:57 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-10-10 07:57 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-10-10 07:57 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-10-10 07:57 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-10-10 07:57 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-10-10 07:55 . 2010-10-10 07:55 -------- d-----w- c:\program files\MSXML 6.0
2010-10-10 03:37 . 2010-10-10 03:38 -------- d-----w- c:\program files\GameSpy Arcade
2010-10-10 03:32 . 2010-10-21 07:59 -------- d-----w- c:\program files\EA GAMES
2010-10-10 03:32 . 2004-10-21 16:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2010-10-10 03:32 . 2004-10-21 16:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2010-10-10 03:32 . 2004-10-21 16:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2010-10-10 03:32 . 2004-10-21 16:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2010-10-10 03:32 . 2004-10-21 16:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2010-10-10 03:32 . 2010-10-10 03:32 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2010-10-10 03:32 . 2010-10-10 03:32 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2010-10-09 11:14 . 2010-10-09 11:14 -------- d-----w- c:\windows\system32\URTTemp
2010-10-09 10:45 . 2004-08-04 12:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-10-09 10:03 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-09 10:03 . 2010-10-09 10:03 -------- d-----w- c:\program files\Windows Media Connect 2
2010-10-09 10:02 . 2010-10-09 10:03 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-10-09 10:02 . 2007-11-30 11:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-10-09 09:43 . 2009-06-25 03:20 1446264 ----a-w- c:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
2010-10-09 07:55 . 2010-11-05 13:44 137200 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-10-09 07:55 . 2010-10-29 11:43 22328 ----a-w- c:\documents and settings\Kurt\Application Data\PnkBstrK.sys
2010-10-09 07:55 . 2010-11-05 13:44 215152 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-09 07:55 . 2010-10-10 08:15 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-10-09 07:55 . 2010-10-10 02:52 -------- d-----w- c:\windows\system32\LogFiles
2010-10-09 07:42 . 2010-10-29 11:29 -------- d-----w- c:\program files\Activision
2010-10-09 07:39 . 2010-10-09 07:39 -------- d-sh--w- c:\windows\ftpcache
2010-10-09 04:22 . 2010-10-29 11:56 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-10-09 04:22 . 2010-10-29 11:56 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2010-10-09 04:11 . 2010-10-10 10:28 -------- d-----w- c:\documents and settings\Kurt\Application Data\vlc
2010-10-09 04:07 . 2010-10-09 04:07 -------- d-----w- c:\documents and settings\Kurt\Local Settings\Application Data\WMTools Downloaded Files
2010-10-09 01:46 . 2010-10-09 01:46 -------- d-----w- c:\windows\Logs
2010-10-09 01:38 . 2010-10-30 05:53 -------- d-----w- c:\program files\Steam
2010-10-08 11:36 . 2010-10-08 11:36 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-08 11:35 . 2010-10-08 11:35 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-10-08 11:35 . 2010-10-27 21:53 -------- d-----w- c:\documents and settings\Kurt\Local Settings\Application Data\Adobe
2010-10-08 11:35 . 2010-10-08 11:35 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-16 18:55 . 2010-10-03 05:12 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-10-16 18:55 . 2010-10-03 05:12 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-05 08:03 . 2010-10-05 08:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-05 08:03 . 2010-10-05 08:03 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-09-08 01:17 . 2010-09-08 01:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 01:17 . 2010-09-08 01:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((( SnapShot@2010-11-06_04.42.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-06 06:23 . 2010-11-06 06:23 16384 c:\windows\Temp\Perflib_Perfdata_e8.dat
+ 2010-11-06 06:23 . 2010-11-06 06:23 16384 c:\windows\Temp\Perflib_Perfdata_188.dat
+ 2010-10-31 09:59 . 2010-11-06 04:55 240592 c:\windows\system32\nvdrsdb1.bin
- 2010-10-31 09:59 . 2010-10-31 09:59 240592 c:\windows\system32\nvdrsdb1.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"NVIDIA nTune "= "c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan "= "SOUNDMAN.EXE" [2005-08-17 90112]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-09-23 421160]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"avast5 "= "c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz "= "c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^Kurt^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Kurt\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 14:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-10-09 01:39 1242448 ----a-w- c:\program files\Steam\Steam.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe "=
"c:\\Program Files\\Steam\\Steam.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe "=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe "=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe "=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe "=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [30/10/2010 4:29 PM 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [31/10/2010 9:08 AM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/10/2010 9:08 AM 17744]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [23/09/2010 5:46 PM 1375992]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [3/10/2010 1:18 PM 5824]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [23/09/2010 5:46 PM 15264]
.
Contents of the 'Scheduled Tasks' folder

2010-11-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 11:02]

2010-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 01:50]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\Kurt\Application Data\Mozilla\Firefox\Profiles\s1j1yhg7.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqz9s ", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqs8s ", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--j6w193g ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4a87g ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7c0a67fbc ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7cvafr ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kpry57d ", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kprw13d ", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-06 17:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(264)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-11-06 17:23:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-06 07:23
ComboFix2.txt 2010-11-06 04:44

Pre-Run: 764,042,133,504 bytes free
Post-Run: 763,946,852,352 bytes free

- - End Of File - - 81A031C2867DEDA9A496E5E5F49C6E68

broni · 2010/11/06

And no, I'm not trying to kiss ass.
Click to expand...

Hahahaha....

How is computer doing at the moment?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

RedFOX · 2010/11/06

How is computer doing at the moment?
Click to expand...

My computer is actually running pretty good at the moment.
I'm currently doing some things on the internet (other than posting) so the real test will be in the next 30mins if I get a virus alert from avast! about svchost.exe.

My new problem is my games freeze up when i play them for 5 mins. I had this problem at the start of the year and I know its got something to do with my GPU overheating or something to do with the memory. But thats another problem for another time.

RedFOX · 2010/11/06

It didn't open an Extras.txt log?

OTL Log

OTL logfile created on: 7/11/2010 12:52:22 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Kurt\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 710.98 Gb Free Space | 76.33% Space Free | Partition Type: NTFS
Drive D: | 6.32 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 3.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 482.74 Mb Total Space | 170.06 Mb Free Space | 35.23% Space Free | Partition Type: FAT32

Computer Name: KURT-CF6A65E8DE | User Name: Kurt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Kurt\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Kurt\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (nTuneService) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (RivaTuner32) -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys ()
DRV - (NVR0Dev) -- C:\WINDOWS\nvoclock.sys (NVidia Corp.)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (SI3132) -- C:\WINDOWS\system32\DRIVERS\SI3132.sys (Silicon Image, Inc.)
DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (Asushwio) -- C:\WINDOWS\system32\drivers\ASUSHWIO.SYS ()
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1

FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 21:56:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 21:56:27 | 000,000,000 | ---D | M]

[2010/10/05 18:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kurt\Application Data\Mozilla\Extensions
[2010/10/05 18:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kurt\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/11/06 23:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\s1j1yhg7.default\extensions
[2010/10/03 22:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\s1j1yhg7.default\extensions\personas@christopher.beard
[2010/11/06 23:53:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/11/06 17:20:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 210.15.254.240 210.15.254.241
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kurt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kurt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/03 12:56:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/06/12 12:27:33 | 000,000,140 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - vct3216.acm File not found
Drivers32: MSVideo - vfwwdm32.dll File not found
Drivers32: MSVideo8 - VfWWDM32.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - DivX.dll File not found
Drivers32: VIDC.DRAW - DVIDEO.DLL File not found
Drivers32: VIDC.FPS1 - frapsvid.dll File not found
Drivers32: vidc.I420 - i420vfw.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MSUD - msulvc05.dll File not found
Drivers32: VIDC.VP40 - vp4vfw.dll File not found
Drivers32: vidc.VP60 - vp6vfw.dll File not found
Drivers32: vidc.VP61 - vp6vfw.dll File not found
Drivers32: vidc.VP62 - vp6vfw.dll File not found
Drivers32: vidc.VP70 - vp7vfw.dll File not found
Drivers32: VIDC.WMV3 - wmv9vcm.dll File not found
Drivers32: vidc.X264 - x264vfw.dll File not found
Drivers32: VIDC.YV12 - yv12vfw.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16620634377289728)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/07 12:50:26 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kurt\Desktop\OTL.exe
[2010/11/06 23:50:08 | 000,000,000 | ---D | C] -- C:\satadriver
[2010/11/06 23:50:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\Desktop\New Folder
[2010/11/06 23:48:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\Desktop\Sata Drivers
[2010/11/06 20:40:00 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/11/06 20:39:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\Application Data\SystemRequirementsLab
[2010/11/06 20:05:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Kurt\UserData
[2010/11/06 19:03:14 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/06 18:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
[2010/11/06 18:49:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\Desktop\Win32 Problem
[2010/11/06 18:48:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\Desktop\Security
[2010/11/06 18:48:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\Desktop\Performance Apps
[2010/11/06 18:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2010/11/06 16:00:06 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/11/06 14:29:12 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/11/06 14:21:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/06 10:00:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/06 10:00:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/06 10:00:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/06 10:00:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/06 09:59:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/06 09:59:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/06 09:52:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\NVIDIA Corporation
[2010/11/06 09:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\Local Settings\Application Data\NVIDIA Corporation
[2010/11/06 09:51:29 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA nTune Performance Application
[2010/11/04 21:32:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/10/31 19:59:09 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/10/31 12:04:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/31 12:04:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/31 11:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\Local Settings\Application Data\AVG Security Toolbar
[2010/10/31 09:08:11 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/10/31 09:08:11 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/10/31 09:08:11 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/10/31 09:08:11 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/10/31 09:08:11 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/10/31 09:08:11 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/10/31 09:08:11 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/10/31 09:07:56 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/10/31 09:07:56 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/10/30 16:29:11 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/10/30 16:29:10 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/10/30 16:26:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\Local Settings\Application Data\Sunbelt Software
[2010/10/30 16:24:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/10/30 16:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/10/30 16:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/10/30 16:03:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/10/30 15:44:54 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll
[2010/10/30 15:44:54 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateControl350.dll
[2010/10/30 15:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Svchost Fix Wizard
[2010/10/30 10:22:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/10/30 08:55:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/30 08:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/29 21:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\Local Settings\Application Data\Activision
[2010/10/27 18:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/26 21:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/10/26 19:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/10/26 19:47:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/10/24 20:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\Application Data\TuneUp Software
[2010/10/24 20:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/10/24 20:31:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/10/23 18:48:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\My Documents\Videos 2
[2010/10/23 17:50:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\Application Data\Malwarebytes
[2010/10/23 17:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/23 17:50:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/21 18:12:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\My Documents\EA Games
[2010/10/20 17:00:28 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2010/10/20 16:54:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\DAEMON Tools Images
[2010/10/20 16:42:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\Application Data\DAEMON Tools Pro
[2010/10/20 16:42:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/10/17 20:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\My Documents\Red Kawa
[2010/10/17 20:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\Application Data\Red Kawa
[2010/10/17 19:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\My Documents\Ipod Wal
[2010/10/17 19:57:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\Local Settings\Application Data\Geckofx
[2010/10/17 19:55:42 | 000,000,000 | ---D | C] -- C:\Program Files\Regensoft
[2010/10/17 19:55:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\My Documents\Regensoft
[2010/10/17 19:55:40 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/10/17 19:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\Red Kawa
[2010/10/17 19:40:05 | 000,000,000 | ---D | C] -- C:\YouTubeDownload
[2010/10/17 19:40:04 | 000,000,000 | ---D | C] -- C:\ConverterOutput
[2010/10/17 19:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\Cucusoft
[2010/10/17 18:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\Desktop\Put on I tunes
[2010/10/17 18:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/10/10 22:49:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/10/10 20:37:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/10/10 18:12:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\Local Settings\Application Data\PunkBuster
[2010/10/10 17:58:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/10/10 17:58:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/10/10 17:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/10/10 17:57:44 | 000,000,000 | ---D | C] -- C:\fbcfde3366dcc88be3272bba
[2010/10/10 17:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/10/10 13:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\GameSpy Arcade
[2010/10/10 13:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\My Documents\Battlefield 2
[2010/10/10 13:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2010/10/10 12:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\Desktop\Cadets
[2010/10/09 21:14:07 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/10/09 21:14:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/10/09 21:14:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2010/10/09 20:03:32 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/10/09 20:02:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/10/09 20:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\Application Data\WinRAR
[2010/10/09 20:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/10/09 19:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/10/09 17:55:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/10/09 17:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2010/10/09 17:39:37 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2010/10/09 14:11:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\Application Data\vlc
[2010/10/09 14:07:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\Local Settings\Application Data\WMTools Downloaded Files
[2010/10/09 11:51:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kurt\My Documents\My Videos
[2010/10/09 11:46:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/10/09 11:38:48 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2010/10/08 21:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/08 21:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/10/08 21:35:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/10/08 21:35:50 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/10/08 21:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\Local Settings\Application Data\Adobe
[2010/10/08 21:35:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee

========== Files - Modified Within 30 Days ==========

[2010/11/07 12:50:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kurt\Desktop\OTL.exe
[2010/11/07 12:29:01 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/07 12:28:17 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/07 12:27:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/06 18:47:15 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2010/11/06 17:20:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/06 15:08:10 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\Kurt\Application Data\Microsoft\Internet Explorer\Quick Launch\LimeWire 5.5.16 (2).lnk
[2010/11/06 14:55:47 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/11/06 14:55:47 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/11/06 14:21:40 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/06 09:10:28 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/05 23:45:35 | 000,215,152 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/11/05 23:44:17 | 000,137,200 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/11/05 21:15:49 | 000,088,576 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/05 21:02:09 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/11/04 17:50:34 | 000,009,968 | ---- | M] () -- C:\Documents and Settings\Kurt\Desktop\Terra Research.docx
[2010/11/04 17:42:50 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/31 20:31:37 | 000,026,814 | ---- | M] () -- C:\Documents and Settings\Kurt\Desktop\69334_1694045195969_1382979419_31878212_4405120_n.jpg
[2010/10/31 19:59:16 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/31 19:59:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/10/31 09:08:11 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/10/30 16:24:06 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Kurt\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/10/30 16:04:22 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/10/30 10:22:21 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/29 21:43:07 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\Kurt\Application Data\PnkBstrK.sys
[2010/10/29 21:42:45 | 000,682,280 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/10/28 19:39:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/10/24 22:35:26 | 000,014,427 | ---- | M] () -- C:\Documents and Settings\Kurt\Desktop\Experience-B000002HBA-L.jpg
[2010/10/24 22:34:34 | 000,056,826 | ---- | M] () -- C:\Documents and Settings\Kurt\Desktop\album-always-outnumbered-never-outgunned.jpg
[2010/10/23 19:27:24 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Kurt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/17 20:06:36 | 026,386,435 | ---- | M] () -- C:\Documents and Settings\Kurt\Desktop\Far East Movement - Like A G6 ft. The Cataracs, Dev.mp4
[2010/10/17 19:57:04 | 000,001,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wallpaperio iPod Maker.lnk
[2010/10/17 19:55:42 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader App.lnk
[2010/10/17 19:55:34 | 000,001,847 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Videora iPod Converter.lnk
[2010/10/17 04:55:00 | 002,293,194 | ---- | M] () -- C:\WINDOWS\System32\nvdata.bin
[2010/10/17 04:55:00 | 000,061,440 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/10/17 04:55:00 | 000,003,739 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/10/10 22:48:55 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/10 17:58:28 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/10 17:58:28 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/09 20:03:40 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/10/09 20:03:40 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/10/09 20:02:46 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/10/09 17:55:36 | 000,000,319 | ---- | M] () -- C:\WINDOWS\game.ini
[2010/10/09 14:22:30 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Kurt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/09 14:22:30 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/09 11:43:16 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/10/08 21:36:24 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2010/11/06 18:47:14 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2010/11/06 15:08:10 | 000,001,592 | ---- | C] () -- C:\Documents and Settings\Kurt\Application Data\Microsoft\Internet Explorer\Quick Launch\LimeWire 5.5.16 (2).lnk
[2010/11/06 14:21:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/11/06 14:21:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/06 10:00:08 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/06 10:00:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/06 10:00:08 | 000,088,576 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/06 10:00:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/06 10:00:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/04 17:50:34 | 000,009,968 | ---- | C] () -- C:\Documents and Settings\Kurt\Desktop\Terra Research.docx
[2010/10/31 20:31:37 | 000,026,814 | ---- | C] () -- C:\Documents and Settings\Kurt\Desktop\69334_1694045195969_1382979419_31878212_4405120_n.jpg
[2010/10/31 19:59:16 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/31 19:59:14 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/31 19:59:14 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/31 19:59:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/10/31 19:59:09 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/10/30 17:57:36 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/10/30 16:29:52 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/10/30 16:24:06 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Kurt\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/10/29 21:42:45 | 000,682,280 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/10/28 19:39:07 | 000,013,646 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2010/10/27 18:08:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/24 22:35:25 | 000,014,427 | ---- | C] () -- C:\Documents and Settings\Kurt\Desktop\Experience-B000002HBA-L.jpg
[2010/10/24 22:34:33 | 000,056,826 | ---- | C] () -- C:\Documents and Settings\Kurt\Desktop\album-always-outnumbered-never-outgunned.jpg
[2010/10/17 20:03:41 | 026,386,435 | ---- | C] () -- C:\Documents and Settings\Kurt\Desktop\Far East Movement - Like A G6 ft. The Cataracs, Dev.mp4
[2010/10/17 19:57:04 | 000,001,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wallpaperio iPod Maker.lnk
[2010/10/17 19:55:42 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader App.lnk
[2010/10/17 19:55:34 | 000,001,847 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Videora iPod Converter.lnk
[2010/10/17 19:39:53 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2010/10/10 20:39:17 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/10/10 20:39:17 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/10/10 20:39:16 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/10/10 18:19:27 | 000,215,152 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/10/10 17:58:22 | 000,158,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/09 22:05:20 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/09 21:12:44 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Kurt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/09 20:02:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/10/09 17:55:55 | 000,137,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/10/09 17:55:55 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Kurt\Application Data\PnkBstrK.sys
[2010/10/09 17:55:39 | 000,215,152 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/10/09 17:55:38 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/10/09 17:55:36 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/10/09 11:38:49 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/10/08 21:36:24 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/03 22:18:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/03 13:21:13 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2010/10/03 13:21:03 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2010/10/03 13:18:54 | 000,000,267 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2010/10/03 13:18:41 | 000,024,580 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2010/10/03 13:18:23 | 000,024,272 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/10/03 13:18:22 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/10/03 13:18:14 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/03/12 12:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2004/08/04 22:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 22:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1996/04/04 05:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/10/03 22:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/30 08:55:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/20 16:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/10/30 08:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/24 20:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/10/03 22:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/24 20:31:10 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/10/30 16:24:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/11/06 17:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kurt\Application Data\BitTorrent
[2010/10/23 18:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kurt\Application Data\DAEMON Tools Pro
[2010/11/06 15:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kurt\Application Data\LimeWire
[2010/10/17 20:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kurt\Application Data\Red Kawa
[2010/11/06 20:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kurt\Application Data\SystemRequirementsLab
[2010/10/24 20:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kurt\Application Data\TuneUp Software
[2010/11/07 12:28:17 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/11/07 12:27:09 | 000,015,185 | ---- | M] () -- C:\aaw7boot.log
[2010/10/03 12:56:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/10/30 16:04:22 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/11/06 14:21:40 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/11/06 17:23:16 | 000,022,091 | ---- | M] () -- C:\ComboFix.txt
[2010/10/03 12:56:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/10/17 19:40:05 | 000,001,224 | ---- | M] () -- C:\Cucu_Video_log.txt
[2010/10/03 12:56:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/10/03 12:56:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 22:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 22:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/11/07 12:27:09 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/11/06 14:57:13 | 000,000,390 | ---- | M] () -- C:\rkill.log
[2010/11/06 09:04:17 | 000,035,726 | ---- | M] () -- C:\TDSSKiller.2.4.6.0_06.11.2010_09.02.49_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/10/03 12:56:19 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 22:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 20:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/08 01:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/10/03 22:14:30 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/10/03 22:14:30 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/10/03 22:14:30 | 000,921,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/10/10 20:39:27 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/10/03 13:17:29 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Kurt\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/10/03 13:17:29 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Kurt\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/11/07 12:50:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kurt\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/10/03 13:17:29 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Kurt\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/11/07 12:30:00 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Kurt\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2006/11/01 18:31:34 | 000,315,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2004/08/04 22:00:00 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2004/08/04 01:06:34 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2004/08/04 01:06:34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2004/08/04 01:06:34 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/07/17 11:41:10 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/07/17 11:41:10 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/07/17 11:41:10 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

broni · 2010/11/06

Good news then
Yes, your gaming problem would a matter of a different forum (when we're done here).

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

================================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
[2010/10/31 11:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kurt\Local Settings\Application Data\AVG Security Toolbar


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
===============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

RedFOX · 2010/11/07

Ok, so before i post all the logs and such. Just a few questions.

1. A previous solution told me to disable Automatic Updates. I did so and they are still turned off. Should I activate them again?

2.Is Ad-Aware necessary to have on my computer?

OTL Log

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}\ deleted successfully.
File {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found not found.
C:\Documents and Settings\Kurt\Local Settings\Application Data\AVG Security Toolbar\cache\update folder moved successfully.
C:\Documents and Settings\Kurt\Local Settings\Application Data\AVG Security Toolbar\cache folder moved successfully.
C:\Documents and Settings\Kurt\Local Settings\Application Data\AVG Security Toolbar folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kurt
->Temp folder emptied: 18869748 bytes
->Temporary Internet Files folder emptied: 5148956 bytes
->Java cache emptied: 163751 bytes
->FireFox cache emptied: 53193596 bytes
->Flash cache emptied: 2491 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 114822 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 393216 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 74.00 mb

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Kurt
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 11072010_141441

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_5bc.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_d50.dat not found!

Registry entries deleted on Reboot...

ESET Log

C:\Documents and Settings\Kurt\My Documents\Downloads\CyberLink.Power.Director.Ultra.7.00.1628.iso probably a variant of Win32/Agent.JAMZZKT trojan

broni · 2010/11/07

At this point you can turn updates on.
Ad-aware is a tool of the past and you can safely uninstall it.

I still need SecurityCheck log.

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL

:Services

:Reg

:Files
C:\Documents and Settings\Kurt\My Documents\Downloads\CyberLink.Power.Director.Ultra.7.00.1628.iso

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

RedFOX · 2010/11/07

Oh, forgot to post that one.

Is this thing that you've given to me for OTL. Have I done this or is it something new?

broni · 2010/11/07

I'm not sure, if i understand.
You need to run the above OTL script to remove infected file.
...and give me SecurityCheck log.

Log in or Sign up

Solved "Generic Host Process for Win 32 Services", svchost.exe virus

RedFOX Inactive Thread Starter

Admin. Administrator Administrator Staff

broni Moderator Malware Analyst

RedFOX Inactive Thread Starter

broni Moderator Malware Analyst

RedFOX Inactive Thread Starter

broni Moderator Malware Analyst

RedFOX Inactive Thread Starter

broni Moderator Malware Analyst

RedFOX Inactive Thread Starter

broni Moderator Malware Analyst

RedFOX Inactive Thread Starter

broni Moderator Malware Analyst

RedFOX Inactive Thread Starter

RedFOX Inactive Thread Starter

broni Moderator Malware Analyst

RedFOX Inactive Thread Starter

broni Moderator Malware Analyst

RedFOX Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved "Generic Host Process for Win 32 Services", svchost.exe virus

RedFOX Inactive Thread Starter

Admin. Administrator Administrator Staff

broni Moderator Malware Analyst

RedFOX Inactive Thread Starter

broni Moderator Malware Analyst

RedFOX Inactive Thread Starter

broni Moderator Malware Analyst

RedFOX Inactive Thread Starter

broni Moderator Malware Analyst

RedFOX Inactive Thread Starter

broni Moderator Malware Analyst

RedFOX Inactive Thread Starter

broni Moderator Malware Analyst

RedFOX Inactive Thread Starter

RedFOX Inactive Thread Starter

broni Moderator Malware Analyst

RedFOX Inactive Thread Starter

broni Moderator Malware Analyst

RedFOX Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches