Random Number .exe and usersplan.hp

**blueskye0417** · 05-12-2010

Hello, I recently have been encountering what I think are malwares and/or spywares... And also earlier today, my firewall was being disabled without me doing so.. Also, at random times, I can't seem to browse the internet even though I'm connected... I thought it was just my service provider but I tried connecting with my other laptop and I was able to browse...

One of the problems I've been having is the random number .exe files which was trying to access the internet... I've tried using Ad-aware, Spybot Search and Destroy, Registry Reviver (tried to prevent it from starting up), and Glary Utilities...

I'm not sure if it has been removed from my laptop because I restarted my laptop and nothing came up... though before, after scans from the mentioned programs above, they were not removed...

Anyway, my 4 main concerns are
1) random times of not being able to access anything on the net (like i was being blocked)
2) does these items affect USB flash drives? (i've plugged an external drive to back up my files)
3) the random number.exe removal
and lastly, 4) Malware trying to access the net (usersplan.hp)

I'd really appreciate help from experts about this... Thanks for your time...

here's the log from hijackthis

[HJT log removed - Broni]

**broni** · 05-12-2010

Welcome aboard

Please, read HERE and post required logs.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

**blueskye0417** · 06-12-2010

Hi..

So far, internet connection was stable.. However the random numbered .exes are still on my computer... usersplan.hp have not been activated considering it wasn't blocked by avast! this time when i started my laptop..

Here are the logs you've requested...

Malwarebytes' Anti-Malware 1.50
Malwarebytes

Database version: 5252

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/6/2010 8

00 AM
mbam-log-2010-12-06 (08-56-00).txt

Scan type: Quick scan
Objects scanned: 132078
Time elapsed: 4 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Worm.Palevo) -> Value: Taskman -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\user\local settings\temporary internet files\content.ie5\ovyfqxif\dateonetwo[1].ol (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\user\application data\ltzqai.exe (Worm.Palevo) -> Delete on reboot.

================================================== =================

GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-12-06 09:13:52
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e Hitachi_HTS545032B9A300 rev.PB3OC64G
Running: prr6hlun.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\pxtdqpow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xAA764CF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xAA764BAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xAA765160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xAA76508A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xAA764782]
SSDT spvi.sys ZwEnumerateKey [0xF8293CA2]
SSDT spvi.sys ZwEnumerateValueKey [0xF8294030]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xAA764C86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xAA7646C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xAA764726]
SSDT spvi.sys ZwQueryKey [0xF8294108]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xAA764DA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAA76522E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xAA764D66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xAA764EE6]

INT 0x62 ? 82385BF8
INT 0x63 ? 82385BF8
INT 0x63 ? 82385BF8
INT 0x63 ? 82082BF8
INT 0x63 ? 82385BF8
INT 0x73 ? 82082BF8
INT 0x94 ? 82082BF8
INT 0xA4 ? 82082BF8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAA771BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xAA7719D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xAA771B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 80582DFE 7 Bytes JMP AA771B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 805A9DEE 7 Bytes JMP AA7719D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BAEDA 5 Bytes JMP AA76D5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C1810 5 Bytes JMP AA76EFFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CF966 7 Bytes JMP AA771BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? crowcln.sys The system cannot find the file specified. !
? spvi.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F7CF662C 5 Bytes JMP 820821D8
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF7CDAEBF]
.text a5ipix1t.SYS F7C39386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a5ipix1t.SYS F7C393AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a5ipix1t.SYS F7C393C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a5ipix1t.SYS F7C393C9 1 Byte [2E]
.text a5ipix1t.SYS F7C393C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1836] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8276040] spvi.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F827613C] spvi.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F82760BE] spvi.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F82767FC] spvi.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F82766D2] spvi.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8286048] spvi.sys
IAT \SystemRoot\System32\Drivers\a5ipix1t.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\a5ipix1t.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\a5ipix1t.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\a5ipix1t.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\a5ipix1t.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\a5ipix1t.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\a5ipix1t.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\a5ipix1t.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\a5ipix1t.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\a5ipix1t.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\a5ipix1t.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\a5ipix1t.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\a5ipix1t.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\a5ipix1t.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\a5ipix1t.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 823831F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{D579DB34-0B15-4227-AB7A-66AD94D50A22} 81F15500

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbuhci \Device\USBPDO-0 820811F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 823861F8
Device \Driver\dmio \Device\DmControl\DmConfig 823861F8
Device \Driver\dmio \Device\DmControl\DmPnP 823861F8
Device \Driver\dmio \Device\DmControl\DmInfo 823861F8
Device \Driver\usbuhci \Device\USBPDO-1 820811F8
Device \Driver\usbuhci \Device\USBPDO-2 820811F8
Device \Driver\usbehci \Device\USBPDO-3 820541F8
Device \Driver\usbuhci \Device\USBPDO-4 820811F8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\PCI_PNP3744 \Device\00000049 spvi.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 823871F8
Device \Driver\Cdrom \Device\CdRom0 820421F8
Device \Driver\atapi \Device\Ide\IdePort0 823851F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 823851F8
Device \Driver\atapi \Device\Ide\IdePort1 823851F8
Device \Driver\atapi \Device\Ide\IdePort2 823851F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 823851F8
Device \Driver\Cdrom \Device\CdRom1 820421F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 81F15500
Device \Driver\NetBT \Device\NetbiosSmb 81F15500

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbuhci \Device\USBFDO-0 820811F8
Device \Driver\usbuhci \Device\USBFDO-1 820811F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82035500
Device \Driver\usbuhci \Device\USBFDO-2 820811F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 82035500
Device \Driver\usbuhci \Device\USBFDO-3 820811F8
Device \Driver\usbehci \Device\USBFDO-4 820541F8
Device \Driver\Ftdisk \Device\FtControl 823871F8
Device \Driver\sptd \Device\2835442494 spvi.sys
Device \Driver\a5ipix1t \Device\Scsi\a5ipix1t1 8203F1F8
Device \Driver\a5ipix1t \Device\Scsi\a5ipix1t1Port3Path0Target0Lun0 8203F1F8
Device \FileSystem\Cdfs \Cdfs 81F36500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@khjeh 0x83 0x2F 0x5C 0x1D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEF 0xDA 0x47 0x4D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khje h 0xE2 0x7B 0x0D 0x85 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@khjeh 0x83 0x2F 0x5C 0x1D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001@khjeh 0xEF 0xDA 0x47 0x4D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE2 0x7B 0x0D 0x85 ...

---- EOF - GMER 1.0.15 ----

================================================== =================

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000002c

Kernel Drivers (total 139):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS\system32\hal.dll
0xF8975000 \WINDOWS\system32\KDCOM.DLL
0xF8885000 \WINDOWS\system32\BOOTVID.dll
0xF8475000 crowcln.sys
0xF8274000 spvi.sys
0xF8977000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF825C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF822E000 ACPI.sys
0xF821D000 pci.sys
0xF8485000 ohci1394.sys
0xF8495000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF84A5000 isapnp.sys
0xF8889000 compbatt.sys
0xF888D000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF8A3D000 pciide.sys
0xF86F5000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF81FF000 pcmcia.sys
0xF84B5000 MountMgr.sys
0xF81E0000 ftdisk.sys
0xF8979000 dmload.sys
0xF81BA000 dmio.sys
0xF8891000 ACPIEC.sys
0xF8A3E000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF86FD000 PartMgr.sys
0xF84C5000 VolSnap.sys
0xF81A2000 atapi.sys
0xF84D5000 disk.sys
0xF84E5000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF8183000 fltMgr.sys
0xF8171000 sr.sys
0xF84F5000 Lbd.sys
0xF8705000 PxHelp20.sys
0xF815A000 KSecDD.sys
0xF80CD000 Ntfs.sys
0xF80A0000 NDIS.sys
0xF8085000 Mup.sys
0xF8595000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF893D000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7E97000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF7E83000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7E5E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF877D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7CDE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8785000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF85A5000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF7CB6000 \SystemRoot\system32\drivers\tifm21.sys
0xF7CA5000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF7C93000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys
0xF85B5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF878D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8795000 \SystemRoot\system32\DRIVERS\Ktp.sys
0xF879D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF85C5000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF85D5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF85E5000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7C70000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7C39000 \SystemRoot\System32\Drivers\a5ipix1t.SYS
0xF8B9A000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF85F5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8951000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF7C22000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8605000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8615000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8805000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7C11000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8625000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF881D000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF882D000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8655000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8987000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF764B000 \SystemRoot\system32\DRIVERS\update.sys
0xF805D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8665000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAABB0000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAAB8E000 \SystemRoot\system32\drivers\portcls.sys
0xF8685000 \SystemRoot\system32\drivers\drmk.sys
0xAAABD000 \SystemRoot\system32\DRIVERS\smserial.sys
0xF883D000 \SystemRoot\System32\Drivers\Modem.SYS
0xF86C5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xAAA85000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xAAA79000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8B0E000 \SystemRoot\System32\Drivers\Null.SYS
0xAAA77000 \SystemRoot\System32\Drivers\Beep.SYS
0xF876D000 \SystemRoot\System32\drivers\vga.sys
0xAAA75000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xAAA73000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8775000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF87A5000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7693000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA981000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA929000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF8515000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAA908000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAA8E0000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF8525000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAA8BE000 \SystemRoot\System32\drivers\afd.sys
0xF8535000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA892000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF8545000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xAA783000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8555000 \SystemRoot\System32\Drivers\Fips.SYS
0xAA75C000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF87BD000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF8575000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAA673000 \SystemRoot\System32\Drivers\BisonCam.sys
0xF8585000 \SystemRoot\System32\Drivers\STREAM.SYS
0xF8020000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7748000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF87C5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF801C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAA65B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xAAA63000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF87DD000 \SystemRoot\System32\watchdog.sys
0xF769F000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF9C1000 \SystemRoot\System32\drivers\dxg.sys
0xF8B58000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9E2000 \SystemRoot\System32\ialmdnt5.dll
0xBF9D3000 \SystemRoot\System32\ialmrnt5.dll
0xBFA04000 \SystemRoot\System32\ialmdev5.DLL
0xBFA3D000 \SystemRoot\System32\ialmdd5.DLL
0xAA59F000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xF880D000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xAA54B000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xAA52B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAA2FC000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xAA027000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA9DCC000 \SystemRoot\system32\DRIVERS\srv.sys
0xA9C77000 \SystemRoot\system32\drivers\wdmaud.sys
0xAA46B000 \SystemRoot\system32\drivers\sysaudio.sys
0xA92AF000 \SystemRoot\System32\Drivers\HTTP.sys
0xF87D5000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA9065000 \??\C:\DOCUME~1\user\LOCALS~1\Temp\pxtdqpow.sys
0xA903B000 \SystemRoot\system32\drivers\kmixer.sys
0xA8EDE000 \SystemRoot\system32\DRIVERS\w39n51.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\daemon.dll

Processes (total 54):
0 System Idle Process
4 System
804 C:\WINDOWS\system32\smss.exe
864 csrss.exe
888 C:\WINDOWS\system32\winlogon.exe
932 C:\WINDOWS\system32\services.exe
944 C:\WINDOWS\system32\lsass.exe
1120 C:\WINDOWS\system32\svchost.exe
1188 svchost.exe
1228 C:\WINDOWS\system32\svchost.exe
1284 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1320 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1360 svchost.exe
1480 svchost.exe
1836 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1972 C:\WINDOWS\explorer.exe
788 C:\WINDOWS\system32\spoolsv.exe
1152 C:\WINDOWS\ehome\ehRecvr.exe
1256 C:\WINDOWS\ehome\ehSched.exe
1468 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe
1660 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
284 C:\WINDOWS\system32\svchost.exe
2424 C:\WINDOWS\ehome\ehtray.exe
2436 C:\WINDOWS\system32\igfxtray.exe
2460 C:\WINDOWS\system32\hkcmd.exe
2540 C:\WINDOWS\system32\igfxpers.exe
2792 C:\WINDOWS\RTHDCPL.exe
2824 C:\Program Files\Elantech\Ktp.exe
2864 C:\WINDOWS\mHotkey.exe
2896 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
2948 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
2980 C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
2988 C:\WINDOWS\sm56hlpr.exe
2996 C:\WINDOWS\BisonCam\BisonTrayIcon.exe
3004 C:\WINDOWS\BisonCam\BisonHK.exe
3012 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3024 C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
3508 C:\Program Files\DAEMON Tools Lite\daemon.exe
1880 C:\DOCUME~1\user\LOCALS~1\Temp\82003.exe
2248 C:\WINDOWS\system32\dllhost.exe
4040 alg.exe
3576 C:\WINDOWS\ehome\ehmsas.exe
1212 C:\WINDOWS\system32\wuauclt.exe
1464 C:\WINDOWS\system32\notepad.exe
660 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
3256 unsecapp.exe
3528 wmiprvse.exe
3056 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
2740 C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
2068 C:\Program Files\Google\Chrome\Application\chrome.exe
3704 C:\Program Files\Google\Chrome\Application\chrome.exe
2092 C:\Program Files\Google\Chrome\Application\chrome.exe
3388 C:\Program Files\Google\Chrome\Application\chrome.exe
668 C:\Documents and Settings\user\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS545032B9A300, Rev: PB3OC64G

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

================================================== =================

DDS (Ver_10-12-05.01) - NTFSx86
Run by user at 9:23:37.39 on Mon 12/06/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.162 [GMT 8:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Elantech\ktp.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\BisonCam\BisonTrayIcon.exe
C:\WINDOWS\BisonCam\BisonHK.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\DOCUME~1\user\LOCALS~1\Temp\82003.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mDefault_Page_URL = hxxp://www.neo.com.ph
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [KTPWare] c:\program files\elantech\ktp.exe
mRun: [CHotkey] mHotkey.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [BisonTrayIcon] c:\windows\bisoncam\BisonTrayIcon.exe
mRun: [BisonHK] c:\windows\bisoncam\BisonHK.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Advanced EHTAL Enable] c:\docume~1\user\locals~1\temp\82003.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1291548620734
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-5 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-5 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2010-12-5 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-5 40384]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService .exe [2009-5-1 181544]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 1355928]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-5 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-5 40384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-5 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-23 15008]

=============== Created Last 30 ================

2010-12-06 00:35:57 -------- d-----w- c:\docume~1\user\applic~1\Malwarebytes
2010-12-06 00:35:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-06 00:35:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-06 00:35:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-06 00:35:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-12-05 09:54:45 94208 ----a-w- c:\windows\DIIUnin.exe
2010-12-05 09:54:45 2829 ----a-w- c:\windows\DIIUnin.pif
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr

============= FINISH: 9:24:39.78 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-05.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/5/2010 2:53:51 PM
System Uptime: 12/6/2010 8:58:07 AM (1 hours ago)

Motherboard: CLEVO Co. | | M5x0N
Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | U2E1 | 980/mhz
Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | U2E1 | 980/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 289.234 GiB free.
D: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 12/5/2010 2:53:54 PM - System Checkpoint
RP2: 12/5/2010 2:59:54 PM - Installed Realtek High Definition Audio Driver
RP3: 12/5/2010 3:00:03 PM - Installed Windows XP KB888111WXPSP2.
RP4: 12/5/2010 3:04:51 PM - Installed REALTEK Gigabit and Fast Ethernet NIC Driver
RP5: 12/5/2010 3:06:39 PM - Installed KTP Ware PS/2-WDM 5.0.1.9
RP6: 12/5/2010 3:08:33 PM - Installed TIPCI
RP7: 12/5/2010 3:09:25 PM - Installed TIPCI
RP8: 12/5/2010 3:14:30 PM - Removed BisonCam
RP9: 12/5/2010 3:15:22 PM - Installed BisonCam
RP10: 12/5/2010 5:00:09 PM - avast! Free Antivirus Setup
RP11: 12/5/2010 5:16:51 PM - SPTD setup V1.56
RP12: 12/5/2010 5:29:17 PM - Installed Windows Installer KB893803v2.
RP13: 12/5/2010 5:29:46 PM - Installed Seagate Manager Installer
RP14: 12/5/2010 8:47:17 PM - Installed RegistryReviver.
RP15: 12/5/2010 9:24:10 PM - RegistryReviver Backup
RP16: 12/5/2010 10:27:13 PM - Installed HiJackThis

==== Installed Programs ======================

Ad-Aware
Adobe Flash Player 10 ActiveX
avast! Free Antivirus
BisonCam
Diablo II
Glary Utilities 2.30.0.1066
Google Chrome
Google Update Helper
High Definition Audio Driver Package - KB888111
HiJackThis
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
KTP Ware PS/2-WDM 5.0.1.9
Malwarebytes' Anti-Malware
mCore
mDriver
mDrWiFi
mEoU
mHelp
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mIWA
mLogView
mMHouse
Motorola SM56 Data Fax Modem
mPfMgr
mPfWiz
mProSafe
MSXML 6.0 Parser
Multimedia / Internet Keyboard Driver VerR8.15
mWlsSafe
mXML
mZConfig
REALTEK Gigabit and Fast Ethernet NIC Driver
Realtek High Definition Audio Driver
RegistryReviver
Seagate Manager Installer
Spybot - Search & Destroy
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Update for Windows XP (KB911164)
Update for Windows XP (KB912945)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Installer 3.1 (KB893803)
WinRAR 4.00 beta 2 (32-bit)

==== Event Viewer Messages From Past Week ========

12/6/2010 9:05:21 AM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
12/6/2010 8:07:50 AM, error: Service Control Manager [7034] - The Seagate Service service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 8:07:50 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 8:07:50 AM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/6/2010 8:07:38 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 8:07:38 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
12/5/2010 3:08:08 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

==== End Of File ===========================

**broni** · 06-12-2010

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: AVG - Download tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**blueskye0417** · 06-12-2010

Here is the combofix log

ComboFix 10-12-04.03 - user 12/06/2010 10:23:56.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.247 [GMT 8:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-11-06 to 2010-12-06 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-09 59392]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-12 15961088]
"KTPWare"="c:\program files\Elantech\ktp.exe" [2005-10-27 512000]
"CHotkey"="mHotkey.exe" [2001-12-26 472576]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-11-28 569413]
"SMSERIAL"="sm56hlpr.exe" [2005-11-10 557056]
"BisonTrayIcon"="c:\windows\BisonCam\BisonTrayIcon .exe" [2005-09-05 45056]
"BisonHK"="c:\windows\BisonCam\BisonHK.exe" [2006-05-15 73728]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced EHTAL Enable

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/5/2010 6:22 PM 64288]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/5/2010 5:16 PM 717296]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/5/2010 5:00 PM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [12/5/2010 5:00 PM 17744]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService .exe [5/1/2009 2:35 PM 181544]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/5/2010 5:00 PM 136176]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/23/2010 3:46 PM 1355928]
.
Contents of the 'Scheduled Tasks' folder

2010-12-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 07:46]

2010-12-06 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-12-05 02:47]

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-05 09:00]

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-05 09:00]

2010-12-06 c:\windows\Tasks\RegistryReviver-user-Startup.job
- c:\program files\ReviverSoft\RegistryReviver\RegistryReviver. exe [2010-11-01 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-12-06 10:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-12-06 10:29:12
ComboFix-quarantined-files.txt 2010-12-06 02:29

Pre-Run: 310,496,591,872 bytes free
Post-Run: 310,453,837,824 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windo ws XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 564F1E530F9FE69FF0E381BBC42DD01A

**broni** · 06-12-2010

Looks good

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

**blueskye0417** · 06-12-2010

I'm relieved to hear some good news..

Anyway, here's OTL.txt and Extras.txt, respectively.

OTL logfile created on: 12/6/2010 10:46:59 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\user\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 192.00 Mb Available Physical Memory | 38.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 289.13 Gb Free Space | 97.00% Space Free | Partition Type: NTFS

Computer Name: NEO | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/06 10:45:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\desktop\OTL.exe
PRC - [2010/09/23 15:46:07 | 001,355,928 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/09/23 15:46:07 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/09/07 23:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 23:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe
PRC - [2006/03/15 20:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

========== Modules (SafeList) ==========

MOD - [2010/12/06 10:45:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\desktop\OTL.exe
MOD - [2006/03/15 20:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/09/23 15:46:07 | 001,355,928 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/09/07 23:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 23:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 23:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe -- (FreeAgentGoNext Service)
SRV - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/12/05 17:16:51 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/09/23 15:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/09/23 15:46:08 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/09/07 22:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 22:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 22:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 22:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 22:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 22:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2006/04/19 16:50:08 | 000,788,224 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BisonCam.sys -- (Cam5603D)
DRV - [2006/01/14 08:13:18 | 004,137,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/12/05 15:55:29 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/11/29 10:33:32 | 000,027,520 | ---- | M] (ELANTECH Devices Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Ktp.sys -- (Ktp)
DRV - [2005/11/28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/10 18:51:38 | 000,854,404 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005/09/21 01:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2005/01/07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/12/03 07:36:08 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010/12/06 10:27:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BisonHK] C:\WINDOWS\BisonCam\BisonHK.exe ()
O4 - HKLM..\Run: [BisonTrayIcon] C:\WINDOWS\BisonCam\BisonTrayIcon.exe ()
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe (Chicony)
O4 - HKLM..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [KTPWare] C:\Program Files\Elantech\Ktp.exe (ELANTECH Devices Corp.)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1291548620734 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 124.106.5.2 58.69.254.87 58.69.254.79
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/05 14:40:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/06 10:44:41 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2010/12/06 10:29:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/12/06 10:17:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/06 10:15:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/06 10:15:49 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/06 10:15:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/06 10:15:49 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/06 10:15:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/06 10:15:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/06 08:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2010/12/06 08:35:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/06 08:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/06 08:35:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/06 08:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/06 08:32:14 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\Desktop\mbam-setup-1.50.0.0.exe
[2010/12/05 22:29:27 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/12/05 22:29:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/12/05 22:29:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/12/05 22:29:22 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/12/05 22:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/12/05 22:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/12/05 22:28:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/12/05 22:28:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/12/05 22:28:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/12/05 22:28:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/12/05 22:28:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/12/05 22:28:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/12/05 22:28:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/12/05 22:28:41 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/12/05 22:28:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/12/05 22:28:18 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/12/05 22:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/12/05 22:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/12/05 22:18:52 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/12/05 22:18:52 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/12/05 22:18:52 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/12/05 22:18:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/12/05 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2010/12/05 22:12:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\Snapshot
[2010/12/05 21:34:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\GlarySoft
[2010/12/05 21:33:25 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2010/12/05 20:47:19 | 000,000,000 | ---D | C] -- C:\Program Files\ReviverSoft
[2010/12/05 20:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
[2010/12/05 19:29:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/12/05 19:29:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\user\UserData
[2010/12/05 18:22:53 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/12/05 18

55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Sunbelt Software
[2010/12/05 18:19:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/12/05 18:19:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\DemonFlyffv16
[2010/12/05 18:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/12/05 18:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/12/05 17:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\WinRAR
[2010/12/05 17:55:22 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/12/05 17:54:45 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2010/12/05 17:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo II
[2010/12/05 17:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/12/05 17:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/12/05 17:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2010/12/05 17:31:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/12/05 17:30:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Downloads
[2010/12/05 17:30:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Adobe
[2010/12/05 17:29:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Downloaded Installations
[2010/12/05 17:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/12/05 17:29:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/12/05 17:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Macromedia
[2010/12/05 17:28:36 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2010/12/05 17:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Leadertech
[2010/12/05 17:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/12/05 17:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/12/05 17:16:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\DAEMON Tools
[2010/12/05 17:00:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Temp
[2010/12/05 17:00:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/12/05 17:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/12/05 17:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Google
[2010/12/05 17:00:30 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/12/05 17:00:30 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/12/05 17:00:29 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/12/05 17:00:28 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/12/05 17:00:26 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/12/05 17:00:26 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/12/05 17:00:26 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/12/05 17:00:15 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/12/05 17:00:14 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/12/05 17:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/12/05 17:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/12/05 15:15:23 | 000,788,224 | ---- | C] (Bison Electronics. Inc. ) -- C:\WINDOWS\System32\drivers\BisonCam.sys
[2010/12/05 15:15:23 | 000,073,846 | ---- | C] (Bison Inc.) -- C:\WINDOWS\System32\BisonRem.dll
[2010/12/05 15:12:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2010/12/05 15:09:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\tiinst
[2010/12/05 15:09:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Motorola
[2010/12/05 15:08:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Intel
[2010/12/05 15:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2010/12/05 15:08:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/12/05 15:07:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\BisonCam
[2010/12/05 15:07:16 | 000,472,576 | ---- | C] (Chicony) -- C:\WINDOWS\mHotkey.exe
[2010/12/05 15:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech
[2010/12/05 15:04:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2010/12/05 15:00:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2010/12/05 14:59:54 | 002,809,856 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
[2010/12/05 14:59:54 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/12/05 14:59:54 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/12/05 14:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/12/05 14:57:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/12/05 14:57:57 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/12/05 14

27 | 000,854,404 | ---- | C] (Motorola Inc.) -- C:\WINDOWS\System32\drivers\smserial.sys
[2010/12/05 14

27 | 000,557,056 | ---- | C] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
[2010/12/05 14

27 | 000,081,920 | ---- | C] (Motorola Inc.) -- C:\WINDOWS\System32\sm56co.dll
[2010/12/05 14

04 | 000,027,520 | ---- | C] (ELANTECH Devices Corp.) -- C:\WINDOWS\System32\drivers\Ktp.sys
[2010/12/05 14:54:00 | 000,000,000 | --SD | C] -- C:\Documents and Settings\user\Application Data\Microsoft
[2010/12/05 14:54:00 | 000,000,000 | --SD | C] -- C:\Documents and Settings\user\Cookies
[2010/12/05 14:54:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\SendTo
[2010/12/05 14:54:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent
[2010/12/05 14:54:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Application Data
[2010/12/05 14:54:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Start Menu
[2010/12/05 14:54:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents\My Pictures
[2010/12/05 14:54:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents\My Music
[2010/12/05 14:54:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents
[2010/12/05 14:54:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Favorites
[2010/12/05 14:54:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user\Templates
[2010/12/05 14:54:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user\PrintHood
[2010/12/05 14:54:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user\NetHood
[2010/12/05 14:54:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user\Local Settings
[2010/12/05 14:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Microsoft
[2010/12/05 14:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Identities
[2010/12/05 14:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\desktop
[2010/12/05 14:47:13 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/12/05 14:45:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded TV
[2010/12/05 14:45:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Drivers
[2010/12/05 14:45:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/12/05 14:45:43 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/12/05 14:45:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/12/05 14:45:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/12/05 14:45:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/12/05 14:45:41 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/12/05 14:45:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/12/05 14:43:41 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/12/05 14:43:41 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/12/05 14:43:41 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/12/05 14:42:23 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/12/05 14:41:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/12/05 14:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/12/05 14:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/12/05 14:41:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/12/05 14:39:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/12/05 14:39:31 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/12/05 14:39:31 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/12/05 14:39:21 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/12/05 14:39:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/12/05 14:38:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/12/05 14:38:32 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/12/05 14:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/12/05 14:38:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/12/05 14:38:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/12/05 14:38:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/12/05 14:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/12/05 14:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/12/05 14:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/12/05 14:37:54 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/12/05 14:37:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/12/05 14:37:18 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/12/05 14:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/12/05 14:36:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/12/05 14:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/12/05 14:36:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/12/05 14:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/12/05 14:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Plus
[2010/12/05 14:35:16 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/12/05 14:34:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/12/05 14:33:58 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/12/05 14:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010/12/05 14:33:21 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2010/12/05 14:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/12/05 14:33:20 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/12/05 14:33:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/12/05 14:33:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/12/05 14:33:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos

========== Files - Modified Within 30 Days ==========

[2010/12/06 10:45:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2010/12/06 10:32:50 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/12/06 10:29:13 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\RegistryReviver-user-Startup.job
[2010/12/06 10:27:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/06 10:23:29 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/12/06 10:23:26 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/06 10:23:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/06 10:17:20 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2010/12/06 10:05:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/06 10:03:19 | 003,984,762 | R--- | M] () -- C:\Documents and Settings\user\Desktop\ComboFix.exe
[2010/12/06 09:22:47 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\user\Desktop\dds.scr
[2010/12/06 08:35:43 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/06 08:34:33 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\Desktop\mbam-setup-1.50.0.0.exe
[2010/12/05 22:46:52 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\user\Desktop\HiJackThis.lnk
[2010/12/05 21:33:32 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Glary Utilities.lnk
[2010/12/05 20:47:24 | 000,001,838 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegistryReviver.lnk
[2010/12/05 18:19:53 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/12/05 18:19:53 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/12/05 18:16:34 | 000,035,795 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat
[2010/12/05 18:03:42 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Diablo II - Lord of Destruction.lnk
[2010/12/05 17:54:47 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diablo II.lnk
[2010/12/05 17:54:45 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2010/12/05 17:54:45 | 000,002,829 | ---- | M] () -- C:\WINDOWS\DIIUnin.pif
[2010/12/05 17:45:19 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/05 17:45:19 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Spybot - Search & Destroy.lnk
[2010/12/05 17:32:05 | 000,001,863 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Seagate Manager.lnk
[2010/12/05 17:16:51 | 000,717,296 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/12/05 17:04:58 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/12/05 17:04:58 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/05 17:00:31 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/12/05 17:00:27 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/12/05 15:15:23 | 000,000,423 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BisonCam.lnk
[2010/12/05 15:15:07 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/05 15:15:07 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/12/05 15:12:47 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010/12/05 15:12:47 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010/12/05 15:10:16 | 000,364,302 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/05 15:10:16 | 000,045,810 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/05 15:00:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/05 14:54:11 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/05 14:54:07 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Windows Media Player.lnk
[2010/12/05 14:53:51 | 000,000,871 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/12/05 14:53:49 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2010/12/05 14:50:11 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/12/05 14:48:31 | 000,000,061 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2010/12/05 14:48:26 | 000,000,333 | ---- | M] () -- C:\WINDOWS\System32\$ncsp$.inf
[2010/12/05 14:47:24 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/12/05 14:45:34 | 000,091,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/05 14:40:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/12/05 14:40:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/12/05 14:40:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/12/05 14:40:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/12/05 14:40:52 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/12/05 14:40:52 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/12/05 14:40:51 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/12/05 14:40:43 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/12/05 14:36:55 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe

========== Files Created - No Company Name ==========

[2010/12/06 10:17:20 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/12/06 10:17:17 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/06 10:15:49 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/06 10:15:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/06 10:15:49 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/06 10:15:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/06 10:15:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/06 10:03:39 | 003,984,762 | R--- | C] () -- C:\Documents and Settings\user\Desktop\ComboFix.exe
[2010/12/06 09:22:36 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\user\Desktop\dds.scr
[2010/12/06 08:35:43 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/05 22:29:30 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/12/05 22:29:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/12/05 22:29:24 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2010/12/05 22:29:24 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010/12/05 22:29:24 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2010/12/05 22:29:23 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010/12/05 22:29:08 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/12/05 22:28:58 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/12/05 22:28:58 | 000,130,715 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/12/05 22:28:58 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/12/05 22:28:58 | 000,077,881 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plus.cat
[2010/12/05 22:28:58 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/12/05 22:28:58 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/12/05 22:28:58 | 000,017,916 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sonic.cat
[2010/12/05 22:28:58 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/12/05 22:28:58 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/12/05 22:28:58 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/12/05 22:28:58 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/12/05 22:28:58 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/12/05 22:28:58 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/12/05 22:28:58 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/12/05 22:28:57 | 002,008,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/12/05 22:28:57 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/12/05 22:28:57 | 000,507,578 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/12/05 22:28:57 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/12/05 22:28:57 | 000,106,147 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/12/05 22:28:57 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/12/05 22:28:57 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/12/05 22:28:18 | 000,091,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/05 22:27:34 | 000,000,325 | RHS- | C] () -- C:\boot.ini
[2010/12/05 22:27:30 | 000,000,871 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/12/05 22:27:15 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\user\Desktop\HiJackThis.lnk
[2010/12/05 21:33:37 | 000,000,310 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/12/05 21:33:32 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Glary Utilities.lnk
[2010/12/05 20:49:02 | 000,000,372 | ---- | C] () -- C:\WINDOWS\tasks\RegistryReviver-user-Startup.job
[2010/12/05 20:47:24 | 000,001,838 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegistryReviver.lnk
[2010/12/05 18:24:54 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/12/05 18:19:53 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/12/05 18:19:53 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/12/05 18:03:42 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Diablo II - Lord of Destruction.lnk
[2010/12/05 17:54:47 | 000,035,795 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2010/12/05 17:54:47 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Diablo II.lnk
[2010/12/05 17:54:45 | 000,002,829 | ---- | C] () -- C:\WINDOWS\DIIUnin.pif
[2010/12/05 17:45:19 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/05 17:45:19 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Spybot - Search & Destroy.lnk
[2010/12/05 17:32:05 | 000,001,863 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Seagate Manager.lnk
[2010/12/05 17:16:51 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/12/05 17:04:58 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/12/05 17:04:58 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/05 17:00:38 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/05 17:00:37 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/05 17:00:31 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/12/05 15:15:25 | 000,000,080 | ---- | C] () -- C:\WINDOWS\OEM.ini
[2010/12/05 15:15:23 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System\StillDrv.dll
[2010/12/05 15:15:23 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System\BisonVfw.dll
[2010/12/05 15:15:23 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M2000Twn.ini
[2010/12/05 15:15:23 | 000,013,448 | ---- | C] () -- C:\WINDOWS\M2000Twn.src
[2010/12/05 15:15:23 | 000,002,264 | ---- | C] () -- C:\WINDOWS\System\S20H0220.csr
[2010/12/05 15:15:23 | 000,002,264 | ---- | C] () -- C:\WINDOWS\System\S20F0220.csr
[2010/12/05 15:15:23 | 000,000,423 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BisonCam.lnk
[2010/12/05 15:15:09 | 000,012,598 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2010/12/05 15:12:47 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010/12/05 15:12:47 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010/12/05 15:07:36 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System\BisonCam.dll
[2010/12/05 15:07:16 | 000,294,912 | R--- | C] () -- C:\WINDOWS\Record.exe
[2010/12/05 15:07:16 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2010/12/05 15:07:16 | 000,009,514 | R--- | C] () -- C:\WINDOWS\CNK001.cat
[2010/12/05 15:07:16 | 000,005,280 | ---- | C] () -- C:\WINDOWS\hotbtnv.vxd
[2010/12/05 15:07:16 | 000,001,806 | ---- | C] () -- C:\WINDOWS\mHotkey.reg
[2010/12/05 15:00:45 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/12/05 15:00:45 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/12/05 14

27 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2010/12/05 14

27 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2010/12/05 14

27 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2010/12/05 14

27 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2010/12/05 14

27 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2010/12/05 14

27 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2010/12/05 14

27 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2010/12/05 14

27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2010/12/05 14

27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2010/12/05 14

02 | 000,524,850 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2010/12/05 14

02 | 000,058,704 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2010/12/05 14

02 | 000,026,752 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2010/12/05 14

02 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
[2010/12/05 14:54:07 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Windows Media Player.lnk
[2010/12/05 14:54:00 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/05 14:54:00 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/12/05 14:50:11 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/12/05 14:48:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/12/05 14:48:26 | 000,000,333 | ---- | C] () -- C:\WINDOWS\System32\$ncsp$.inf
[2010/12/05 14:44:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/12/05 14:43:34 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/12/05 14:43:13 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/12/05 14:43:05 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/12/05 14:43:04 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/12/05 14:43:02 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/12/05 14:42:50 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/12/05 14:42:44 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/12/05 14:42:39 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/12/05 14:42:26 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/12/05 14:42:06 | 000,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2010/12/05 14:40:58 | 000,002,626 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/12/05 14:40:58 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/12/05 14:40:58 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/12/05 14:40:58 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/12/05 14:40:58 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/12/05 14:40:52 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/12/05 14:40:52 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/12/05 14:40:51 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/12/05 14:39:08 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/12/05 14:38:41 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/12/05 14:38:41 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/12/05 14:38:36 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/12/05 14:38:13 | 000,376,320 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2010/12/05 14:36:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/12/05 14:35:32 | 000,011,452 | ---- | C] () -- C:\WINDOWS\System32\mypixdx.chm
[2010/12/05 14:34:10 | 010,604,352 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ehcir.ird
[2010/12/05 14:33:44 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/12/05 14:33:44 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/12/05 14:33:44 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/12/05 14:33:44 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/12/05 14:33:44 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/12/05 14:33:43 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/12/05 14:33:43 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/12/05 14:33:43 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/12/05 14:33:43 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/12/05 14:33:43 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/12/05 14:33:43 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/12/05 14:33:41 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/12/05 14:33:41 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/12/05 14:33:40 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/12/05 14:33:35 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2007/02/14 20:58:41 | 000,004,408 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/03/15 20:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006/03/15 20:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2010/12/05 17:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/12/05 20:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
[2010/12/05 17:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/12/05 18:20:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/12/05 17:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DAEMON Tools
[2010/12/05 21:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GlarySoft
[2010/12/05 17:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Leadertech
[2010/12/06 10:32:50 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/12/06 10:23:29 | 000,000,310 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2010/12/06 10:29:13 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\RegistryReviver-user-Startup.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/12/05 14:40:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/12/05 14:53:49 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2010/12/06 10:17:20 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/12/06 10:29:13 | 000,006,385 | ---- | M] () -- C:\ComboFix.txt
[2010/12/05 14:40:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/12/05 14:40:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/12/05 14:40:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/03/15 20:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2006/03/15 20:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/12/06 10:23:13 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/12/05 14:40:23 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/07 23:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/12/05 22:27:33 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/12/05 22:27:33 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/12/05 22:27:32 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/12/05 14:48:31 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/12/05 14:54:11 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/12/05 14:47:24 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/12/06 10:03:19 | 003,984,762 | R--- | M] () -- C:\Documents and Settings\user\desktop\ComboFix.exe
[2010/12/06 08:34:33 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\desktop\mbam-setup-1.50.0.0.exe
[2010/12/06 10:45:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2003/09/22 14:36:46 | 000,013,448 | ---- | M] () -- C:\WINDOWS\M2000Twn.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/12/05 14:54:10 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\user\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/12/06 10:31:27 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\user\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2006/03/15 20:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >
[2005/12/05 23:14:58 | 000,552,960 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2006/03/15 20:00:00 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2004/08/04 01:06:34 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2004/08/04 01:06:34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2004/08/04 01:06:34 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2006/03/15 20:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2006/03/15 20:00:00 | 000,018,052 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2006/03/15 20:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

================================================== =============================================

OTL Extras logfile created on: 12/6/2010 10:46:59 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\user\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 192.00 Mb Available Physical Memory | 38.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 289.13 Gb Free Space | 97.00% Space Free | Partition Type: NTFS

Computer Name: NEO | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{231A1A09-FDF2-45F2-B3D1-964CECE372BC}" = Seagate Manager Installer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{332DB63A-14F2-465D-9C7E-B0D04353323F}" = RegistryReviver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = BisonCam
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0BD89C0-D39D-11D5-BBEC-00D0B740900A}" = Multimedia / Internet Keyboard Driver VerR8.15
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast5" = avast! Free Antivirus
"Diablo II" = Diablo II
"Elantech" = KTP Ware PS/2-WDM 5.0.1.9
"Glary Utilities_is1" = Glary Utilities 2.30.0.1066
"Google Chrome" = Google Chrome
"InstallShield_{231A1A09-FDF2-45F2-B3D1-964CECE372BC}" = Seagate Manager Installer
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ProInst" = Intel(R) PROSet/Wireless Software
"RegistryReviver" = RegistryReviver
"SMSERIAL" = Motorola SM56 Data Fax Modem
"WinRAR archiver" = WinRAR 4.00 beta 2 (32-bit)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/5/2010 6

34 AM | Computer Name = NEO | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 12/5/2010 9:47:28 AM | Computer Name = NEO | Source = Application Error | ID = 1000
Description = Faulting application avastui.exe, version 5.0.677.0, faulting module
msvcr90.dll, version 9.0.30729.4148, fault address 0x0003af1c.

Error - 12/5/2010 10:05:26 AM | Computer Name = NEO | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 12/5/2010 3:08:08 AM | Computer Name = NEO | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 12/5/2010 8:07:38 PM | Computer Name = NEO | Source = Service Control Manager | ID = 7034
Description = The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/5/2010 8:07:38 PM | Computer Name = NEO | Source = Service Control Manager | ID = 7034
Description = The Intel(R) PROSet/Wireless Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/5/2010 8:07:50 PM | Computer Name = NEO | Source = Service Control Manager | ID = 7034
Description = The Seagate Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/5/2010 8:07:50 PM | Computer Name = NEO | Source = Service Control Manager | ID = 7034
Description = The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/5/2010 8:07:50 PM | Computer Name = NEO | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 12/5/2010 9:05:21 PM | Computer Name = NEO | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 12/5/2010 9:06:08 PM | Computer Name = NEO | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 12/5/2010 9:06:17 PM | Computer Name = NEO | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 12/5/2010 9:06:24 PM | Computer Name = NEO | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

< End of report >

**broni** · 06-12-2010

502.00 Mb Total Physical Memory

Your computer could use another 512MB of RAM for better performance.

================================================== =================

Update your Java version here: Verify Java Version

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

================================================== =============

OTL log looks clean.

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

**blueskye0417** · 06-12-2010

@more RAM for the computer -> Yeah, I'm thinking about buying one this Christmas..

And here is Security check and ESET Scan logs..

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

================================================== ================

C:\Documents and Settings\All Users\Application Data\ReviverSoft\RegistryReviver\InstallCache\{E31 E4E05-4B6B-42A5-8623-EB530F8147F5}\RegistryReviver.msi a variant of Win32/SlowPCfighter application
C:\Documents and Settings\user\My Documents\Downloads\RegistryReviverSetup.exe a variant of Win32/SlowPCfighter application
C:\Program Files\ReviverSoft\RegistryReviver\RegistryReviver. exe a variant of Win32/SlowPCfighter application
C:\System Volume Information\_restore{7AACA685-2732-43EB-9A82-74CB1E1E3803}\RP14\A0002457.msi a variant of Win32/SlowPCfighter application
C:\System Volume Information\_restore{7AACA685-2732-43EB-9A82-74CB1E1E3803}\RP14\A0002464.msi a variant of Win32/SlowPCfighter application
C:\System Volume Information\_restore{7AACA685-2732-43EB-9A82-74CB1E1E3803}\RP14\A0002492.msi a variant of Win32/SlowPCfighter application
C:\System Volume Information\_restore{7AACA685-2732-43EB-9A82-74CB1E1E3803}\RP15\A0002506.exe a variant of Win32/Injector.DUM trojan
C:\System Volume Information\_restore{7AACA685-2732-43EB-9A82-74CB1E1E3803}\RP15\A0002507.exe a variant of Win32/Injector.DUM trojan
C:\System Volume Information\_restore{7AACA685-2732-43EB-9A82-74CB1E1E3803}\RP15\A0003849.exe a variant of Win32/Injector.DUM trojan
C:\System Volume Information\_restore{7AACA685-2732-43EB-9A82-74CB1E1E3803}\RP15\A0004439.exe a variant of Win32/Injector.DUM trojan
C:\System Volume Information\_restore{7AACA685-2732-43EB-9A82-74CB1E1E3803}\RP15\A0004448.exe a variant of Win32/Injector.DUM trojan
C:\System Volume Information\_restore{7AACA685-2732-43EB-9A82-74CB1E1E3803}\RP15\A0004449.exe Win32/SpamTool.Tedroo.AN trojan
C:\System Volume Information\_restore{7AACA685-2732-43EB-9A82-74CB1E1E3803}\RP16\A0004472.exe a variant of Win32/Injector.DUM trojan
C:\System Volume Information\_restore{7AACA685-2732-43EB-9A82-74CB1E1E3803}\RP16\A0004546.exe Win32/SpamTool.Tedroo.AN trojan

**broni** · 06-12-2010

You have to update IE to at least version 7. Version 6 is obsolete and thus dangerous.
You also have to install Service Pack 3.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL

:Services

:Reg

:Files
C:\Documents and Settings\All Users\Application  Data\ReviverSoft\RegistryReviver\InstallCache\{E31   E4E05-4B6B-42A5-8623-EB530F8147F5}\RegistryReviver.msi	
C:\Documents and Settings\user\My Documents\Downloads\RegistryReviverSetup.exe	
C:\Program Files\ReviverSoft\RegistryReviver\RegistryReviver.  exe

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

================================================== ===================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current (including Service Pack 3 installation!)

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): Safe Browsing Tool | WOT Web of Trust. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): PSI - Consumer - Products. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: How did I get infected?

12. Please, let me know, how your computer is doing.

Random Number .exe and usersplan.hp

Random Number .exe and usersplan.hp

Similar Threads

Random number virus??

random number exe

random number exe

Random Number exe files

Random Number .exe