Inactive Can't update virus definitions/google redirects

ComboFix 11-07-04.02 - GuyandAlicia 07/05/2011 2:10.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.323 [GMT -4:00]
Running from: c:\documents and settings\GuyandAlicia\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {683E32E4-3A9E-40AE-B305-8B012FC96F72}
FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-05 to 2011-07-05 )))))))))))))))))))))))))))))))
.
.
2011-06-30 10:04 . 2011-06-30 10:04 -------- d-----w- c:\documents and settings\GuyandAlicia\Application Data\NeopleLauncherDFO
2011-06-30 09:37 . 2011-06-30 09:37 -------- d-----w- C:\Nexon
2011-06-30 09:05 . 2011-06-30 09:29 -------- d-----w- c:\windows\ie8updates
2011-06-30 08:54 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-30 08:54 . 2011-04-25 16:11 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-06-30 08:54 . 2011-04-25 16:11 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-06-30 08:54 . 2011-04-25 16:11 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-06-30 08:54 . 2011-04-25 16:11 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-06-30 08:54 . 2011-04-25 16:11 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-06-30 08:54 . 2011-04-25 16:11 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-06-30 07:26 . 2011-07-04 22:27 -------- d-----w- c:\documents and settings\GuyandAlicia\Local Settings\Application Data\PMB Files
2011-06-30 07:25 . 2011-06-30 07:25 -------- d-----w- c:\program files\Pando Networks
2011-06-30 04:04 . 2011-06-30 04:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-06-30 03:42 . 2011-06-30 03:42 -------- d-----w- c:\documents and settings\GuyandAlicia\Application Data\Malwarebytes
2011-06-30 03:42 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-30 03:42 . 2011-06-30 03:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-30 03:42 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-30 03:42 . 2011-06-30 03:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-12 22:32 . 2011-06-12 22:32 -------- d-----w- c:\documents and settings\GuyandAlicia\Local Settings\Application Data\Conduit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-14 11:58 . 2011-05-30 08:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-10 12:10 . 2011-05-29 16:34 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2011-05-29 16:34 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:02 . 2011-05-29 16:35 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2011-05-29 16:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2011-05-29 16:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2011-05-29 16:35 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2011-05-29 16:35 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2011-05-29 16:35 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-02 15:31 . 2007-05-29 15:24 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-04 00:56 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-03 23:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-27 08:39 . 2011-04-27 08:39 388096 ----a-r- c:\documents and settings\GuyandAlicia\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-25 16:11 . 2004-08-04 00:56 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 00:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 16:11 . 2004-08-04 00:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 12:01 . 2004-08-03 22:59 385024 ----a-w- c:\windows\system32\html.iec
2011-04-24 03:42 . 2011-04-24 03:43 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-21 13:37 . 2004-08-03 23:15 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-06 17:02 . 2011-04-12 06:14 39048 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2011-04-06 17:01 . 2011-04-12 06:14 29464 ----a-w- c:\windows\system32\drivers\OAnet.sys
2011-04-06 17:01 . 2011-04-12 06:14 25192 ----a-w- c:\windows\system32\drivers\OAmon.sys
2011-04-06 12:43 . 2011-04-06 12:43 23040 ----a-w- c:\windows\system32\drivers\MOUCLASS.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= "{472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster "= "c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-06-30 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless "= "c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-11-01 1101824]
"@OnlineArmor GUI "= "c:\program files\Online Armor\oaui.exe" [2011-04-06 2477032]
"avast "= "c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\ggroomes\Start Menu\Programs\Startup\
palmOne Registration.lnk.disabled [2009-3-5 803]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034} "= "c:\progra~1\ONLINE~2\oaevent.dll" [2011-04-06 354720]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-03-04 19:01 88209 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2004-03-01 17:05 200766 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-02-26 06:01 437160 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 07:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2007-11-01 17:51 995328 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Opware12]
2004-02-04 19:44 49152 -c--a-w- c:\program files\ScanSoft\OmniPagePro12.0\opware12.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-22 18:37 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc "=3 (0x3)
"tmlisten "=2 (0x2)
"ntrtscan "=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications "= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\mmc.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\WINDOWS\\system32\\sessmgr.exe "=
"c:\\Program Files\\Rockwell Software\\RSLINX\\RSLINX.EXE "=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe "=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCP:*isabledxpsp2res.dll,-22009
"57752:TCP "= 57752:TCP:*isabledando Media Booster
"57752:UDP "= 57752:UDP:*isabledando Media Booster
"58808:TCP "= 58808:TCPando Media Booster
"58808:UDP "= 58808:UDPando Media Booster
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowOutboundPacketTooBig "= 1 (0x1)
"AllowRedirect "= 1 (0x1)
"AllowOutboundTimeExceeded "= 1 (0x1)
"AllowOutboundParameterProblem "= 1 (0x1)
"AllowOutboundSourceQuench "= 1 (0x1)
"AllowOutboundDestinationUnreachable "= 1 (0x1)
"AllowInboundRouterRequest "= 1 (0x1)
"AllowInboundMaskRequest "= 1 (0x1)
"AllowInboundTimestampRequest "= 1 (0x1)
"AllowInboundEchoRequest "= 1 (0x1)
.
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [4/12/2011 2:14 AM 25192]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [4/12/2011 2:14 AM 29464]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [4/12/2011 2:13 AM 381512]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 2:44 AM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 2:44 AM 399416]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [6/12/2007 11:54 AM 182101]
R3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [6/12/2007 11:54 AM 5689]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 MpKsl0b7359ab;MpKsl0b7359ab;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85893ACF-2D8E-4601-A899-6166C7EEC908}\MpKsl0b7359ab.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85893ACF-2D8E-4601-A899-6166C7EEC908}\MpKsl0b7359ab.sys [?]
S1 MpKsl133fbcd1;MpKsl133fbcd1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3295449-92A9-4098-ACFC-62FE4BCC20CC}\MpKsl133fbcd1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3295449-92A9-4098-ACFC-62FE4BCC20CC}\MpKsl133fbcd1.sys [?]
S1 MpKsl27c09fe5;MpKsl27c09fe5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{44AD9C93-0792-4880-A9ED-A52620D60C66}\MpKsl27c09fe5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{44AD9C93-0792-4880-A9ED-A52620D60C66}\MpKsl27c09fe5.sys [?]
S1 MpKsl2c6cf1d4;MpKsl2c6cf1d4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{44368D25-CB8B-4654-9951-A9E60A09EF6B}\MpKsl2c6cf1d4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{44368D25-CB8B-4654-9951-A9E60A09EF6B}\MpKsl2c6cf1d4.sys [?]
S1 MpKsl51c9250a;MpKsl51c9250a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9799C19B-0C31-4939-B744-099296F2F17D}\MpKsl51c9250a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9799C19B-0C31-4939-B744-099296F2F17D}\MpKsl51c9250a.sys [?]
S1 MpKsl5a4f0149;MpKsl5a4f0149;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{44368D25-CB8B-4654-9951-A9E60A09EF6B}\MpKsl5a4f0149.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{44368D25-CB8B-4654-9951-A9E60A09EF6B}\MpKsl5a4f0149.sys [?]
S1 MpKsl6caeffe3;MpKsl6caeffe3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1163472E-9D3C-477E-8A20-A2B42DCFF3B8}\MpKsl6caeffe3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1163472E-9D3C-477E-8A20-A2B42DCFF3B8}\MpKsl6caeffe3.sys [?]
S1 MpKsl6d9b07e1;MpKsl6d9b07e1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE90F26E-B1A7-47FB-87A9-6658CA5D46D9}\MpKsl6d9b07e1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE90F26E-B1A7-47FB-87A9-6658CA5D46D9}\MpKsl6d9b07e1.sys [?]
S1 MpKsl96b258fa;MpKsl96b258fa;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F77E8358-2B84-46D5-977A-69B7D46EE940}\MpKsl96b258fa.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F77E8358-2B84-46D5-977A-69B7D46EE940}\MpKsl96b258fa.sys [?]
S1 MpKsl9c521e28;MpKsl9c521e28;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F72EFD92-C9F1-43DF-9E4F-5A6B202C8DED}\MpKsl9c521e28.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F72EFD92-C9F1-43DF-9E4F-5A6B202C8DED}\MpKsl9c521e28.sys [?]
S1 MpKsla82243bc;MpKsla82243bc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85893ACF-2D8E-4601-A899-6166C7EEC908}\MpKsla82243bc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85893ACF-2D8E-4601-A899-6166C7EEC908}\MpKsla82243bc.sys [?]
S1 MpKslaf1fa851;MpKslaf1fa851;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DF9E4E75-459B-4433-91E2-7B0F3BBB67DC}\MpKslaf1fa851.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DF9E4E75-459B-4433-91E2-7B0F3BBB67DC}\MpKslaf1fa851.sys [?]
S1 MpKslc3cc941e;MpKslc3cc941e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A82FF57F-1A2D-4463-B4FA-A0D1ADD9C55E}\MpKslc3cc941e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A82FF57F-1A2D-4463-B4FA-A0D1ADD9C55E}\MpKslc3cc941e.sys [?]
S1 MpKslcc9f5e87;MpKslcc9f5e87;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7D1B232A-D734-4E76-BD68-BF26D7AF74CD}\MpKslcc9f5e87.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7D1B232A-D734-4E76-BD68-BF26D7AF74CD}\MpKslcc9f5e87.sys [?]
S1 MpKslcd8dca8c;MpKslcd8dca8c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CB47B2B-0DB6-416B-B7C8-8439055198C2}\MpKslcd8dca8c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CB47B2B-0DB6-416B-B7C8-8439055198C2}\MpKslcd8dca8c.sys [?]
S1 MpKslea14181e;MpKslea14181e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AFDADBDF-8223-49BE-90B4-034A1743FAA0}\MpKslea14181e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AFDADBDF-8223-49BE-90B4-034A1743FAA0}\MpKslea14181e.sys [?]
S1 MpKslf06e9edc;MpKslf06e9edc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE90F26E-B1A7-47FB-87A9-6658CA5D46D9}\MpKslf06e9edc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE90F26E-B1A7-47FB-87A9-6658CA5D46D9}\MpKslf06e9edc.sys [?]
S1 MpKslf3b11b97;MpKslf3b11b97;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE90F26E-B1A7-47FB-87A9-6658CA5D46D9}\MpKslf3b11b97.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE90F26E-B1A7-47FB-87A9-6658CA5D46D9}\MpKslf3b11b97.sys [?]
S1 MpKslf972aa9a;MpKslf972aa9a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7D1B232A-D734-4E76-BD68-BF26D7AF74CD}\MpKslf972aa9a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7D1B232A-D734-4E76-BD68-BF26D7AF74CD}\MpKslf972aa9a.sys [?]
S1 OADevice;OADriver;\??\c:\windows\system32\drivers\OADriver.sys --> c:\windows\system32\drivers\OADriver.sys [?]
S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [4/12/2011 2:14 AM 39048]
S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\Drivers\VirtualBackplane.sys --> c:\windows\system32\Drivers\VirtualBackplane.sys [?]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/29/2011 12:35 PM 19544]
S2 SLClient;ScriptLogic Service; [x]
S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [4/12/2011 2:13 AM 4326472]
S3 ABKTCX;Rockwell Software 1784-KTC(X) Driver;c:\windows\system32\drivers\abktcx.sys [9/29/2004 11:20 AM 71448]
S3 CryptSvcEventSystem;CryptSvc CryptSvcEventSystem;c:\windows\system32\1054w.exe srv --> c:\windows\system32\1054w.exe srv [?]
S3 RS_SS_NT;RSLinx S-S SD/SD2 Device Driver;c:\windows\system32\RS_SS_NT.SYS [9/29/2004 11:20 AM 142592]
S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [9/29/2004 11:20 AM 30166]
S3 RSSERIAL;RSLinx Serial Driver;c:\windows\system32\rsserial.sys [9/29/2004 11:20 AM 155440]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BLACKBOX
*Deregistered* - BlackBox
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-04 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-04-07 02:18]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\GuyandAlicia\Application Data\Mozilla\Firefox\Profiles\poknveqq.default\
FF - prefs.js: browser.search.selectedEngine - Scroogle
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-05 02:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\WinDNet32\Drivers]
@DACL=(02 0000)
"Allen-Bradley 1770-KFD "= "c:\\Program Files\\Rockwell Software\\RSLinx\\KFD32DVR.DLL "
"Allen-Bradley 1771-SDNPT "= "c:\\Program Files\\Rockwell Software\\RSLinx\\SDNPTDRV.DLL "
"Allen-Bradley 1747-SDNPT "= "c:\\Program Files\\Rockwell Software\\RSLinx\\SDN47PT.DLL "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(488)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2336)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2011-07-05 02:23:08
ComboFix-quarantined-files.txt 2011-07-05 06:23
ComboFix2.txt 2011-06-30 05:46
.
Pre-Run: 22,719,213,568 bytes free
Post-Run: 22,705,201,152 bytes free
.
- - End Of File - - 58BACDDDAD4ED60D013E1F26F4396E22

 

Ran the script, CF got to step 3 and this popped up "pev.cfxxe has encountered a problem and needs to close. We are sorry for the inconvenience." Seemed to finish after that, although program didnt produce a log report. I will try in safemode

 

think it might be online armor interfering with it.

ComboFix 11-07-04.02 - GuyandAlicia 07/05/2011 23:40:27.9.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.356 [GMT -4:00]
Running from: c:\documents and settings\GuyandAlicia\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\GuyandAlicia\Desktop\Cfscript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EAGLEXNT
-------\Service_EagleXNt
.
.
((((((((((((((((((((((((( Files Created from 2011-06-06 to 2011-07-06 )))))))))))))))))))))))))))))))
.
.
2011-06-30 10:04 . 2011-06-30 10:04 -------- d-----w- c:\documents and settings\GuyandAlicia\Application Data\NeopleLauncherDFO
2011-06-30 09:37 . 2011-06-30 09:37 -------- d-----w- C:\Nexon
2011-06-30 09:05 . 2011-06-30 09:29 -------- d-----w- c:\windows\ie8updates
2011-06-30 08:54 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-30 08:54 . 2011-04-25 16:11 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-06-30 08:54 . 2011-04-25 16:11 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-06-30 08:54 . 2011-04-25 16:11 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-06-30 08:54 . 2011-04-25 16:11 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-06-30 08:54 . 2011-04-25 16:11 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-06-30 08:54 . 2011-04-25 16:11 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-06-30 07:26 . 2011-07-06 03:35 -------- d-----w- c:\documents and settings\GuyandAlicia\Local Settings\Application Data\PMB Files
2011-06-30 07:25 . 2011-06-30 07:25 -------- d-----w- c:\program files\Pando Networks
2011-06-30 04:04 . 2011-06-30 04:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-06-30 03:42 . 2011-06-30 03:42 -------- d-----w- c:\documents and settings\GuyandAlicia\Application Data\Malwarebytes
2011-06-30 03:42 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-30 03:42 . 2011-06-30 03:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-30 03:42 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-30 03:42 . 2011-06-30 03:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-12 22:32 . 2011-06-12 22:32 -------- d-----w- c:\documents and settings\GuyandAlicia\Local Settings\Application Data\Conduit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-14 11:58 . 2011-05-30 08:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-10 12:10 . 2011-05-29 16:34 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2011-05-29 16:34 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:02 . 2011-05-29 16:35 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2011-05-29 16:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2011-05-29 16:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2011-05-29 16:35 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2011-05-29 16:35 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2011-05-29 16:35 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-02 15:31 . 2007-05-29 15:24 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-04 00:56 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-03 23:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-27 08:39 . 2011-04-27 08:39 388096 ----a-r- c:\documents and settings\GuyandAlicia\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-25 16:11 . 2004-08-04 00:56 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 00:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 16:11 . 2004-08-04 00:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 12:01 . 2004-08-03 22:59 385024 ----a-w- c:\windows\system32\html.iec
2011-04-24 03:42 . 2011-04-24 03:43 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-21 13:37 . 2004-08-03 23:15 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= "{472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster "= "c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-06-30 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless "= "c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-11-01 1101824]
"@OnlineArmor GUI "= "c:\program files\Online Armor\oaui.exe" [2011-04-06 2477032]
"avast "= "c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\ggroomes\Start Menu\Programs\Startup\
palmOne Registration.lnk.disabled [2009-3-5 803]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034} "= "c:\progra~1\ONLINE~2\oaevent.dll" [2011-04-06 354720]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-03-04 19:01 88209 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2004-03-01 17:05 200766 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-02-26 06:01 437160 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 07:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2007-11-01 17:51 995328 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Opware12]
2004-02-04 19:44 49152 -c--a-w- c:\program files\ScanSoft\OmniPagePro12.0\opware12.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-22 18:37 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc "=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\mmc.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\WINDOWS\\system32\\sessmgr.exe "=
"c:\\Program Files\\Rockwell Software\\RSLINX\\RSLINX.EXE "=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe "=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCP:*isabledxpsp2res.dll,-22009
"57752:TCP "= 57752:TCP:*isabledando Media Booster
"57752:UDP "= 57752:UDP:*isabledando Media Booster
"58808:TCP "= 58808:TCPando Media Booster
"58808:UDP "= 58808:UDPando Media Booster
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowOutboundPacketTooBig "= 1 (0x1)
"AllowRedirect "= 1 (0x1)
"AllowOutboundTimeExceeded "= 1 (0x1)
"AllowOutboundParameterProblem "= 1 (0x1)
"AllowOutboundSourceQuench "= 1 (0x1)
"AllowOutboundDestinationUnreachable "= 1 (0x1)
"AllowInboundRouterRequest "= 1 (0x1)
"AllowInboundMaskRequest "= 1 (0x1)
"AllowInboundTimestampRequest "= 1 (0x1)
"AllowInboundEchoRequest "= 1 (0x1)
.
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [6/12/2007 11:54 AM 182101]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [6/12/2007 11:54 AM 5689]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 MpKsl0b7359ab;MpKsl0b7359ab;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85893ACF-2D8E-4601-A899-6166C7EEC908}\MpKsl0b7359ab.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85893ACF-2D8E-4601-A899-6166C7EEC908}\MpKsl0b7359ab.sys [?]
S1 MpKsl133fbcd1;MpKsl133fbcd1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3295449-92A9-4098-ACFC-62FE4BCC20CC}\MpKsl133fbcd1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3295449-92A9-4098-ACFC-62FE4BCC20CC}\MpKsl133fbcd1.sys [?]
S1 MpKsl27c09fe5;MpKsl27c09fe5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{44AD9C93-0792-4880-A9ED-A52620D60C66}\MpKsl27c09fe5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{44AD9C93-0792-4880-A9ED-A52620D60C66}\MpKsl27c09fe5.sys [?]
S1 MpKsl2c6cf1d4;MpKsl2c6cf1d4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{44368D25-CB8B-4654-9951-A9E60A09EF6B}\MpKsl2c6cf1d4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{44368D25-CB8B-4654-9951-A9E60A09EF6B}\MpKsl2c6cf1d4.sys [?]
S1 MpKsl51c9250a;MpKsl51c9250a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9799C19B-0C31-4939-B744-099296F2F17D}\MpKsl51c9250a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9799C19B-0C31-4939-B744-099296F2F17D}\MpKsl51c9250a.sys [?]
S1 MpKsl5a4f0149;MpKsl5a4f0149;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{44368D25-CB8B-4654-9951-A9E60A09EF6B}\MpKsl5a4f0149.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{44368D25-CB8B-4654-9951-A9E60A09EF6B}\MpKsl5a4f0149.sys [?]
S1 MpKsl6caeffe3;MpKsl6caeffe3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1163472E-9D3C-477E-8A20-A2B42DCFF3B8}\MpKsl6caeffe3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1163472E-9D3C-477E-8A20-A2B42DCFF3B8}\MpKsl6caeffe3.sys [?]
S1 MpKsl6d9b07e1;MpKsl6d9b07e1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE90F26E-B1A7-47FB-87A9-6658CA5D46D9}\MpKsl6d9b07e1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE90F26E-B1A7-47FB-87A9-6658CA5D46D9}\MpKsl6d9b07e1.sys [?]
S1 MpKsl96b258fa;MpKsl96b258fa;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F77E8358-2B84-46D5-977A-69B7D46EE940}\MpKsl96b258fa.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F77E8358-2B84-46D5-977A-69B7D46EE940}\MpKsl96b258fa.sys [?]
S1 MpKsl9c521e28;MpKsl9c521e28;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F72EFD92-C9F1-43DF-9E4F-5A6B202C8DED}\MpKsl9c521e28.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F72EFD92-C9F1-43DF-9E4F-5A6B202C8DED}\MpKsl9c521e28.sys [?]
S1 MpKsla82243bc;MpKsla82243bc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85893ACF-2D8E-4601-A899-6166C7EEC908}\MpKsla82243bc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85893ACF-2D8E-4601-A899-6166C7EEC908}\MpKsla82243bc.sys [?]
S1 MpKslaf1fa851;MpKslaf1fa851;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DF9E4E75-459B-4433-91E2-7B0F3BBB67DC}\MpKslaf1fa851.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DF9E4E75-459B-4433-91E2-7B0F3BBB67DC}\MpKslaf1fa851.sys [?]
S1 MpKslc3cc941e;MpKslc3cc941e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A82FF57F-1A2D-4463-B4FA-A0D1ADD9C55E}\MpKslc3cc941e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A82FF57F-1A2D-4463-B4FA-A0D1ADD9C55E}\MpKslc3cc941e.sys [?]
S1 MpKslcc9f5e87;MpKslcc9f5e87;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7D1B232A-D734-4E76-BD68-BF26D7AF74CD}\MpKslcc9f5e87.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7D1B232A-D734-4E76-BD68-BF26D7AF74CD}\MpKslcc9f5e87.sys [?]
S1 MpKslcd8dca8c;MpKslcd8dca8c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CB47B2B-0DB6-416B-B7C8-8439055198C2}\MpKslcd8dca8c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CB47B2B-0DB6-416B-B7C8-8439055198C2}\MpKslcd8dca8c.sys [?]
S1 MpKslea14181e;MpKslea14181e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AFDADBDF-8223-49BE-90B4-034A1743FAA0}\MpKslea14181e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AFDADBDF-8223-49BE-90B4-034A1743FAA0}\MpKslea14181e.sys [?]
S1 MpKslf06e9edc;MpKslf06e9edc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE90F26E-B1A7-47FB-87A9-6658CA5D46D9}\MpKslf06e9edc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE90F26E-B1A7-47FB-87A9-6658CA5D46D9}\MpKslf06e9edc.sys [?]
S1 MpKslf3b11b97;MpKslf3b11b97;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE90F26E-B1A7-47FB-87A9-6658CA5D46D9}\MpKslf3b11b97.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE90F26E-B1A7-47FB-87A9-6658CA5D46D9}\MpKslf3b11b97.sys [?]
S1 MpKslf972aa9a;MpKslf972aa9a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7D1B232A-D734-4E76-BD68-BF26D7AF74CD}\MpKslf972aa9a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7D1B232A-D734-4E76-BD68-BF26D7AF74CD}\MpKslf972aa9a.sys [?]
S1 OADevice;OADriver;\??\c:\windows\system32\drivers\OADriver.sys --> c:\windows\system32\drivers\OADriver.sys [?]
S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [4/12/2011 2:14 AM 39048]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [4/12/2011 2:14 AM 25192]
S1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [4/12/2011 2:14 AM 29464]
S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\Drivers\VirtualBackplane.sys --> c:\windows\system32\Drivers\VirtualBackplane.sys [?]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/29/2011 12:35 PM 19544]
S2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [4/12/2011 2:13 AM 381512]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 2:44 AM 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 2:44 AM 399416]
S2 SLClient;ScriptLogic Service; [x]
S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [4/12/2011 2:13 AM 4326472]
S3 ABKTCX;Rockwell Software 1784-KTC(X) Driver;c:\windows\system32\drivers\abktcx.sys [9/29/2004 11:20 AM 71448]
S3 CryptSvcEventSystem;CryptSvc CryptSvcEventSystem;c:\windows\system32\1054w.exe srv --> c:\windows\system32\1054w.exe srv [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
S3 RS_SS_NT;RSLinx S-S SD/SD2 Device Driver;c:\windows\system32\RS_SS_NT.SYS [9/29/2004 11:20 AM 142592]
S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [9/29/2004 11:20 AM 30166]
S3 RSSERIAL;RSLinx Serial Driver;c:\windows\system32\rsserial.sys [9/29/2004 11:20 AM 155440]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-06 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-04-07 02:18]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\GuyandAlicia\Application Data\Mozilla\Firefox\Profiles\poknveqq.default\
FF - prefs.js: browser.search.selectedEngine - Scroogle
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-05 23:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\WinDNet32\Drivers]
@DACL=(02 0000)
"Allen-Bradley 1770-KFD "= "c:\\Program Files\\Rockwell Software\\RSLinx\\KFD32DVR.DLL "
"Allen-Bradley 1771-SDNPT "= "c:\\Program Files\\Rockwell Software\\RSLinx\\SDNPTDRV.DLL "
"Allen-Bradley 1747-SDNPT "= "c:\\Program Files\\Rockwell Software\\RSLinx\\SDN47PT.DLL "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(240)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1764)
c:\windows\system32\WININET.dll
.
Completion time: 2011-07-05 23:55:04
ComboFix-quarantined-files.txt 2011-07-06 03:55
ComboFix2.txt 2011-07-05 06:23
ComboFix3.txt 2011-06-30 05:46
.
Pre-Run: 22,704,349,184 bytes free
Post-Run: 22,682,923,008 bytes free
.
- - End Of File - - 2B895D36124B13C6F5BFCCE4D88F28AF

 

good, i noticed its alot more responsive loading programs and whatnot. Still getting google redirects. Usually when i load up a page the top left will have a loading graphic. Well since getting the redirects the loading graphic keeps going and then google analytics sites pop up or some random site called clickcheck

OTL logfile created on: 7/6/2011 12:39:48 AM - Run 1
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Documents and Settings\GuyandAlicia\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 106.87 Mb Available Physical Memory | 20.90% Memory free
2.47 Gb Paging File | 2.14 Gb Available in Paging File | 86.71% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 21.02 Gb Free Space | 56.43% Space Free | Partition Type: NTFS

Computer Name: PHMAINTLT002 | User Name: GuyandAlicia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/06 00:35:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GuyandAlicia\My Documents\Downloads\OTL.exe
PRC - [2011/05/10 08:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/05/02 12:15:14 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/04/06 13:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/01 13:47:08 | 001,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/04/07 13:29:46 | 000,122,880 | ---- | M] (Visioneer Inc.) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
PRC - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/02/21 01:54:40 | 000,090,112 | ---- | M] (OPC Foundation) -- C:\WINDOWS\system32\OpcEnum.exe
PRC - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/07/06 00:35:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GuyandAlicia\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (CryptSvcEventSystem)
SRV - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/04/06 13:01:06 | 004,326,472 | ---- | M] (Emsi Software GmbH) [Auto | Stopped] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2011/04/06 13:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\OAcat.exe -- (OAcat)
SRV - [2008/10/07 14:00:32 | 000,558,496 | ---- | M] (ScriptLogic Software Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\SLClient.exe -- (SLClient)
SRV - [2006/04/07 13:29:46 | 000,122,880 | ---- | M] (Visioneer Inc.) [Auto | Running] -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor)
SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/09/29 10:53:02 | 001,507,600 | ---- | M] (Rockwell Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Rockwell Software\RSLINX\RSLINX.EXE -- (RSLinx)
SRV - [2004/02/21 01:54:40 | 000,090,112 | ---- | M] (OPC Foundation) [Auto | Running] -- C:\WINDOWS\system32\OpcEnum.exe -- (OpcEnum)
SRV - [2003/05/06 14:13:32 | 000,118,784 | ---- | M] (Rockwell Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE -- (Harmony)
SRV - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2002/04/29 08:51:06 | 000,073,728 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe -- (dnWhoDisp)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/04/06 13:02:26 | 000,039,048 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2011/04/06 13:01:32 | 000,029,464 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2011/04/06 13:01:30 | 000,025,192 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/12/24 17:37:00 | 000,138,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/08/27 11:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/08/15 07:27:18 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\n558.sys -- (n558)
DRV - [2006/08/23 12:47:18 | 002,206,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005/06/07 23:19:52 | 001,201,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/04 15:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/12/06 17:55:20 | 000,126,720 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/29 11:20:40 | 000,155,440 | R--- | M] (Rockwell Software Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\RSSERIAL.SYS -- (RSSERIAL)
DRV - [2004/09/29 11:20:40 | 000,142,592 | R--- | M] (Rockwell Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\RS_SS_NT.SYS -- (RS_SS_NT)
DRV - [2004/09/29 11:20:40 | 000,030,166 | R--- | M] (Rockwell Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\RSIKT.SYS -- (RsiKtControl)
DRV - [2004/09/29 11:20:30 | 000,071,448 | R--- | M] (Rockwell Software Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ABKTCX.sys -- (ABKTCX) Rockwell Software 1784-KTC(X)
DRV - [2004/08/30 12:24:30 | 000,053,816 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004/06/02 17:13:32 | 000,016,896 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2004/06/02 17:07:28 | 001,240,938 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2004/06/02 17:00:10 | 000,147,864 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004/06/02 16:59:58 | 000,030,235 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2004/03/23 22:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2004/03/22 12:27:34 | 001,657,344 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel(R)
DRV - [2003/07/28 20:49:00 | 000,182,101 | R--- | M] (O2 Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mmb.sys -- (CONAN)
DRV - [2003/07/24 10:50:00 | 000,005,689 | R--- | M] (O2 Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MbxStby.sys -- (MbxStby)
DRV - [2002/08/19 14:35:44 | 000,019,845 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Cpqdfw.sys -- (cpqdfw)
DRV - [2001/08/23 04:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/23 04:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 08:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Scroogle "
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com "


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/03 13:00:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/22 03:25:13 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/03 13:00:12 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/22 03:25:13 | 000,000,000 | ---D | M]

[2009/03/07 12:01:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GuyandAlicia\Application Data\Mozilla\Extensions
[2011/07/05 22:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GuyandAlicia\Application Data\Mozilla\Firefox\Profiles\poknveqq.default\extensions
[2010/05/28 05:23:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\GuyandAlicia\Application Data\Mozilla\Firefox\Profiles\poknveqq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/22 02:21:16 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\GuyandAlicia\Application Data\Mozilla\Firefox\Profiles\poknveqq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/05/22 02:21:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\GuyandAlicia\Application Data\Mozilla\Firefox\Profiles\poknveqq.default\extensions\engine@conduit.com
[2010/07/03 13:41:53 | 000,002,152 | ---- | M] () -- C:\Documents and Settings\GuyandAlicia\Application Data\Mozilla\Firefox\Profiles\poknveqq.default\searchplugins\qrobeit.xml
[2009/08/09 22:14:48 | 000,001,189 | ---- | M] () -- C:\Documents and Settings\GuyandAlicia\Application Data\Mozilla\Firefox\Profiles\poknveqq.default\searchplugins\scroogle.xml
[2009/12/02 09:03:00 | 000,001,252 | ---- | M] () -- C:\Documents and Settings\GuyandAlicia\Application Data\Mozilla\Firefox\Profiles\poknveqq.default\searchplugins\winamp-search.xml
[2011/07/05 22:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/27 18:51:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/22 14:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

O1 HOSTS File: ([2011/06/30 13:54:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\oaui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1219848329491 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1219848295693 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.65.146 213.109.76.56 1.1.1.1
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (WIDCOMM, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/29 11:26:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/06 00:38:32 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/06 00:38:31 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/06 00:28:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/07/06 00:11:23 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/07/05 00:46:23 | 004,131,183 | R--- | C] (Swearware) -- C:\Documents and Settings\GuyandAlicia\Desktop\ComboFix.exe
[2011/07/03 17:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GuyandAlicia\Desktop\Logs
[2011/06/30 06:04:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GuyandAlicia\Application Data\NeopleLauncherDFO
[2011/06/30 05:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nexon
[2011/06/30 05:37:46 | 000,000,000 | ---D | C] -- C:\Nexon
[2011/06/30 05:05:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/06/30 04:54:17 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/30 04:54:15 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/06/30 04:54:14 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/06/30 04:54:14 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011/06/30 04:54:12 | 001,991,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011/06/30 03:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GuyandAlicia\Local Settings\Application Data\PMB Files
[2011/06/30 03:25:05 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011/06/30 01:26:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/30 01:26:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/30 01:26:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/30 01:26:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/30 01:12:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/30 00:04:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/29 23:42:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GuyandAlicia\Application Data\Malwarebytes
[2011/06/29 23:42:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/29 23:42:25 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/29 23:42:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/29 23:42:18 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/29 23:42:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/12 18:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GuyandAlicia\Local Settings\Application Data\Conduit

========== Files - Modified Within 30 Days ==========

[2011/07/06 00:38:31 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/05 23:58:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/05 23:57:59 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/07/05 23:57:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/05 23:35:39 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2011/07/05 00:48:53 | 004,131,183 | R--- | M] (Swearware) -- C:\Documents and Settings\GuyandAlicia\Desktop\ComboFix.exe
[2011/07/04 07:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 07:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 07:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/06/30 15:45:47 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\GuyandAlicia\My Documents\MBR.dat
[2011/06/30 13:54:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/30 06:12:34 | 000,438,758 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/30 06:12:34 | 000,070,522 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/30 05:49:44 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dungeon Fighter Online.url
[2011/06/30 05:39:42 | 000,001,809 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/29 23:42:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\GuyandAlicia\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/29 23:38:08 | 000,126,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/14 07:58:43 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2011/06/30 15:45:47 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\GuyandAlicia\My Documents\MBR.dat
[2011/06/30 05:49:44 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dungeon Fighter Online.url
[2011/06/30 01:26:50 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/30 01:26:50 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/30 01:26:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/30 01:26:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/30 01:26:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/30 01:20:56 | 000,001,809 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/06/29 23:42:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\GuyandAlicia\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/17 01:13:41 | 000,002,904 | -HS- | C] () -- C:\Documents and Settings\GuyandAlicia\Local Settings\Application Data\n5tcxce8onsa44jdoj4a5m5vu37617hn06
[2011/05/17 01:13:41 | 000,002,904 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\n5tcxce8onsa44jdoj4a5m5vu37617hn06
[2011/04/25 14:53:26 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/25 14:53:26 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/24 06:27:41 | 000,015,434 | -HS- | C] () -- C:\Documents and Settings\GuyandAlicia\Local Settings\Application Data\61af0b5oy074ma2d330
[2011/04/24 06:27:41 | 000,015,434 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\61af0b5oy074ma2d330
[2011/04/12 02:14:43 | 000,039,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2011/04/03 18:06:19 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/05 16:43:58 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\GuyandAlicia\Local Settings\Application Data\fusioncache.dat
[2011/01/05 16:09:54 | 000,117,092 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2011/01/05 16:09:42 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/09/30 20:38:34 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\GuyandAlicia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/14 18:24:29 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/07/17 12:24:57 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2009/06/16 00:01:34 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS27.DLL
[2009/01/20 15:29:44 | 000,003,721 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/16 08:22:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/04/24 07:44:05 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/04/24 07:39:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/03/26 10:31:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\csmain.INI
[2008/03/26 10:31:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\esmain.INI
[2008/03/26 10:29:47 | 000,003,566 | ---- | C] () -- C:\WINDOWS\DS400.INI
[2008/01/23 13:38:43 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007/09/15 07:08:07 | 000,006,981 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/08/15 07:27:18 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2007/08/06 08:43:43 | 000,000,174 | ---- | C] () -- C:\WINDOWS\bi_group.ini
[2007/08/04 12:36:53 | 000,000,034 | ---- | C] () -- C:\WINDOWS\CPQDFWWA.INI
[2007/07/14 09:05:04 | 000,000,137 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2007/06/12 12:02:16 | 000,002,116 | ---- | C] () -- C:\WINDOWS\ACT_CFG.INI
[2007/06/12 12:02:08 | 000,019,845 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cpqdfw.sys
[2007/06/12 12:02:08 | 000,001,533 | ---- | C] () -- C:\WINDOWS\Cpqdiag.ini
[2007/06/12 11:57:11 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2007/06/01 14:38:25 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\useng.dll
[2007/06/01 14:38:24 | 000,087,040 | ---- | C] () -- C:\WINDOWS\System32\InstConv.dll
[2007/06/01 11:33:50 | 000,000,031 | ---- | C] () -- C:\WINDOWS\RESET.INI
[2007/06/01 11:32:54 | 000,000,032 | ---- | C] () -- C:\WINDOWS\EVMOVE.INI
[2007/06/01 11:23:01 | 000,000,992 | ---- | C] () -- C:\WINDOWS\EDS.ini
[2007/06/01 11:11:42 | 000,000,032 | ---- | C] () -- C:\WINDOWS\EvMoveW.INI
[2007/06/01 11:09:54 | 000,000,172 | ---- | C] () -- C:\WINDOWS\Rocksoft.ini
[2007/06/01 10:24:35 | 000,061,440 | R--- | C] () -- C:\WINDOWS\scrub2k.exe
[2007/06/01 10:24:35 | 000,000,093 | R--- | C] () -- C:\WINDOWS\hpw9300k.ini
[2007/06/01 10:23:10 | 000,006,865 | ---- | C] () -- C:\WINDOWS\hpdj9300.ini
[2007/05/30 13:43:03 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[2007/05/30 13:17:03 | 000,001,185 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/29 12:02:34 | 000,013,456 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2007/05/29 11:30:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/05/29 11:23:41 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/05/29 06:23:59 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/05/29 06:22:45 | 000,126,912 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/05/05 17:18:56 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2005/05/03 16:18:54 | 000,093,878 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/09/29 11:20:42 | 000,030,992 | R--- | C] () -- C:\WINDOWS\System32\LINXVDD.DLL
[2004/09/29 11:20:42 | 000,007,449 | R--- | C] () -- C:\WINDOWS\System32\drivers\SDDHP.BIN
[2004/09/29 11:20:42 | 000,006,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\slcnewkt.bin
[2004/09/29 11:20:40 | 000,005,433 | R--- | C] () -- C:\WINDOWS\System32\drivers\SDDH.BIN
[2004/09/29 11:20:40 | 000,001,824 | R--- | C] () -- C:\WINDOWS\System32\drivers\PCMKST3.BIN
[2004/09/29 11:20:38 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\drivers\KTC.BIN
[2004/09/29 11:20:38 | 000,015,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\PCMK485.BIN
[2004/09/29 11:20:38 | 000,015,557 | R--- | C] () -- C:\WINDOWS\System32\drivers\KTX485.BIN
[2004/09/29 11:20:38 | 000,009,282 | R--- | C] () -- C:\WINDOWS\System32\drivers\PCMKPCL.BIN
[2004/09/29 11:20:38 | 000,009,139 | R--- | C] () -- C:\WINDOWS\System32\drivers\KTXPCL.BIN
[2004/09/29 11:20:38 | 000,001,800 | R--- | C] () -- C:\WINDOWS\System32\drivers\PCMKST1.BIN
[2004/09/29 11:20:38 | 000,001,800 | R--- | C] () -- C:\WINDOWS\System32\drivers\KTXST1.BIN
[2004/09/29 11:20:38 | 000,000,301 | R--- | C] () -- C:\WINDOWS\System32\drivers\PCMKST0.BIN
[2004/09/29 11:20:38 | 000,000,301 | R--- | C] () -- C:\WINDOWS\System32\drivers\KTXST0.BIN
[2004/09/29 11:20:38 | 000,000,011 | R--- | C] () -- C:\WINDOWS\System32\drivers\PCMKST2.BIN
[2004/09/29 11:20:36 | 000,007,575 | R--- | C] () -- C:\WINDOWS\System32\drivers\KLPCL.BIN
[2004/09/29 11:20:36 | 000,001,825 | R--- | C] () -- C:\WINDOWS\System32\drivers\KT2ST2.BIN
[2004/09/29 11:20:36 | 000,001,824 | R--- | C] () -- C:\WINDOWS\System32\drivers\KLST2.BIN
[2004/09/29 11:20:36 | 000,001,801 | R--- | C] () -- C:\WINDOWS\System32\drivers\KT2ST1.BIN
[2004/09/29 11:20:36 | 000,001,800 | R--- | C] () -- C:\WINDOWS\System32\drivers\KLST1.BIN
[2004/09/29 11:20:36 | 000,000,248 | R--- | C] () -- C:\WINDOWS\System32\drivers\KLST0.BIN
[2004/09/29 11:20:36 | 000,000,177 | R--- | C] () -- C:\WINDOWS\System32\drivers\KT2ST0.BIN
[2004/08/03 21:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/03 20:56:58 | 000,006,672 | ---- | C] () -- C:\WINDOWS\System32\aaclients.dat
[2004/08/03 20:56:58 | 000,005,648 | ---- | C] () -- C:\WINDOWS\System32\1037n.dat
[2004/08/02 10:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/06/02 17:28:30 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/08/23 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 04:00:00 | 000,438,758 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 04:00:00 | 000,070,522 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 04:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1997/07/11 00:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1997/07/11 00:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[1997/07/11 00:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/06/01 12:02:15 | 000,000,260 | RHS- | M] () -- C:\386SWAP.PAR
[2011/05/04 00:08:29 | 000,006,268 | ---- | M] () -- C:\aaw7boot.log
[2007/06/12 12:03:47 | 000,000,086 | ---- | M] () -- C:\ApInsTmp.log
[2007/05/29 11:26:59 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/05/30 09:57:46 | 000,000,192 | ---- | M] () -- C:\BcBtRmv.log
[2011/05/22 04:26:45 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2007/06/12 12:09:19 | 000,000,090 | ---- | M] () -- C:\chpst.log
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/07/06 00:28:14 | 000,023,007 | ---- | M] () -- C:\ComboFix.txt
[2007/05/29 11:26:59 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/05/30 13:04:51 | 000,000,000 | ---- | M] () -- C:\Cookies
[2007/06/01 12:02:15 | 000,000,172 | RHS- | M] () -- C:\EVRSI.SYS
[2009/02/16 15:42:33 | 000,035,840 | ---- | M] () -- C:\Hilander Side Rail.RSS
[2009/02/16 15:42:03 | 000,049,152 | ---- | M] () -- C:\HILANDER SIDE RAIL_BAK000.RSS
[2011/05/30 13:04:51 | 000,000,000 | ---- | M] () -- C:\History
[2008/10/16 08:08:16 | 003,905,028 | ---- | M] () -- C:\HuskyInstallerLog.txt
[2007/05/29 11:26:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/05/29 11:26:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 18:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/03/08 18:26:51 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/07/05 23:57:39 | 2147,483,648 | -HS- | M] () -- C:\pagefile.sys
[2011/05/29 10:46:38 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2007/06/12 12:06:35 | 000,000,161 | ---- | M] () -- C:\sedinst.log
[2007/06/12 12:06:34 | 000,000,189 | ---- | M] () -- C:\sedinst2.log
[2007/06/12 12:07:11 | 000,018,810 | ---- | M] () -- C:\SUNJAVA.log
[2011/06/29 23:48:35 | 000,047,820 | ---- | M] () -- C:\TDSSKiller.2.5.8.0_29.06.2011_23.46.35_log.txt
[2009/03/05 11:31:04 | 000,000,021 | ---- | M] () -- C:\tmuninst.ini
[2011/05/30 13:04:51 | 000,000,000 | ---- | M] () -- C:\Web Data

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >
[2006/02/19 04:28:56 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\Fonts\*.ini >
[2007/05/29 11:26:27 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2001/08/29 10:00:00 | 000,008,192 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD27.DLL
[2001/08/29 10:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP27.DLL
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/04/10 15:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2004/03/22 15:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/07/04 07:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2007/05/29 06:21:59 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2007/05/29 06:21:59 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2007/05/29 06:21:58 | 000,901,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/03/08 18:34:24 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/04/06 02:57:11 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\GuyandAlicia\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/03/06 17:25:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\GuyandAlicia\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/07/05 00:48:53 | 004,131,183 | R--- | M] (Swearware) -- C:\Documents and Settings\GuyandAlicia\Desktop\ComboFix.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/03/08 18:47:41 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\GuyandAlicia\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/05/22 15:07:59 | 000,000,440 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/07/06 00:33:19 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\GuyandAlicia\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >
[2007/11/01 17:22:00 | 000,600,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 14:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 14:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 14:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B

< End of report >

 

Double posted....ooops
hmm now its back to not letting me update my virus and or malware bytes. "Host not found "

 

OTL logfile created on: 7/7/2011 2:00:35 PM - Run 2
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Documents and Settings\GuyandAlicia\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 135.49 Mb Available Physical Memory | 26.50% Memory free
2.47 Gb Paging File | 2.07 Gb Available in Paging File | 83.92% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 20.73 Gb Free Space | 55.65% Space Free | Partition Type: NTFS

Computer Name: PHMAINTLT002 | User Name: GuyandAlicia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/06 00:35:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GuyandAlicia\My Documents\Downloads\OTL.exe
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/15 04:55:53 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/04/06 13:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/01 13:47:08 | 001,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/04/07 13:29:46 | 000,122,880 | ---- | M] (Visioneer Inc.) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
PRC - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/02/21 01:54:40 | 000,090,112 | ---- | M] (OPC Foundation) -- C:\WINDOWS\system32\OpcEnum.exe
PRC - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/07/06 00:35:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GuyandAlicia\My Documents\Downloads\OTL.exe
MOD - [2011/07/04 07:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (CryptSvcEventSystem)
SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/04/06 13:01:06 | 004,326,472 | ---- | M] (Emsi Software GmbH) [Auto | Stopped] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2011/04/06 13:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\OAcat.exe -- (OAcat)
SRV - [2008/10/07 14:00:32 | 000,558,496 | ---- | M] (ScriptLogic Software Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\SLClient.exe -- (SLClient)
SRV - [2006/04/07 13:29:46 | 000,122,880 | ---- | M] (Visioneer Inc.) [Auto | Running] -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor)
SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/09/29 10:53:02 | 001,507,600 | ---- | M] (Rockwell Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Rockwell Software\RSLINX\RSLINX.EXE -- (RSLinx)
SRV - [2004/02/21 01:54:40 | 000,090,112 | ---- | M] (OPC Foundation) [Auto | Running] -- C:\WINDOWS\system32\OpcEnum.exe -- (OpcEnum)
SRV - [2003/05/06 14:13:32 | 000,118,784 | ---- | M] (Rockwell Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE -- (Harmony)
SRV - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2002/04/29 08:51:06 | 000,073,728 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe -- (dnWhoDisp)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (EagleXNt)
DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/04/06 13:02:26 | 000,039,048 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2011/04/06 13:01:32 | 000,029,464 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2011/04/06 13:01:30 | 000,025,192 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/12/24 17:37:00 | 000,138,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/08/27 11:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/08/15 07:27:18 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\n558.sys -- (n558)
DRV - [2006/08/23 12:47:18 | 002,206,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005/06/07 23:19:52 | 001,201,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/04 15:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/12/06 17:55:20 | 000,126,720 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/29 11:20:40 | 000,155,440 | R--- | M] (Rockwell Software Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\RSSERIAL.SYS -- (RSSERIAL)
DRV - [2004/09/29 11:20:40 | 000,142,592 | R--- | M] (Rockwell Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\RS_SS_NT.SYS -- (RS_SS_NT)
DRV - [2004/09/29 11:20:40 | 000,030,166 | R--- | M] (Rockwell Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\RSIKT.SYS -- (RsiKtControl)
DRV - [2004/09/29 11:20:30 | 000,071,448 | R--- | M] (Rockwell Software Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ABKTCX.sys -- (ABKTCX) Rockwell Software 1784-KTC(X)
DRV - [2004/08/30 12:24:30 | 000,053,816 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004/06/02 17:13:32 | 000,016,896 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2004/06/02 17:07:28 | 001,240,938 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2004/06/02 17:00:10 | 000,147,864 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004/06/02 16:59:58 | 000,030,235 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2004/03/23 22:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2004/03/22 12:27:34 | 001,657,344 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel(R)
DRV - [2003/07/28 20:49:00 | 000,182,101 | R--- | M] (O2 Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mmb.sys -- (CONAN)
DRV - [2003/07/24 10:50:00 | 000,005,689 | R--- | M] (O2 Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MbxStby.sys -- (MbxStby)
DRV - [2002/08/19 14:35:44 | 000,019,845 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Cpqdfw.sys -- (cpqdfw)
DRV - [2001/08/23 04:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/23 04:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 08:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Scroogle "
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com "
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)


[2009/03/07 12:01:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GuyandAlicia\Application Data\Mozilla\Extensions
[2011/07/06 22:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GuyandAlicia\Application Data\Mozilla\Firefox\Profiles\poknveqq.default\extensions
[2010/05/28 05:23:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\GuyandAlicia\Application Data\Mozilla\Firefox\Profiles\poknveqq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/22 02:21:16 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\GuyandAlicia\Application Data\Mozilla\Firefox\Profiles\poknveqq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/05/22 02:21:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\GuyandAlicia\Application Data\Mozilla\Firefox\Profiles\poknveqq.default\extensions\engine@conduit.com
[2010/07/03 13:41:53 | 000,002,152 | ---- | M] () -- C:\Documents and Settings\GuyandAlicia\Application Data\Mozilla\Firefox\Profiles\poknveqq.default\searchplugins\qrobeit.xml
[2009/08/09 22:14:48 | 000,001,189 | ---- | M] () -- C:\Documents and Settings\GuyandAlicia\Application Data\Mozilla\Firefox\Profiles\poknveqq.default\searchplugins\scroogle.xml
[2009/12/02 09:03:00 | 000,001,252 | ---- | M] () -- C:\Documents and Settings\GuyandAlicia\Application Data\Mozilla\Firefox\Profiles\poknveqq.default\searchplugins\winamp-search.xml
[2011/07/06 22:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/27 18:51:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/22 14:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

O1 HOSTS File: ([2011/06/30 13:54:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\oaui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1219848329491 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1219848295693 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (WIDCOMM, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/29 11:26:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/06 00:38:32 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/06 00:38:31 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/06 00:28:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/07/06 00:11:23 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/07/05 00:46:23 | 004,131,183 | R--- | C] (Swearware) -- C:\Documents and Settings\GuyandAlicia\Desktop\ComboFix.exe
[2011/07/03 17:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GuyandAlicia\Desktop\Logs
[2011/06/30 06:04:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GuyandAlicia\Application Data\NeopleLauncherDFO
[2011/06/30 05:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nexon
[2011/06/30 05:37:46 | 000,000,000 | ---D | C] -- C:\Nexon
[2011/06/30 05:05:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/06/30 04:54:17 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/30 04:54:15 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/06/30 04:54:14 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/06/30 04:54:14 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011/06/30 04:54:12 | 001,991,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011/06/30 03:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GuyandAlicia\Local Settings\Application Data\PMB Files
[2011/06/30 03:25:05 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011/06/30 01:26:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/30 01:26:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/30 01:26:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/30 01:26:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/30 01:12:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/30 00:04:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/29 23:42:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GuyandAlicia\Application Data\Malwarebytes
[2011/06/29 23:42:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/29 23:42:25 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/29 23:42:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/29 23:42:18 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/29 23:42:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/12 18:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GuyandAlicia\Local Settings\Application Data\Conduit

========== Files - Modified Within 30 Days ==========

[2011/07/07 00:59:31 | 000,007,062 | ---- | M] () -- C:\WINDOWS\GuyandAlicia8.xlb
[2011/07/06 22:12:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/06 22:12:34 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/07/06 21:16:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/06 19:56:46 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2011/07/06 00:38:31 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/05 00:48:53 | 004,131,183 | R--- | M] (Swearware) -- C:\Documents and Settings\GuyandAlicia\Desktop\ComboFix.exe
[2011/07/04 07:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 07:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 07:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/06/30 15:45:47 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\GuyandAlicia\My Documents\MBR.dat
[2011/06/30 13:54:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/30 06:12:34 | 000,438,758 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/30 06:12:34 | 000,070,522 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/30 05:49:44 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dungeon Fighter Online.url
[2011/06/30 05:39:42 | 000,001,809 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/29 23:42:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\GuyandAlicia\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/29 23:38:08 | 000,126,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/14 07:58:43 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2011/06/30 15:45:47 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\GuyandAlicia\My Documents\MBR.dat
[2011/06/30 05:49:44 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dungeon Fighter Online.url
[2011/06/30 01:26:50 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/30 01:26:50 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/30 01:26:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/30 01:26:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/30 01:26:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/30 01:20:56 | 000,001,809 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/06/29 23:42:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\GuyandAlicia\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/17 01:13:41 | 000,002,904 | -HS- | C] () -- C:\Documents and Settings\GuyandAlicia\Local Settings\Application Data\n5tcxce8onsa44jdoj4a5m5vu37617hn06
[2011/05/17 01:13:41 | 000,002,904 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\n5tcxce8onsa44jdoj4a5m5vu37617hn06
[2011/04/25 14:53:26 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/25 14:53:26 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/24 06:27:41 | 000,015,434 | -HS- | C] () -- C:\Documents and Settings\GuyandAlicia\Local Settings\Application Data\61af0b5oy074ma2d330
[2011/04/24 06:27:41 | 000,015,434 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\61af0b5oy074ma2d330
[2011/04/12 02:14:43 | 000,039,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2011/04/03 18:06:19 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/05 16:43:58 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\GuyandAlicia\Local Settings\Application Data\fusioncache.dat
[2011/01/05 16:09:54 | 000,117,092 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2011/01/05 16:09:42 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/09/30 20:38:34 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\GuyandAlicia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/14 18:24:29 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/07/17 12:24:57 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2009/06/16 00:01:34 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS27.DLL
[2009/01/20 15:29:44 | 000,003,721 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/16 08:22:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/04/24 07:44:05 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/04/24 07:39:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/03/26 10:31:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\csmain.INI
[2008/03/26 10:31:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\esmain.INI
[2008/03/26 10:29:47 | 000,003,566 | ---- | C] () -- C:\WINDOWS\DS400.INI
[2008/01/23 13:38:43 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007/09/15 07:08:07 | 000,006,981 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/08/15 07:27:18 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2007/08/06 08:43:43 | 000,000,174 | ---- | C] () -- C:\WINDOWS\bi_group.ini
[2007/08/04 12:36:53 | 000,000,034 | ---- | C] () -- C:\WINDOWS\CPQDFWWA.INI
[2007/07/14 09:05:04 | 000,000,137 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2007/06/12 12:02:16 | 000,002,116 | ---- | C] () -- C:\WINDOWS\ACT_CFG.INI
[2007/06/12 12:02:08 | 000,019,845 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cpqdfw.sys
[2007/06/12 12:02:08 | 000,001,533 | ---- | C] () -- C:\WINDOWS\Cpqdiag.ini
[2007/06/12 11:57:11 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2007/06/01 14:38:25 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\useng.dll
[2007/06/01 14:38:24 | 000,087,040 | ---- | C] () -- C:\WINDOWS\System32\InstConv.dll
[2007/06/01 11:33:50 | 000,000,031 | ---- | C] () -- C:\WINDOWS\RESET.INI
[2007/06/01 11:32:54 | 000,000,032 | ---- | C] () -- C:\WINDOWS\EVMOVE.INI
[2007/06/01 11:23:01 | 000,000,992 | ---- | C] () -- C:\WINDOWS\EDS.ini
[2007/06/01 11:11:42 | 000,000,032 | ---- | C] () -- C:\WINDOWS\EvMoveW.INI
[2007/06/01 11:09:54 | 000,000,172 | ---- | C] () -- C:\WINDOWS\Rocksoft.ini
[2007/06/01 10:24:35 | 000,061,440 | R--- | C] () -- C:\WINDOWS\scrub2k.exe
[2007/06/01 10:24:35 | 000,000,093 | R--- | C] () -- C:\WINDOWS\hpw9300k.ini
[2007/06/01 10:23:10 | 000,006,865 | ---- | C] () -- C:\WINDOWS\hpdj9300.ini
[2007/05/30 13:43:03 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[2007/05/30 13:17:03 | 000,001,185 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/29 12:02:34 | 000,013,456 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2007/05/29 11:30:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/05/29 11:23:41 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/05/29 06:23:59 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/05/29 06:22:45 | 000,126,912 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/05/05 17:18:56 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2005/05/03 16:18:54 | 000,093,878 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/09/29 11:20:42 | 000,030,992 | R--- | C] () -- C:\WINDOWS\System32\LINXVDD.DLL
[2004/09/29 11:20:42 | 000,007,449 | R--- | C] () -- C:\WINDOWS\System32\drivers\SDDHP.BIN
[2004/09/29 11:20:42 | 000,006,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\slcnewkt.bin
[2004/09/29 11:20:40 | 000,005,433 | R--- | C] () -- C:\WINDOWS\System32\drivers\SDDH.BIN
[2004/09/29 11:20:40 | 000,001,824 | R--- | C] () -- C:\WINDOWS\System32\drivers\PCMKST3.BIN
[2004/09/29 11:20:38 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\drivers\KTC.BIN
[2004/09/29 11:20:38 | 000,015,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\PCMK485.BIN
[2004/09/29 11:20:38 | 000,015,557 | R--- | C] () -- C:\WINDOWS\System32\drivers\KTX485.BIN
[2004/09/29 11:20:38 | 000,009,282 | R--- | C] () -- C:\WINDOWS\System32\drivers\PCMKPCL.BIN
[2004/09/29 11:20:38 | 000,009,139 | R--- | C] () -- C:\WINDOWS\System32\drivers\KTXPCL.BIN
[2004/09/29 11:20:38 | 000,001,800 | R--- | C] () -- C:\WINDOWS\System32\drivers\PCMKST1.BIN
[2004/09/29 11:20:38 | 000,001,800 | R--- | C] () -- C:\WINDOWS\System32\drivers\KTXST1.BIN
[2004/09/29 11:20:38 | 000,000,301 | R--- | C] () -- C:\WINDOWS\System32\drivers\PCMKST0.BIN
[2004/09/29 11:20:38 | 000,000,301 | R--- | C] () -- C:\WINDOWS\System32\drivers\KTXST0.BIN
[2004/09/29 11:20:38 | 000,000,011 | R--- | C] () -- C:\WINDOWS\System32\drivers\PCMKST2.BIN
[2004/09/29 11:20:36 | 000,007,575 | R--- | C] () -- C:\WINDOWS\System32\drivers\KLPCL.BIN
[2004/09/29 11:20:36 | 000,001,825 | R--- | C] () -- C:\WINDOWS\System32\drivers\KT2ST2.BIN
[2004/09/29 11:20:36 | 000,001,824 | R--- | C] () -- C:\WINDOWS\System32\drivers\KLST2.BIN
[2004/09/29 11:20:36 | 000,001,801 | R--- | C] () -- C:\WINDOWS\System32\drivers\KT2ST1.BIN
[2004/09/29 11:20:36 | 000,001,800 | R--- | C] () -- C:\WINDOWS\System32\drivers\KLST1.BIN
[2004/09/29 11:20:36 | 000,000,248 | R--- | C] () -- C:\WINDOWS\System32\drivers\KLST0.BIN
[2004/09/29 11:20:36 | 000,000,177 | R--- | C] () -- C:\WINDOWS\System32\drivers\KT2ST0.BIN
[2004/08/03 21:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/03 20:56:58 | 000,006,672 | ---- | C] () -- C:\WINDOWS\System32\aaclients.dat
[2004/08/03 20:56:58 | 000,005,648 | ---- | C] () -- C:\WINDOWS\System32\1037n.dat
[2004/08/02 10:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/06/02 17:28:30 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/08/23 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 04:00:00 | 000,438,758 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 04:00:00 | 000,070,522 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 04:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1997/07/11 00:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1997/07/11 00:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[1997/07/11 00:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B

< End of report >

 

Yes, my computer took a **** yesterday. Everything was running fine and then windows locked up and I had to power it off at the button. Now when I load up windows I get a BSOD and a hang then restart. Thats regular mode, safe mode, last known good config and all. A error messege popped up for 2 different files, hidusb.sys and i cant remember the last one although it had DNS.dll in the name .