1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Virus Problem (Black Internet rootkit)

Discussion in 'Malware and Virus Removal Archive' started by Pete, 2010/06/20.

Page 4 of 7
  1. 2010/06/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
PRC - File not found -- C:\System Volume Information\Microsoft\smss.exe
PRC - File not found -- C:\System Volume Information\Microsoft\services.exe

:Services

:Reg

:Files
C:\System Volume Information\Microsoft

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
    broni,
    #61
  2. 2010/06/25
    Pete

    Pete Inactive Thread Starter

    Joined:
    2010/06/20
    Messages:
    73
    Likes Received:
    0
    Notes :

    Tried the first scan with the code pasted, as soon as i click run fix, same thing happens - the 1:00 automatic shutdown message about services.exe.

    All i saw on OTL status message beneath was - could not find file -

    Timer up, reboot,
    -> bluescreen for a quick second
    -> reboot automatically, this time without problems
    -> Tried to Run fix with code pasted in OTL again, same thing happens.
    No more BSODs though.

    Posting quick scan log : (without code pasted)

    OTL logfile created on: 6/25/2010 10:34:17 PM - Run 5
    OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\Pete\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
    5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): D:\pagefile.sys 3072 4096 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 50.00 Gb Total Space | 9.25 Gb Free Space | 18.50% Space Free | Partition Type: NTFS
    Drive D: | 61.78 Gb Total Space | 35.34 Gb Free Space | 57.21% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: ----------
    Current User Name: Pete
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - File not found -- C:\System Volume Information\Microsoft\smss.exe
    PRC - File not found -- C:\System Volume Information\Microsoft\services.exe
    PRC - [2010/06/23 04:09:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pete\Desktop\OTL.exe
    PRC - [2010/06/23 04:08:07 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/05/06 16:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/02/25 05:59:54 | 001,047,880 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    PRC - [2009/06/26 15:56:58 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
    PRC - [2009/06/26 15:56:20 | 000,450,560 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
    PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/04/14 08:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/02/19 18:59:40 | 000,653,128 | ---- | M] (Stardock Corporation) -- C:\Program Files\Stardock\CursorFX\CursorFx.exe
    PRC - [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    PRC - [2005/09/18 18:40:42 | 001,421,824 | ---- | M] (Methlabs) -- C:\Program Files\PeerGuardian2\pg2.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/06/23 04:09:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pete\Desktop\OTL.exe
    MOD - [2008/04/14 08:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
    MOD - [2008/02/01 14:46:20 | 000,035,144 | ---- | M] ( ) -- C:\Program Files\Stardock\CursorFX\CurXP0.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/03/30 20:02:09 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
    SRV - [2010/02/25 05:59:54 | 001,047,880 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
    SRV - [2010/02/25 05:56:02 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
    SRV - [2009/12/03 19:29:00 | 003,377,880 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
    SRV - [2009/10/29 11:22:50 | 030,603,640 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2009/09/26 05:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
    SRV - [2009/09/25 11:16:00 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/09/06 13:38:06 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
    SRV - [2009/06/26 15:56:58 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
    SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2009/03/25 16:11:28 | 001,533,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
    SRV - [2007/11/13 12:43:00 | 000,580,608 | ---- | M] (PY Software) [Disabled | Stopped] -- C:\Program Files\Active WebCam\Watchdog.exe -- (ACTIVEWEBCAMWATCHDOG)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/06/18 15:32:50 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/06/18 15:32:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
    DRV - [2010/06/18 15:32:50 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2009/12/29 13:42:49 | 000,139,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
    DRV - [2009/12/03 04:49:10 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2009/10/14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
    DRV - [2009/07/26 22:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
    DRV - [2009/06/17 14:21:27 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
    DRV - [2009/06/05 11:42:28 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
    DRV - [2009/06/04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
    DRV - [2009/05/01 01:02:00 | 008,055,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2008/12/18 23:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2008/12/18 23:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2008/05/12 23:06:44 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2008/04/14 01:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2007/10/10 20:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
    DRV - [2007/09/26 09:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
    DRV - [2007/06/07 20:00:02 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OEM02Afx.sys -- (OEM02Afx)
    DRV - [2007/05/23 17:26:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2007/03/31 16:02:42 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (btkrnl)
    DRV - [2007/03/31 16:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
    DRV - [2007/03/23 13:50:42 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2007/03/23 13:50:36 | 000,037,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
    DRV - [2007/03/23 13:50:24 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
    DRV - [2007/03/23 13:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
    DRV - [2007/03/23 13:49:54 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
    DRV - [2007/03/05 13:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
    DRV - [2007/01/30 15:12:06 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2006/11/15 03:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2006/11/14 22:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2006/11/14 20:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2005/09/18 18:02:52 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 1E F6 59 3B DB C9 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "www.google.com/ncr "


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/23 19:11:55 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/23 21:12:35 | 000,000,000 | ---D | M]

    [2009/07/24 02:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Extensions
    [2009/07/24 02:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
    [2010/02/22 19:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2010/06/25 20:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions
    [2010/03/30 19:50:00 | 000,000,000 | ---D | M] (MacOSX Theme) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}
    [2010/06/16 16:40:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
    [2010/01/30 17:28:39 | 000,000,000 | ---D | M] (Phoenity Next (formerly Phoenity Reborn)) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{069FB356-C69F-7349-D092-AB28AF836D0E}
    [2010/03/30 19:50:18 | 000,000,000 | ---D | M] (ANTHEM) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{07b2a769-ed19-4483-87ce-c643914c9626}
    [2010/03/30 19:49:52 | 000,000,000 | ---D | M] (Eclipse) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}
    [2010/03/30 20:28:36 | 000,000,000 | ---D | M] (Simple Green) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{13b4437e-b706-11dc-8314-0800200c9a66}
    [2010/06/19 20:11:16 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    [2010/03/30 20:28:53 | 000,000,000 | ---D | M] (Utopia FFSE White) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}
    [2010/03/30 20:28:47 | 000,000,000 | ---D | M] (Extero 2) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{251297d0-6e53-11de-8a39-0800200c9a66}
    [2010/05/23 21:13:02 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
    [2010/03/30 19:49:35 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
    [2010/01/24 01:05:24 | 000,000,000 | ---D | M] (Full Flat) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{6E1A2A2E-AE2A-4A26-A812-46F54288379E}
    [2010/03/30 19:50:22 | 000,000,000 | ---D | M] (FennecFox) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{989e9382-d540-4189-88d1-fc54a949a387}
    [2010/03/30 19:50:07 | 000,000,000 | ---D | M] (Black Stratini) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{b41cb5f0-2e52-11de-8c30-0800200c9a66}
    [2010/06/22 18:57:46 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
    [2010/02/19 21:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
    [2010/02/10 14:07:08 | 000,000,000 | ---D | M] (Google Redesigned) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
    [2010/05/01 10:50:56 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2009/11/18 15:14:23 | 000,000,000 | ---D | M] (Black Steel) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
    [2010/03/12 20:54:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
    [2010/05/11 08:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\cfxe@Triton
    [2010/05/11 08:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\cfxHelper@Triton
    [2010/03/30 19:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\chromifox@altmusictv.com
    [2010/03/30 20:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\devious_green@firefox.theme
    [2010/03/30 20:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\en-US@dictionaries.addons.mozilla.org
    [2010/02/19 21:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\Foxdie@tanjihay.com
    [2010/02/19 21:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\FoxdieGraphite@tanjihay.com
    [2010/03/30 20:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\glaze_black@www.theme-oasis.org
    [2010/02/19 21:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\navertheme@nhncorp.com
    [2010/02/19 21:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\redshift_V2@shift-themes.com
    [2010/01/21 01:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\rein@notiz.jp
    [2010/04/16 08:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\silvermel@pardal.de
    [2010/04/16 08:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\silvermelxt@pardal.de
    [2010/04/28 02:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\Strata40@SpewBoy.au
    [2010/06/22 19:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\youtube2mp3@mondayx.de
    [2010/03/30 19:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\mac\browser\extensions
    [2010/03/30 19:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\mac\mozapps\extensions
    [2010/03/30 19:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\win\browser\extensions
    [2010/03/30 19:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\win\mozapps\extensions
    [2010/03/30 20:28:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{13b4437e-b706-11dc-8314-0800200c9a66}\chrome\mozapps\extensions
    [2010/03/30 20:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{13b4437e-b706-11dc-8314-0800200c9a66}\chrome\mozapps\extensionsO
    [2010/03/30 19:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions
    [2010/03/30 19:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
    [2010/03/30 19:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions
    [2010/03/30 19:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
    [2010/03/30 20:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\devious_green@firefox.theme\mozapps\extensions
    [2010/04/28 02:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\Strata40@SpewBoy.au\chrome\mozapps\extensions
    [2009/11/09 18:57:15 | 000,001,189 | ---- | M] () -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\searchplugins\winamp-search.xml
    [2010/06/25 20:03:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/06/23 21:12:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/06/23 21:09:48 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2009/08/17 07:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll

    O1 HOSTS File: ([2010/06/24 20:54:53 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
    O4 - HKCU..\Run: [CursorFX] C:\Program Files\Stardock\CursorFX\CursorFX.exe (Stardock Corporation)
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Methlabs)
    O4 - Startup: C:\Documents and Settings\Pete\Start Menu\Programs\Startup\Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 1
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
    O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: microsoft.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoft.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266743745718 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1259328307765 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UIHost - (C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe) - C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Documents and Settings\Pete\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Pete\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/05/22 05:18:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/06/25 14:38:32 | 000,000,000 | ---D | C] -- C:\Rooter$
    [2010/06/25 12:54:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/06/25 12:54:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/06/25 12:54:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/06/25 12:54:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/06/25 12:54:20 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2010/06/25 12:54:11 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/06/24 21:15:09 | 003,887,480 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Pete\Desktop\procexp.exe
    [2010/06/24 21:02:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Pete\PrivacIE
    [2010/06/24 20:30:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete\DoctorWeb
    [2010/06/23 22:20:07 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pete\Desktop\TFC.exe
    [2010/06/23 21:23:12 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/06/23 21:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010/06/23 04:09:47 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pete\Desktop\OTL.exe
    [2010/06/20 21:34:28 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/06/20 21:34:28 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/06/20 21:34:28 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/06/20 21:34:28 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/06/20 21:34:28 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/06/20 21:34:28 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/06/20 21:34:28 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/06/20 21:34:17 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/06/20 21:34:17 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
    [2010/06/20 21:34:12 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/06/20 21:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/06/20 12:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/06/19 22:23:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Pete\Recent
    [2010/06/19 21:36:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete\Local Settings\Application Data\Deployment
    [2010/06/18 15:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete\Application Data\Malwarebytes
    [2010/06/18 15:37:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/06/18 15:37:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/06/18 15:37:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/06/17 17:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete\Local Settings\Application Data\Painkiller Resurrection
    [2010/05/31 19:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\StreamTorrent 1.0
    [2010/05/31 19:49:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete\Application Data\StreamTorrent
    [2010/05/28 00:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete\Application Data\vlc
    [2010/05/27 21:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdBackup
    [2010/05/26 19:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete\Application Data\Canneverbe Limited
    [2010/05/13 01:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
    [2010/04/28 23:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\Tunatic
    [2010/04/18 13:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2010/04/18 13:54:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
    [2010/04/18 12:32:13 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
    [2010/04/18 12:29:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
    [2010/04/18 12:28:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution.old
    [2010/04/18 12:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
    [2010/03/31 12:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
    [2010/03/31 12:56:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Stardock
    [2010/03/30 20:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
    [2010/03/30 19:39:15 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
    [2010/03/30 19:39:15 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
    [2010/03/30 19:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010

    ========== Files - Modified Within 90 Days ==========

    [2010/06/25 21:37:18 | 000,525,448 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/06/25 21:37:18 | 000,444,156 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/06/25 21:37:18 | 000,072,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/06/25 21:32:30 | 000,230,258 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
    [2010/06/25 21:32:29 | 000,134,696 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
    [2010/06/25 21:32:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/06/25 21:31:58 | 2145,427,456 | -HS- | M] () -- C:\hiberfil.sys
    [2010/06/25 21:31:28 | 014,417,920 | ---- | M] () -- C:\Documents and Settings\Pete\ntuser.dat
    [2010/06/25 19:26:46 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\mbr.exe
    [2010/06/25 19:12:51 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Pete\ntuser.ini
    [2010/06/25 13:06:52 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/06/25 12:51:19 | 003,719,978 | R--- | M] () -- C:\Documents and Settings\Pete\Desktop\ComboFix.exe
    [2010/06/25 05:15:42 | 000,142,336 | ---- | M] () -- C:\Documents and Settings\Pete\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/06/25 03:47:01 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\DrWeb.csv
    [2010/06/24 21:12:57 | 001,729,668 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\ProcessExplorer.zip
    [2010/06/24 20:54:53 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/06/24 20:14:23 | 048,049,392 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\drweb-cureit.exe
    [2010/06/23 22:20:07 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pete\Desktop\TFC.exe
    [2010/06/23 04:09:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pete\Desktop\OTL.exe
    [2010/06/20 22:30:01 | 000,158,243 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\avast results.JPG
    [2010/06/20 21:34:28 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/06/20 21:34:28 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/06/20 12:08:31 | 000,000,250 | ---- | M] () -- C:\WINDOWS\BissHM.ini
    [2010/06/20 12:08:25 | 000,000,686 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100620-121323.backup
    [2010/06/20 12:02:43 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\HijackThis.lnk
    [2010/06/19 19:58:26 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/06/19 19:58:26 | 000,000,460 | RHS- | M] () -- C:\boot.ini
    [2010/06/18 17:22:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/06/18 17:14:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/06/18 15:34:38 | 002,742,748 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100618-153531.backup
    [2010/06/17 18:29:44 | 000,134,696 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
    [2010/06/16 15:08:51 | 000,078,612 | ---- | M] () -- C:\ReactorException.dmp
    [2010/06/15 19:31:35 | 002,738,686 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100618-153438.backup
    [2010/06/15 00:45:01 | 002,647,070 | -H-- | M] () -- C:\Documents and Settings\Pete\Local Settings\Application Data\IconCache.db
    [2010/06/14 23:08:41 | 000,000,107 | ---- | M] () -- C:\Documents and Settings\Pete\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2010/06/11 00:50:08 | 002,738,686 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100615-193135.backup
    [2010/06/07 16:16:56 | 003,887,480 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Pete\Desktop\procexp.exe
    [2010/05/31 19:49:40 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\StreamTorrent 1.0.lnk
    [2010/05/27 21:43:55 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\Rosetta Stone Version 3.lnk
    [2010/05/26 19:16:33 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
    [2010/05/20 08:46:48 | 002,729,613 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100611-005008.backup
    [2010/05/15 11:53:36 | 002,729,515 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100520-084648.backup
    [2010/05/06 17:07:48 | 002,727,447 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100515-115336.backup
    [2010/05/06 16:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
    [2010/05/06 16:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/05/06 16:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/04/28 23:34:29 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\Tunatic.lnk
    [2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
    [2010/04/26 13:03:37 | 002,727,087 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-170748.backup
    [2010/04/19 16:18:53 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
    [2010/04/19 16:18:53 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml
    [2010/04/18 14:03:13 | 002,726,329 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100426-130337.backup
    [2010/04/08 19:24:36 | 000,095,800 | ---- | M] () -- C:\Documents and Settings\Pete\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010/03/31 13:02:38 | 000,345,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/03/30 23:07:09 | 002,715,341 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100418-140312.backup

    ========== Files Created - No Company Name ==========

    [2010/06/25 19:26:46 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\mbr.exe
    [2010/06/25 12:54:28 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/06/25 12:54:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/06/25 12:54:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/06/25 12:54:28 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/06/25 12:54:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/06/25 12:51:17 | 003,719,978 | R--- | C] () -- C:\Documents and Settings\Pete\Desktop\ComboFix.exe
    [2010/06/25 03:43:40 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\DrWeb.csv
    [2010/06/24 21:15:09 | 000,072,268 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\procexp.chm
    [2010/06/24 21:12:53 | 001,729,668 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\ProcessExplorer.zip
    [2010/06/24 20:10:38 | 048,049,392 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\drweb-cureit.exe
    [2010/06/20 22:26:41 | 000,158,243 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\avast results.JPG
    [2010/06/20 21:34:28 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/06/20 12:02:43 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\HijackThis.lnk
    [2010/06/19 21:30:42 | 2145,427,456 | -HS- | C] () -- C:\hiberfil.sys
    [2010/06/18 04:40:28 | 000,198,056 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/05/31 19:49:40 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\StreamTorrent 1.0.lnk
    [2010/04/28 23:34:29 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\Tunatic.lnk
    [2010/04/19 16:18:45 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
    [2010/04/19 16:18:45 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagerr.xml
    [2010/04/05 00:24:12 | 000,078,612 | ---- | C] () -- C:\ReactorException.dmp
    [2009/12/07 02:10:43 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2009/12/07 02:10:43 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
    [2009/12/07 02:10:42 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009/12/07 02:10:42 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009/12/07 02:10:41 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2009/12/07 02:10:41 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
    [2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
    [2009/10/29 16:59:00 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
    [2009/10/27 12:45:30 | 000,000,250 | ---- | C] () -- C:\WINDOWS\BissHM.ini
    [2009/08/10 12:35:16 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/08/01 01:18:22 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2009/06/25 17:20:28 | 000,139,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2009/05/22 17:40:34 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
    [2009/05/01 03:31:06 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2009/05/01 03:31:06 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2009/05/01 03:31:06 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2009/05/01 03:31:06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2008/10/07 12:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
    [2008/10/07 12:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
    [2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
    [2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
    [2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
    [2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
    [2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
    [2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
    [2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
    [2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
    [2007/05/17 17:52:30 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
    [2007/05/17 17:23:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
    [2005/02/17 15:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
    [2005/02/17 15:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
    [2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

    ========== LOP Check ==========

    [2009/10/18 15:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
    [2010/06/20 21:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2009/12/03 04:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2009/08/01 01:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
    [2010/05/27 21:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
    [2010/05/27 21:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdBackup
    [2009/07/07 01:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
    [2010/06/17 18:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/06/02 21:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R
    [2010/03/30 19:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    [2009/06/02 21:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\5600-6600 Series
    [2010/05/26 19:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Canneverbe Limited
    [2009/06/16 23:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\DAEMON Tools Lite
    [2009/08/01 01:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\DAEMON Tools Pro
    [2010/03/26 01:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\ImgBurn
    [2009/09/25 15:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Lexmark Productivity Studio
    [2010/04/07 06:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\LimeWire
    [2010/05/31 19:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\StreamTorrent
    [2009/12/13 10:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\SystemRequirementsLab
    [2010/04/29 20:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\TeamViewer
    [2009/05/24 20:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\TuneUp Software
    [2010/06/25 05:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\uTorrent
    [2009/12/03 04:29:07 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

    ========== Purity Check ==========


    < End of report >
     
    Pete,
    #62


  3. to hide this advert.

  4. 2010/06/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download Bootkit Remover

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program.
    • Post the output from remover.exe.

    ============================================================

    Please download [color= "#CC0000"]The Avenger[/color] by Swandog46 to your Desktop.
    - Right click on the Avenger.zip folder and select Extract All...
    - Follow the prompts and extract the avenger folder to your desktop

    Double click on avenger.exe.
    Click OK in pop-up window.

    Avenger window will open.

    Click on Execute button.
    Click OK in two consecutive pop-up windows.

    Your computer will re-boot now.

    Upon re-boot, Notepad window will open.
    Select all text, copy it, and paste it into next reply.

    NOTE. If the log doesn't open on reboot, open Avenger again, and go File>Open Log File.
     
    broni,
    #63
  5. 2010/06/25
    Pete

    Pete Inactive Thread Starter

    Joined:
    2010/06/20
    Messages:
    73
    Likes Received:
    0
    Pete,
    #64
  6. 2010/06/25
    Pete

    Pete Inactive Thread Starter

    Joined:
    2010/06/20
    Messages:
    73
    Likes Received:
    0
    Note :

    After running Avenger and following steps, -> reboot

    Bluescreen for a quick second and automatically reboot again.

    Restart fine .

    Log produced :

    Logfile of The Avenger Version 2.0, (c) by Swandog46
    http://swandog46.geekstogo.com

    Platform: Windows XP

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.
    No rootkits found!


    Completed script processing.

    *******************

    Finished! Terminate.
     
    Last edited: 2010/06/25
    Pete,
    #65
  7. 2010/06/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore ".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    Restart computer.

    ==============================================================

    Go Start>Run (Vista/7 users "Start search "), type in:
    cmd
    Click OK (Vista/7 users, hold CTRL and SHIFT keys, press Enter)

    At the DOS prompt copy/paste:
    "%userprofile%\desktop\mbr.exe" -f (<------make sure you have a space before the -f)
    Hit Enter.

    Type:
    exit
    Hit Enter.

    Restart the computer normally.

    Run the mbr.exe again.
    Post new log.

    ==============================================================

    1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

    Code:
    Begin copying here:
Drivers to delete:

Files to delete:
C:\System Volume Information\Microsoft

Registry Keys to delete:

    2. Now, open the avenger folder and start The Avenger program by clicking on its icon.

    * Right click on the window under Input script here:, and select Paste.
    * You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
    * Click on Execute
    * Answer "Yes" twice when prompted.


    3. The Avenger will automatically do the following:

    * It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete ", The Avenger will actually restart your system twice.)
    * On reboot, it will briefly open a black command window on your desktop, this is normal.
    * After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    * The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

    4. Please copy/paste the content of c:\avenger.txt into your reply
     
    broni,
    #66
  8. 2010/06/25
    Pete

    Pete Inactive Thread Starter

    Joined:
    2010/06/20
    Messages:
    73
    Likes Received:
    0
    mbr new log :

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: error reading MBR
    kernel: MBR read successfully
     
    Pete,
    #67
  9. 2010/06/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Go on...
     
    broni,
    #68
  10. 2010/06/25
    Pete

    Pete Inactive Thread Starter

    Joined:
    2010/06/20
    Messages:
    73
    Likes Received:
    0
    avenger result :

    Logfile of The Avenger Version 2.0, (c) by Swandog46
    http://swandog46.geekstogo.com

    Platform: Windows XP

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.
    No rootkits found!


    Error: "C:\System Volume Information\Microsoft" is a folder, not a file!
    Deletion of file "C:\System Volume Information\Microsoft" failed!
    Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
    --> use "Folders to delete:" instead of "Files to delete:" to delete a directory


    Completed script processing.

    *******************

    Finished! Terminate.
     
    Pete,
    #69
  11. 2010/06/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I apologize for bad script. Here you go:

    Code:
    Begin copying here:
Drivers to delete:

Folders to delete:
C:\System Volume Information\Microsoft

Registry Keys to delete:
     
    broni,
    #70
  12. 2010/06/25
    Pete

    Pete Inactive Thread Starter

    Joined:
    2010/06/20
    Messages:
    73
    Likes Received:
    0
    log produced new with new script :

    Logfile of The Avenger Version 2.0, (c) by Swandog46
    http://swandog46.geekstogo.com

    Platform: Windows XP

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.
    No rootkits found!

    Folder "C:\System Volume Information\Microsoft" deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.
     
    Pete,
    #71
  13. 2010/06/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Do you still have iexplore.exe processes running?

    I'd like to see fresh OTL Quick Scan log.
     
    broni,
    #72
  14. 2010/06/25
    Pete

    Pete Inactive Thread Starter

    Joined:
    2010/06/20
    Messages:
    73
    Likes Received:
    0
    Yes. Everything is still the same.

    Quick Scan log :

    OTL logfile created on: 6/26/2010 12:11:58 AM - Run 6
    OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\Pete\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
    5.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
    Paging file location(s): D:\pagefile.sys 3072 4096 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 50.00 Gb Total Space | 9.29 Gb Free Space | 18.58% Space Free | Partition Type: NTFS
    Drive D: | 61.78 Gb Total Space | 35.34 Gb Free Space | 57.21% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: ----------
    Current User Name: Pete
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - File not found -- C:\System Volume Information\Microsoft\smss.exe
    PRC - File not found -- C:\System Volume Information\Microsoft\services.exe
    PRC - [2010/06/23 04:09:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pete\Desktop\OTL.exe
    PRC - [2010/06/23 04:08:10 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
    PRC - [2010/06/23 04:08:07 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/05/06 16:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/02/25 05:59:54 | 001,047,880 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    PRC - [2009/06/26 15:56:58 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
    PRC - [2009/06/26 15:56:20 | 000,450,560 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
    PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/04/14 08:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/02/19 18:59:40 | 000,653,128 | ---- | M] (Stardock Corporation) -- C:\Program Files\Stardock\CursorFX\CursorFx.exe
    PRC - [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    PRC - [2005/09/18 18:40:42 | 001,421,824 | ---- | M] (Methlabs) -- C:\Program Files\PeerGuardian2\pg2.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/06/23 04:09:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pete\Desktop\OTL.exe
    MOD - [2008/04/14 08:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
    MOD - [2008/02/01 14:46:20 | 000,035,144 | ---- | M] ( ) -- C:\Program Files\Stardock\CursorFX\CurXP0.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/03/30 20:02:09 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
    SRV - [2010/02/25 05:59:54 | 001,047,880 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
    SRV - [2010/02/25 05:56:02 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
    SRV - [2009/12/03 19:29:00 | 003,377,880 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
    SRV - [2009/10/29 11:22:50 | 030,603,640 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2009/09/26 05:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
    SRV - [2009/09/25 11:16:00 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/09/06 13:38:06 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
    SRV - [2009/06/26 15:56:58 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
    SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2009/03/25 16:11:28 | 001,533,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
    SRV - [2007/11/13 12:43:00 | 000,580,608 | ---- | M] (PY Software) [Disabled | Stopped] -- C:\Program Files\Active WebCam\Watchdog.exe -- (ACTIVEWEBCAMWATCHDOG)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/06/18 15:32:50 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/06/18 15:32:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
    DRV - [2010/06/18 15:32:50 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2009/12/29 13:42:49 | 000,139,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
    DRV - [2009/12/03 04:49:10 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2009/10/14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
    DRV - [2009/07/26 22:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
    DRV - [2009/06/17 14:21:27 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
    DRV - [2009/06/05 11:42:28 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
    DRV - [2009/06/04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
    DRV - [2009/05/01 01:02:00 | 008,055,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2008/12/18 23:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2008/12/18 23:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2008/05/12 23:06:44 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2008/04/14 01:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2007/10/10 20:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
    DRV - [2007/09/26 09:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
    DRV - [2007/06/07 20:00:02 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OEM02Afx.sys -- (OEM02Afx)
    DRV - [2007/05/23 17:26:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2007/03/31 16:02:42 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (btkrnl)
    DRV - [2007/03/31 16:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
    DRV - [2007/03/23 13:50:42 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2007/03/23 13:50:36 | 000,037,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
    DRV - [2007/03/23 13:50:24 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
    DRV - [2007/03/23 13:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
    DRV - [2007/03/23 13:49:54 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
    DRV - [2007/03/05 13:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
    DRV - [2007/01/30 15:12:06 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2006/11/15 03:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2006/11/14 22:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2006/11/14 20:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2005/09/18 18:02:52 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 1E F6 59 3B DB C9 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "www.google.com/ncr "


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/23 19:11:55 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/23 21:12:35 | 000,000,000 | ---D | M]

    [2009/07/24 02:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Extensions
    [2009/07/24 02:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
    [2010/02/22 19:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2010/06/25 20:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions
    [2010/03/30 19:50:00 | 000,000,000 | ---D | M] (MacOSX Theme) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}
    [2010/06/16 16:40:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
    [2010/01/30 17:28:39 | 000,000,000 | ---D | M] (Phoenity Next (formerly Phoenity Reborn)) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{069FB356-C69F-7349-D092-AB28AF836D0E}
    [2010/03/30 19:50:18 | 000,000,000 | ---D | M] (ANTHEM) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{07b2a769-ed19-4483-87ce-c643914c9626}
    [2010/03/30 19:49:52 | 000,000,000 | ---D | M] (Eclipse) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}
    [2010/03/30 20:28:36 | 000,000,000 | ---D | M] (Simple Green) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{13b4437e-b706-11dc-8314-0800200c9a66}
    [2010/06/19 20:11:16 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    [2010/03/30 20:28:53 | 000,000,000 | ---D | M] (Utopia FFSE White) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}
    [2010/03/30 20:28:47 | 000,000,000 | ---D | M] (Extero 2) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{251297d0-6e53-11de-8a39-0800200c9a66}
    [2010/05/23 21:13:02 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
    [2010/03/30 19:49:35 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
    [2010/01/24 01:05:24 | 000,000,000 | ---D | M] (Full Flat) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{6E1A2A2E-AE2A-4A26-A812-46F54288379E}
    [2010/03/30 19:50:22 | 000,000,000 | ---D | M] (FennecFox) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{989e9382-d540-4189-88d1-fc54a949a387}
    [2010/03/30 19:50:07 | 000,000,000 | ---D | M] (Black Stratini) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{b41cb5f0-2e52-11de-8c30-0800200c9a66}
    [2010/06/22 18:57:46 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
    [2010/02/19 21:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
    [2010/02/10 14:07:08 | 000,000,000 | ---D | M] (Google Redesigned) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
    [2010/05/01 10:50:56 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2009/11/18 15:14:23 | 000,000,000 | ---D | M] (Black Steel) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
    [2010/03/12 20:54:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
    [2010/05/11 08:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\cfxe@Triton
    [2010/05/11 08:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\cfxHelper@Triton
    [2010/03/30 19:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\chromifox@altmusictv.com
    [2010/03/30 20:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\devious_green@firefox.theme
    [2010/03/30 20:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\en-US@dictionaries.addons.mozilla.org
    [2010/02/19 21:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\Foxdie@tanjihay.com
    [2010/02/19 21:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\FoxdieGraphite@tanjihay.com
    [2010/03/30 20:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\glaze_black@www.theme-oasis.org
    [2010/02/19 21:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\navertheme@nhncorp.com
    [2010/02/19 21:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\redshift_V2@shift-themes.com
    [2010/01/21 01:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\rein@notiz.jp
    [2010/04/16 08:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\silvermel@pardal.de
    [2010/04/16 08:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\silvermelxt@pardal.de
    [2010/04/28 02:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\Strata40@SpewBoy.au
    [2010/06/22 19:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\youtube2mp3@mondayx.de
    [2010/03/30 19:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\mac\browser\extensions
    [2010/03/30 19:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\mac\mozapps\extensions
    [2010/03/30 19:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\win\browser\extensions
    [2010/03/30 19:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\win\mozapps\extensions
    [2010/03/30 20:28:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{13b4437e-b706-11dc-8314-0800200c9a66}\chrome\mozapps\extensions
    [2010/03/30 20:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{13b4437e-b706-11dc-8314-0800200c9a66}\chrome\mozapps\extensionsO
    [2010/03/30 19:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions
    [2010/03/30 19:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
    [2010/03/30 19:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions
    [2010/03/30 19:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
    [2010/03/30 20:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\devious_green@firefox.theme\mozapps\extensions
    [2010/04/28 02:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\Strata40@SpewBoy.au\chrome\mozapps\extensions
    [2009/11/09 18:57:15 | 000,001,189 | ---- | M] () -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\searchplugins\winamp-search.xml
    [2010/06/25 20:03:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/06/23 21:12:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/06/23 21:09:48 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2009/08/17 07:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll

    O1 HOSTS File: ([2010/06/24 20:54:53 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
    O4 - HKCU..\Run: [CursorFX] C:\Program Files\Stardock\CursorFX\CursorFX.exe (Stardock Corporation)
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Methlabs)
    O4 - Startup: C:\Documents and Settings\Pete\Start Menu\Programs\Startup\Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 1
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
    O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: microsoft.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoft.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266743745718 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1259328307765 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UIHost - (C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe) - C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Documents and Settings\Pete\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Pete\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/05/22 05:18:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/06/25 23:11:22 | 000,000,000 | ---D | C] -- C:\Avenger
    [2010/06/25 23:03:27 | 000,499,712 | ---- | C] (eSage Lab) -- C:\Documents and Settings\Pete\Desktop\remover.exe
    [2010/06/25 14:38:32 | 000,000,000 | ---D | C] -- C:\Rooter$
    [2010/06/25 12:54:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/06/25 12:54:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/06/25 12:54:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/06/25 12:54:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/06/25 12:54:20 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2010/06/25 12:54:11 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/06/24 21:15:09 | 003,887,480 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Pete\Desktop\procexp.exe
    [2010/06/24 21:02:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Pete\PrivacIE
    [2010/06/24 20:30:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete\DoctorWeb
    [2010/06/23 22:20:07 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pete\Desktop\TFC.exe
    [2010/06/23 21:23:12 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/06/23 21:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010/06/23 04:09:47 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pete\Desktop\OTL.exe
    [2010/06/20 21:34:28 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/06/20 21:34:28 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/06/20 21:34:28 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/06/20 21:34:28 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/06/20 21:34:28 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/06/20 21:34:28 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/06/20 21:34:28 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/06/20 21:34:17 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/06/20 21:34:17 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
    [2010/06/20 21:34:12 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/06/20 21:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/06/20 12:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/06/19 22:23:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Pete\Recent
    [2010/06/19 21:36:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete\Local Settings\Application Data\Deployment
    [2010/06/18 15:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete\Application Data\Malwarebytes
    [2010/06/18 15:37:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/06/18 15:37:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/06/18 15:37:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/06/17 17:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete\Local Settings\Application Data\Painkiller Resurrection
    [2010/05/31 19:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\StreamTorrent 1.0
    [2010/05/31 19:49:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete\Application Data\StreamTorrent
    [2010/05/28 00:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete\Application Data\vlc
    [2010/05/27 21:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdBackup
    [2010/05/26 19:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete\Application Data\Canneverbe Limited
    [2010/05/13 01:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
    [2010/04/28 23:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\Tunatic
    [2010/04/18 13:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2010/04/18 13:54:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
    [2010/04/18 12:32:13 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
    [2010/04/18 12:29:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
    [2010/04/18 12:28:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution.old
    [2010/04/18 12:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
    [2010/03/31 12:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
    [2010/03/31 12:56:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Stardock
    [2010/03/30 20:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
    [2010/03/30 19:39:15 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
    [2010/03/30 19:39:15 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
    [2010/03/30 19:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010

    ========== Files - Modified Within 90 Days ==========

    [2010/06/26 00:05:27 | 000,525,448 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/06/26 00:05:27 | 000,444,156 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/06/26 00:05:27 | 000,072,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/06/26 00:04:09 | 000,230,258 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
    [2010/06/26 00:04:08 | 000,134,696 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
    [2010/06/25 23:58:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/06/25 23:58:29 | 2145,427,456 | -HS- | M] () -- C:\hiberfil.sys
    [2010/06/25 23:57:58 | 014,417,920 | ---- | M] () -- C:\Documents and Settings\Pete\ntuser.dat
    [2010/06/25 23:57:58 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Pete\ntuser.ini
    [2010/06/25 23:07:08 | 000,043,158 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\remover results.JPG
    [2010/06/25 19:26:46 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\mbr.exe
    [2010/06/25 13:06:52 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/06/25 12:51:19 | 003,719,978 | R--- | M] () -- C:\Documents and Settings\Pete\Desktop\ComboFix.exe
    [2010/06/25 05:15:42 | 000,142,336 | ---- | M] () -- C:\Documents and Settings\Pete\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/06/25 03:47:01 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\DrWeb.csv
    [2010/06/24 21:12:57 | 001,729,668 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\ProcessExplorer.zip
    [2010/06/24 20:54:53 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/06/24 20:14:23 | 048,049,392 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\drweb-cureit.exe
    [2010/06/23 22:20:07 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pete\Desktop\TFC.exe
    [2010/06/23 04:09:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pete\Desktop\OTL.exe
    [2010/06/20 22:30:01 | 000,158,243 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\avast results.JPG
    [2010/06/20 21:34:28 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/06/20 21:34:28 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/06/20 12:08:31 | 000,000,250 | ---- | M] () -- C:\WINDOWS\BissHM.ini
    [2010/06/20 12:08:25 | 000,000,686 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100620-121323.backup
    [2010/06/20 12:02:43 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\HijackThis.lnk
    [2010/06/19 19:58:26 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/06/19 19:58:26 | 000,000,460 | RHS- | M] () -- C:\boot.ini
    [2010/06/18 17:22:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/06/18 17:14:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/06/18 15:34:38 | 002,742,748 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100618-153531.backup
    [2010/06/17 18:29:44 | 000,134,696 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
    [2010/06/16 15:08:51 | 000,078,612 | ---- | M] () -- C:\ReactorException.dmp
    [2010/06/15 19:31:35 | 002,738,686 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100618-153438.backup
    [2010/06/15 00:45:01 | 002,647,070 | -H-- | M] () -- C:\Documents and Settings\Pete\Local Settings\Application Data\IconCache.db
    [2010/06/14 23:08:41 | 000,000,107 | ---- | M] () -- C:\Documents and Settings\Pete\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2010/06/11 00:50:08 | 002,738,686 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100615-193135.backup
    [2010/06/07 16:16:56 | 003,887,480 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Pete\Desktop\procexp.exe
    [2010/05/31 19:49:40 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\StreamTorrent 1.0.lnk
    [2010/05/27 21:43:55 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\Rosetta Stone Version 3.lnk
    [2010/05/26 19:16:33 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
    [2010/05/20 08:46:48 | 002,729,613 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100611-005008.backup
    [2010/05/15 11:53:36 | 002,729,515 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100520-084648.backup
    [2010/05/06 17:07:48 | 002,727,447 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100515-115336.backup
    [2010/05/06 16:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
    [2010/05/06 16:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/05/06 16:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/04/28 23:34:29 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\Tunatic.lnk
    [2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
    [2010/04/26 13:03:37 | 002,727,087 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-170748.backup
    [2010/04/19 16:18:53 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
    [2010/04/19 16:18:53 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml
    [2010/04/18 14:03:13 | 002,726,329 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100426-130337.backup
    [2010/04/08 19:24:36 | 000,095,800 | ---- | M] () -- C:\Documents and Settings\Pete\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010/03/31 13:02:38 | 000,345,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/03/30 23:07:09 | 002,715,341 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100418-140312.backup

    ========== Files Created - No Company Name ==========

    [2010/06/25 23:41:03 | 000,000,169 | ---- | C] () -- C:\Documents and Settings\Pete\mbr.log
    [2010/06/25 23:10:18 | 000,731,136 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\avenger.exe
    [2010/06/25 23:07:08 | 000,043,158 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\remover results.JPG
    [2010/06/25 19:26:46 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\mbr.exe
    [2010/06/25 12:54:28 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/06/25 12:54:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/06/25 12:54:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/06/25 12:54:28 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/06/25 12:54:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/06/25 12:51:17 | 003,719,978 | R--- | C] () -- C:\Documents and Settings\Pete\Desktop\ComboFix.exe
    [2010/06/25 03:43:40 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\DrWeb.csv
    [2010/06/24 21:15:09 | 000,072,268 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\procexp.chm
    [2010/06/24 21:12:53 | 001,729,668 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\ProcessExplorer.zip
    [2010/06/24 20:10:38 | 048,049,392 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\drweb-cureit.exe
    [2010/06/20 22:26:41 | 000,158,243 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\avast results.JPG
    [2010/06/20 21:34:28 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/06/20 12:02:43 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\HijackThis.lnk
    [2010/06/19 21:30:42 | 2145,427,456 | -HS- | C] () -- C:\hiberfil.sys
    [2010/06/18 04:40:28 | 000,198,056 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/05/31 19:49:40 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\StreamTorrent 1.0.lnk
    [2010/04/28 23:34:29 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\Tunatic.lnk
    [2010/04/19 16:18:45 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
    [2010/04/19 16:18:45 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagerr.xml
    [2010/04/05 00:24:12 | 000,078,612 | ---- | C] () -- C:\ReactorException.dmp
    [2009/12/07 02:10:43 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2009/12/07 02:10:43 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
    [2009/12/07 02:10:42 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009/12/07 02:10:42 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009/12/07 02:10:41 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2009/12/07 02:10:41 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
    [2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
    [2009/10/29 16:59:00 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
    [2009/10/27 12:45:30 | 000,000,250 | ---- | C] () -- C:\WINDOWS\BissHM.ini
    [2009/08/10 12:35:16 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/08/01 01:18:22 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2009/06/25 17:20:28 | 000,139,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2009/05/22 17:40:34 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
    [2009/05/01 03:31:06 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2009/05/01 03:31:06 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2009/05/01 03:31:06 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2009/05/01 03:31:06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2008/10/07 12:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
    [2008/10/07 12:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
    [2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
    [2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
    [2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
    [2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
    [2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
    [2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
    [2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
    [2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
    [2007/05/17 17:52:30 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
    [2007/05/17 17:23:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
    [2005/02/17 15:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
    [2005/02/17 15:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
    [2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

    ========== LOP Check ==========

    [2009/10/18 15:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
    [2010/06/20 21:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2009/12/03 04:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2009/08/01 01:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
    [2010/05/27 21:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
    [2010/05/27 21:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdBackup
    [2009/07/07 01:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
    [2010/06/17 18:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/06/02 21:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R
    [2010/03/30 19:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    [2009/06/02 21:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\5600-6600 Series
    [2010/05/26 19:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Canneverbe Limited
    [2009/06/16 23:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\DAEMON Tools Lite
    [2009/08/01 01:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\DAEMON Tools Pro
    [2010/03/26 01:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\ImgBurn
    [2009/09/25 15:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Lexmark Productivity Studio
    [2010/04/07 06:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\LimeWire
    [2010/05/31 19:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\StreamTorrent
    [2009/12/13 10:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\SystemRequirementsLab
    [2010/04/29 20:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\TeamViewer
    [2009/05/24 20:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\TuneUp Software
    [2010/06/25 05:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\uTorrent
    [2009/12/03 04:29:07 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

    ========== Purity Check ==========


    < End of report >
     
    Pete,
    #73
  15. 2010/06/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK, this is not working; we'll need to reset mbr from recovery console.
    Hold on there for a moment.
     
    broni,
    #74
  16. 2010/06/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Restart computer
    When you reboot you will see an option to boot into the Recovery Console or the normal Windows installation.
    You have to use the up/down arrows to choose the Recovery Console. Then press Enter but you only have 2 seconds by default.
    If you find this hard to do then you can go into Control Panel, System, Advanced, Startup and Recovery, Settings. Where it says Time to Display List of Operating Systems, change it to 10 or more seconds. OK Then reboot.

    You should get a black screen with a C:\> prompt. Type with an Enter after each line:

    fixmbr

    (If it asks you if you are sure then say "Y ".)

    exit

    Reboot computer.

    Post fresh OTL log.
     
    broni,
    #75
  17. 2010/06/25
    Pete

    Pete Inactive Thread Starter

    Joined:
    2010/06/20
    Messages:
    73
    Likes Received:
    0
    Ok give me a few mins
     
    Pete,
    #76
  18. 2010/06/25
    Pete

    Pete Inactive Thread Starter

    Joined:
    2010/06/20
    Messages:
    73
    Likes Received:
    0
    Sorry something came up and igtg.

    Will post in maybe about half an hour.
     
    Pete,
    #77
  19. 2010/06/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK. Hopefully, I won't fall asleep....LOL
     
    broni,
    #78
  20. 2010/06/26
    Pete

    Pete Inactive Thread Starter

    Joined:
    2010/06/20
    Messages:
    73
    Likes Received:
    0
    Sorry i'm just back and i'm working on your directions
     
    Pete,
    #79
  21. 2010/06/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No problem. I'll be up for 10-15 minutes.
    Since this is brand new "****" on the block, I'm curious, if my latest instructions will work.
    "Black Internet" rootkit, they call it, so far.
     
    broni,
    #80
Page 4 of 7

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...