Constant Infections

**TheTopPro** · 15-05-2011

Hello Head Securities =]

I am trying to be a good board follower So I ran all of the scans that the Instruction thread told me to.

Before I post them I'd of course like to explain a little of whats going on with my computer.

Basically Its running slow and freezing on programs. So I got myself Malware Bytes and Avast. Now what concerns me is that EVERY time I run a scan with either it constantly finds infections. This makes me think that whatever is causing the infection is obviously not being weeded out.
In addition, My External Hard drive seems to be infected as well, tried scanning it, found infections, problem persists.
(The external HDD infection activates upon connecting (detected by avast immediately) Apparently it takes about 5 of my HDD's root folders, turns them into hidden system folders and replaces them with Shortcuts with the same folder names except the shortcuts lead into my C:\WINDOWS\System32 folder . . . weird huh?)

Anyways here are the logs

#1 MBAM

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 6559

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18702

5/12/2011 4:15:01 AM
mbam-log-2011-05-12 (04-15-01).txt

Scan type: Quick scan
Objects scanned: 190739
Time elapsed: 4 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.Agent) -> Bad: (Explorer.exe "C:\Documents and Settings\Over 9000\Application Data\smss.exe") Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\over 9000\local settings\Temp\uckccyaj.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\over 9000\local settings\Temp\ugqeuixv.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\over 9000\local settings\temporary internet files\Content.IE5\OP0RUXMD\e55f333c5c5ac2e7de39504 91b9d6547[1].exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\over 9000\local settings\temporary internet files\Content.IE5\UY4T7LSA\iamfud[1].exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\over 9000\local settings\temporary internet files\Content.IE5\Z5FE29ZJ\5410d82f6f178bffb51a1e9 2a285fcf4[1].exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\over 9000\application data\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
c:\documents and settings\over 9000\local settings\temporary internet files\tmp_6384.exe (Trojan.Agent) -> Quarantined and deleted successfully.

#2 - GMER

GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-15 17:03:16
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD3200AAKS-00B3A0 rev.01.03A01
Running: fcz7x9t3.exe; Driver: C:\DOCUME~1\OVER90~1\LOCALS~1\Temp\awxiipod.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

#3 - MBRChecks

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x000002fc

Kernel Drivers (total 98):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EC000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7607000 ohci1394.sys
0xF7617000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7627000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF798B000 dmload.sys
0xF74B2000 dmio.sys
0xF770F000 PartMgr.sys
0xF7637000 VolSnap.sys
0xF749A000 atapi.sys
0xF7647000 disk.sys
0xF7657000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF747B000 fltMgr.sys
0xF7469000 sr.sys
0xF7452000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7425000 NDIS.sys
0xF740A000 Mup.sys
0xF774F000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xBAEE3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7757000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7687000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7697000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBAEC0000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7777000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF777F000 \SystemRoot\system32\DRIVERS\RTL8139.SYS
0xF76B7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7787000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF778F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBAF0A000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF779F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF76D7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7907000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xBAEA9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77BF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBAE98000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7587000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77CF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77DF000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBAD77000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7577000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79FF000 \SystemRoot\system32\DRIVERS\swenum.sys
0xBAD1B000 \SystemRoot\system32\DRIVERS\update.sys
0xF792B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7567000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A03000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7937000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF77EF000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0xF7557000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF798D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7A9E000 \SystemRoot\System32\Drivers\Null.SYS
0xF7991000 \SystemRoot\System32\Drivers\Beep.SYS
0xF781F000 \SystemRoot\System32\drivers\vga.sys
0xBACD5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF7995000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7747000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7767000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBAFD8000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xBACA2000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xBAC4A000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBAC29000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBAC01000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF77AF000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xBABDF000 \SystemRoot\System32\drivers\afd.sys
0xF7527000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBABB3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBAB44000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBADE0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBADD0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF7507000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBADB8000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xBAD63000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBAB04000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79A3000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF77D7000 \SystemRoot\System32\watchdog.sys
0xBAD17000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF9C1000 \SystemRoot\System32\drivers\dxg.sys
0xBACED000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA7AC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBA4F1000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA2D0000 \??\C:\DOCUME~1\OVER90~1\LOCALS~1\Temp\awxiipod.sy s
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 16):
0 System Idle Process
4 System
376 C:\WINDOWS\system32\smss.exe
432 csrss.exe
456 C:\WINDOWS\system32\winlogon.exe
500 C:\WINDOWS\system32\services.exe
512 C:\WINDOWS\system32\lsass.exe
664 C:\WINDOWS\system32\svchost.exe
712 svchost.exe
796 C:\WINDOWS\system32\svchost.exe
828 svchost.exe
940 svchost.exe
1196 C:\WINDOWS\explorer.exe
968 C:\Program Files\Mozilla Firefox\firefox.exe
1368 C:\Program Files\Mozilla Firefox\plugin-container.exe
1968 C:\Documents and Settings\Over 9000\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200AAKS-00B3A0, Rev: 01.03A01

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

#4 - DDS

.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Over 9000 at 17:13:53.50 on Sun 05/15/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1543 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Over 9000\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Adobe Reader Speed Launcher] c:\documents and settings\over 9000\application data\microsoft\services977.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.e xe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.ex e" -launchedbylogin
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe Reader Speed Launcher] c:\documents and settings\over 9000\application data\microsoft\services977.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup \hpbutt~1.lnk - c:\program files\hp button manager\BM.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Notify: AtiExtEvent - Ati2evxx.dll
mASetup: {01DF3AE3-2FA2-A163-EAD0-E9F93E0BFCDD} - c:\documents and settings\over 9000\application data\titanbot.exe
uASetup: {01DF3AE3-2FA2-A163-EAD0-E9F93E0BFCDD} - c:\documents and settings\over 9000\application data\titanbot.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\over90~1\applic~1\mozilla\firefox\prof iles\muqds8cm.default\
FF - plugin: c:\program files\tabletplugins\npwacom.dll
.
============= SERVICES / DRIVERS ===============
.
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.s ys [2011-5-12 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-12 307928]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2011-5-12 19544]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-12 42184]
S2 MAudioUSBService;M-Audio USB Installer;c:\program files\m-audio\fast track pro\MAUSBInst.exe [2011-3-5 49152]
S2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-5-12 4869488]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-5-12 416112]
S2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2011-5-1 104960]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilte r.sys [2011-5-1 14336]
S3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);c:\windows\system32\drivers\mausb.sys [2011-5-1 102528]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.s ys [2011-5-1 16168]
.
=============== Created Last 30 ================
.
2011-05-12 21:34:18 642928 ----a-w- c:\windows\system32\Pen_Touch_Tablet.dll
2011-05-12 08:09:09 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-12 08:08:36 40112 ----a-w- c:\windows\avastSS.scr
2011-05-12 08:08:13 -------- d-----w- c:\program files\AVAST Software
2011-05-12 08:08:13 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\AVAST Software
2011-05-12 05:15:15 94208 --sh--r- c:\docume~1\over90~1\applic~1\microsoft\services97 7.exe
2011-05-10 21:10:50 -------- d-----w- c:\docume~1\over90~1\applic~1\WinDir
2011-05-08 22:41:04 -------- d-----w- c:\docume~1\over90~1\locals~1\applic~1\Identities
2011-05-07 22:37:15 -------- d-----w- c:\docume~1\over90~1\applic~1\tidysongs15.27F6A35B 76E5883BF9E6FEE514586561E60595CA.1
2011-05-07 22:37:08 -------- d-----w- c:\program files\TidySongs
2011-05-07 21:57:28 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-05-07 21:57:27 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-05-07 14:33:52 -------- d-----w- c:\docume~1\over90~1\applic~1\Juce VST Host
2011-05-02 14

03 -------- d-----w- c:\program files\Portal
2011-05-02 05:03:31 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-05-02 05:00:49 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-05-02 05:00:49 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-05-02 04:58:49 -------- d-----w- c:\program files\HP
2011-05-02 04:58:20 51088 ----a-w- c:\windows\system32\drivers\hpzid412.sys
2011-05-02 04:58:20 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2011-05-02 04:58:20 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2011-05-02 04:58:18 90112 ----a-w- c:\windows\system32\hpovst08.dll
2011-05-02 04:58:18 581632 ----a-w- c:\windows\system32\hpotscl.dll
2011-05-02 04:58:18 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
2011-05-02 04:58:18 270336 ----a-w- c:\windows\system32\HPZc3212.dll
2011-05-02 04:58:14 135249 ----a-w- c:\windows\system32\hpzlnt10.dll
2011-05-02 04:58:13 344064 ----a-w- c:\windows\system32\hpzcon10.dll
2011-05-02 04:58:13 196608 ----a-w- c:\windows\system32\hpzcoi10.dll
2011-05-02 01:32:45 -------- d-sh--w- c:\documents and settings\over 9000\IETldCache
2011-05-02 00:37:20 1332224 ----a-w- c:\windows\system32\SYNSOEMU.DLL
2011-05-02 00:36:39 2240 ----a-w- c:\windows\LENDIG.sys
2011-05-02 00:27:02 -------- d-----w- c:\docume~1\over90~1\locals~1\applic~1\Native Instruments
2011-05-02 00:26:41 -------- d-----w- c:\program files\Native Instruments
2011-05-02 00:09:19 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2011-05-02 00:08:32 -------- dc-h--w- c:\windows\ie8
2011-05-02 00:07:40 225280 ----a-w- c:\windows\system32\rewire.dll
2011-05-02 00:07:39 -------- d-----w- c:\docume~1\over90~1\locals~1\applic~1\OpenCandy
2011-05-02 00:07:38 -------- d-----w- c:\docume~1\over90~1\applic~1\OpenCandy
2011-05-02 00:07:32 1554944 ----a-w- c:\windows\system32\vorbis.acm
2011-05-02 00:07:26 -------- d-----w- c:\program files\VstPlugins
2011-05-02 00:07:25 -------- d-----w- c:\program files\Outsim
2011-05-02 00:06:07 -------- d-----w- c:\program files\Image-Line
2011-05-01 23:31:44 -------- d-----w- c:\program files\VideoLAN
2011-05-01 23:30:36 -------- d-----w- c:\program files\Conduit
2011-05-01 23:30:36 -------- d-----w- c:\docume~1\over90~1\locals~1\applic~1\uTorrentBar
2011-05-01 23:30:36 -------- d-----w- c:\docume~1\over90~1\locals~1\applic~1\Conduit
2011-05-01 23:30:35 -------- d-----w- c:\program files\ConduitEngine
2011-05-01 23:30:35 -------- d-----w- c:\docume~1\over90~1\locals~1\applic~1\ConduitEngi ne
2011-05-01 23:30:33 -------- d-----w- c:\program files\uTorrentBar
2011-05-01 23:30:33 -------- d-----w- c:\docume~1\over90~1\locals~1\applic~1\Temp
2011-05-01 23:30:26 -------- d-----w- c:\program files\uTorrent
2011-05-01 23:25:04 -------- d-----w- c:\program files\HP Button Manager
2011-05-01 23:24:52 -------- d-----w- c:\docume~1\over90~1\locals~1\applic~1\ArcSoft
2011-05-01 23:24:11 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\ArcSoft
2011-05-01 23:23:39 245408 ----a-w- c:\windows\system32\unicows.dll
2011-05-01 23:23:38 212480 ----a-w- c:\windows\system32\PCDLIB32.DLL
2011-05-01 23:23:33 55808 ----a-w- c:\windows\system32\ArcSoftKsUFilter.dll
2011-05-01 23:23:33 14336 ----a-w- c:\windows\system32\drivers\ArcSoftKsUFilter.sys
2011-05-01 23:23:10 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-05-01 23:23:10 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-05-01 23:23:10 225280 ------w- c:\program files\common files\installshield\iscript\iscript.dll
2011-05-01 23:23:10 176128 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-05-01 23:23:03 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2011-05-01 23:03:27 -------- d-----w- c:\program files\iPod
2011-05-01 23:03:25 -------- d-----w- c:\program files\iTunes
2011-05-01 23:01:46 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-05-01 23:01:46 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-05-01 23:01:46 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-05-01 23:01:46 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-05-01 23:01:46 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-05-01 23:01:46 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-05-01 23:01:46 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-05-01 23:00:39 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-01 23:00:39 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-01 22:59:50 -------- d-----w- c:\program files\Bonjour
2011-05-01 22

04 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-01 22

04 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-05-01 22:55:31 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-05-01 22:54:51 -------- d-----w- c:\docume~1\over90~1\locals~1\applic~1\Apple
2011-05-01 22:53:33 -------- d-----w- c:\docume~1\over90~1\locals~1\applic~1\Apple Computer
2011-05-01 22:52:51 -------- d-----w- c:\docume~1\over90~1\applic~1\Malwarebytes
2011-05-01 22:52:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-01 22:52:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-01 22:52:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-01 22:52:43 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2011-05-01 22:51:56 30512 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.d ll
2011-05-01 22:51:56 30512 ----a-w- c:\windows\system32\mdimon.dll
2011-05-01 22:49:12 -------- d-----w- c:\docume~1\over90~1\locals~1\applic~1\Microsoft Help
2011-05-01 22:43:17 -------- d-----w- c:\docume~1\over90~1\applic~1\WTablet
2011-05-01 22:43:12 -------- d-----w- c:\docume~1\over90~1\applic~1\WTouch
2011-05-01 22:43:11 245032 ------w- c:\windows\system32\Touch_Tablet.dll
2011-05-01 22:43:07 -------- d-----w- c:\program files\WTouch
2011-05-01 22:43:03 -------- d-----w- c:\program files\TabletPlugins
2011-05-01 22:42:25 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2011-05-01 22:42:17 14120 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2011-05-01 22:42:16 16168 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2011-05-01 22:42:12 506736 ----a-w- c:\windows\system32\Wintab32.dll
2011-05-01 22:42:11 650096 ----a-w- c:\windows\system32\Pen_Tablet.dll
2011-05-01 22:42:08 4497704 ------w- c:\windows\system32\Pen_Tablet.exe
2011-05-01 22:42:02 -------- d-----w- c:\program files\Tablet
2011-05-01 22:36:22 91136 ----a-w- c:\windows\system32\M-AudioTaskBarIcon.exe
2011-05-01 22:36:22 2382710 ----a-w- c:\windows\system32\madiousb.dll
2011-05-01 22:36:22 18944 ----a-w- c:\windows\system32\mausbasio.dll
2011-05-01 22:36:22 172032 ----a-w- c:\windows\system32\M-AudioFastTrackProControlPanelApplet.cpl
2011-05-01 22:36:22 102528 ----a-w- c:\windows\system32\drivers\mausb.sys
2011-05-01 22:35:55 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\int el32\iKernel.dll
2011-05-01 22:35:55 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\int el32\ctor.dll
2011-05-01 22:35:55 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\int el32\DotNetInstaller.exe
2011-05-01 22:35:55 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps. dll
2011-05-01 22:35:55 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\int el32\iscript.dll
2011-05-01 22:35:55 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\int el32\iuser.dll
2011-05-01 22:35:54 323716 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\int el32\setup.dll
2011-05-01 22:35:54 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\int el32\iGdi.dll
2011-05-01 22:26:05 -------- d-----w- c:\docume~1\over90~1\locals~1\applic~1\WMTools Downloaded Files
2011-05-01 22:03:36 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2011-05-01 22:03:36 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-05-01 21:04:07 -------- d-s---w- c:\documents and settings\over 9000\UserData
2011-05-01 20:13:59 -------- d-----w- c:\docume~1\over90~1\locals~1\applic~1\AIM
2011-05-01 19:57:11 516096 ------w- c:\windows\system32\ati2sgag.exe
2011-05-01 19:49:27 -------- d-----w- c:\docume~1\over90~1\locals~1\applic~1\Mozilla
2011-05-01 19:48:10 -------- d-----w- c:\docume~1\over90~1\applic~1\uTorrent
2011-05-01 19:43:22 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\regid.1986-12.com.adobe
2011-05-01 19:42:44 911800 ----a-w- c:\windows\system32\amtlib.dll
2011-05-01 19:34:36 -------- d-----w- c:\docume~1\over90~1\locals~1\applic~1\Adobe
2011-05-01 19:27:30 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2011-05-01 19:26:59 44544 -c--a-w- c:\windows\system32\dllcache\nsepm.dll
2011-05-01 19:25:59 7168 -c--a-w- c:\windows\system32\dllcache\f3ahvoas.dll
2011-05-01 19:23:32 -------- d-sh--w- c:\documents and settings\all users.windows\DRM
2011-05-01 19

57 6656 -c--a-w- c:\windows\system32\dllcache\wuauserv.dll
2011-05-01 19:20:37 5632 -c--a-w- c:\windows\system32\dllcache\write.exe
2011-05-01 19:19:51 68608 ----a-w- c:\windows\system32\access.cpl
2011-05-01 15:12:32 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2011-05-01 15:11:59 142464 ----a-w- c:\windows\system32\drivers\aec.sys
2011-05-01 15:11:57 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2011-05-01 15:11:55 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2011-05-01 15:11:50 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2011-05-01 15:11:08 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-05-01 15:11:06 90624 ----a-w- c:\windows\system32\kswdmcap.ax
2011-05-01 15:11:06 28672 ----a-w- c:\windows\system32\vidcap.ax
2011-05-01 15:11:05 78464 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-05-01 15:11:05 61952 ----a-w- c:\windows\system32\kstvtune.ax
2011-05-01 15:11:05 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-05-01 15:11:05 43008 ----a-w- c:\windows\system32\ksxbar.ax
2011-05-01 15:11:05 20992 ----a-w- c:\windows\system32\dshowext.ax
2011-05-01 15:10:51 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-05-01 15:10:13 57472 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-05-01 15:10:05 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2011-05-01 15:09:35 60288 -c--a-w- c:\windows\system32\dllcache\drmk.sys
2011-05-01 15:09:35 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
2011-05-01 15:09:35 4096 ----a-w- c:\windows\system32\ksuser.dll
2011-05-01 15:09:35 40704 ----a-w- c:\windows\system32\drivers\es1371mp.sys
2011-05-01 15:09:35 145792 -c--a-w- c:\windows\system32\dllcache\portcls.sys
2011-05-01 15:09:35 145792 ----a-w- c:\windows\system32\drivers\portcls.sys
2011-05-01 15:09:35 130048 ----a-w- c:\windows\system32\ksproxy.ax
2011-05-01 15:09:31 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2011-05-01 15:09:06 74240 ----a-w- c:\windows\system32\usbui.dll
2011-05-01 15:05:56 -------- d-----r- c:\documents and settings\all users.windows\Documents
2011-05-01 15:05:52 13753 ----a-r- c:\windows\SET8.tmp
2011-05-01 15:05:49 1086058 ----a-r- c:\windows\SET4.tmp
2011-05-01 15:05:48 1042903 ----a-r- c:\windows\SET3.tmp
2011-04-30 01:02:14 -------- d--h--w- C:\$AVG
2011-04-29 23:43:22 -------- d-----w- c:\windows\system32\drivers\AVG
2011-04-22 06:12:56 -------- d-----w- c:\program files\Audacity
.
==================== Find3M ====================
.
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
============= FINISH: 17:14:18.37 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/1/2011 3:27:46 PM
System Uptime: 5/15/2011 1:24:20 PM (4 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Amberine M
Processor: AMD Athlon(tm) 64 Processor 3700+ | Socket 939 | 2188/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 147.178 GiB free.
D: is CDROM (CDFS)
E: is Removable
F: is Removable
G: is Removable
H: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\AWY0001\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\AWY0001\2&DABA3FF&0
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_1002&DEV_4372&SUBSYS_2A26103C&REV_11\3&61A AA01&0&A0
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_1002&DEV_4372&SUBSYS_2A26103C&REV_11\3&61A AA01&0&A0
Service:
.
==== System Restore Points ===================
.
RP1: 5/1/2011 3:30:48 PM - System Checkpoint
RP2: 5/1/2011 3:47:42 PM - Removed Adobe Community Help
RP3: 5/1/2011 6:36:21 PM - Installed Fast Track Pro
RP4: 5/1/2011 6:48:51 PM - Installed Microsoft Office Enterprise 2007
RP5: 5/1/2011 6:51:55 PM - Printer Driver Microsoft Office Document Image Writer Installed
RP6: 5/1/2011 6:55:27 PM - Installed iTunes
RP7: 5/1/2011 6:59:27 PM - Removed Apple Application Support
RP8: 5/1/2011 7:00:47 PM - Removed Apple Mobile Device Support
RP9: 5/1/2011 7:02:08 PM - Installed iTunes
RP10: 5/1/2011 7:23:28 PM - Installed Magic-i Visual Effects
RP11: 5/1/2011 7:24:19 PM - Installed HP Webcam User's Guide
RP12: 5/1/2011 7:24:29 PM - Installed WebCam Companion
RP13: 5/1/2011 7:24:55 PM - Installed HP Webcam Software Suite
RP14: 5/1/2011 7:25:03 PM - Installed HP Button Manager
RP15: 5/1/2011 7:25:15 PM - Installed Connect Service
RP16: 5/1/2011 8:09:22 PM - Installed Windows Internet Explorer 8.
RP17: 5/2/2011 9:00:04 AM - IDEAL COMPUTER
RP18: 5/4/2011 10:19:38 AM - System Checkpoint
RP19: 5/5/2011 12:46:45 PM - System Checkpoint
RP20: 5/6/2011 7:30:12 PM - System Checkpoint
RP21: 5/8/2011 12:18:10 PM - System Checkpoint
RP22: 5/10/2011 2:52:17 AM - System Checkpoint
RP23: 5/10/2011 5:11:46 PM - Restore Operation
RP24: 5/12/2011 12:25:01 PM - System Checkpoint
RP25: 5/13/2011 7:29:03 PM - System Checkpoint
RP26: 5/15/2011 11:29:04 AM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
AiO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 3
ASIO4ALL
ATI Control Panel
ATI Display Driver
avast! Free Antivirus
Bamboo
Bonjour
Conduit Engine
Fast Track Pro
FL Studio 9
Hardcore
HP Button Manager
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
HP Webcam User's Guide
IL Download Manager
iTunes
Lennar Digital Sylenth VSTi v1.2.1
Malwarebytes' Anti-Malware
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 4.0.1 (x86 en-US)
Native Instruments Absynth 4
Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS
Native Instruments Massive v1.0.1.008 VSTi DXi RTAS
PDF Settings CS5
PoiZone
QFolder
QuickTime
reFX Nexus VSTi RTAS v2.2.0
rgcAudio z3ta Plus v1.40
Sawer
Scan
TidySongs
Toxic Biohazard
uTorrentBar Toolbar
VLC media player 1.1.4
WebFldrs XP
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Internet Explorer 8
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
5/9/2011 11:31:50 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/9/2011 11:31:45 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
5/9/2011 11:31:43 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
5/9/2011 11:31:34 AM, error: Service Control Manager [7034] - The WTouch Service service terminated unexpectedly. It has done this 1 time(s).
5/9/2011 11:31:32 AM, error: Service Control Manager [7034] - The CamMonitor service terminated unexpectedly. It has done this 1 time(s).
5/9/2011 11:31:29 AM, error: Service Control Manager [7034] - The TabletServicePen service terminated unexpectedly. It has done this 1 time(s).
5/8/2011 3:32:04 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b59cdc4d, parameter3 b363b994, parameter4 00000000.
5/15/2011 12:37:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
5/15/2011 12:08:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi Fips Processor
5/12/2011 8:06:31 PM, error: Service Control Manager [7034] - The Wacom Consumer Touch Service service terminated unexpectedly. It has done this 1 time(s).
5/12/2011 4:08:48 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/12/2011 3:25:48 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/11/2011 4:04:41 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
5/10/2011 8:07:15 AM, error: Service Control Manager [7034] - The ArcSoft Connect Daemon service terminated unexpectedly. It has done this 1 time(s).
5/10/2011 4:11:49 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips Processor
5/10/2011 4:10:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/10/2011 1:42:44 AM, error: Dhcp [1002] - The IP address lease 10.0.0.2 for the Network Card with network address 0015F249D9AB has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

**broni** · 16-05-2011

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================== ================================

First of all, please, disconnect your external drive an do NOT connect it back until I tell you, it's safe to do so.

Secondly, don't wrap logs in quotes, nor use a different font.

Now....

Download Bootkit Remover to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: 7-Zip
After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
It will show a Black screen with some data on it.
Right click on the screen and click Select All.
Press CTRL+C
Open a Notepad and press CTRL+V
Post the output back here.

================================================== ===============

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**TheTopPro** · 16-05-2011

Thank you for answering so soon Sir =]

I have completed the first step - Bookit Remover.
Waiting to post logs until all procedures have been completed.

I had a question regarding ComboFix.

I had to run it in Safe Mode because it wouldn't normally start.
In safe mode, I checked command prompt and no AVAST services were running.

After double clicking Combofix.exe on my desktop, it ran. and gave me a warning saying -
"You have an active real time protection running
-Avast
Disable it and click OK"
I double clicked on my Avast desktop shortcut, checked to see that all the protection was disabled (It already was, I'm in safe mode for christs sake)
Anyways, after checking that it was OFF and disabled. I clicked OK and a warning popped up saying.
"Your real time protection is still on, keep in mind that proceeding will be at your own risk"

At this point I got kinda worried, because this program constantly made my internal CPU beep at every popup, and to me - computer beeping is serious business and should not be ****ed around with.

Should I uninstall Avast if it's acting this way?

In addition, every time I boot my computer normally, AVAST seems to catch the following processes
File: C:\Documents and Settings\Over 9000\...\tmp_9201.exe
Origin:
Opened by: C:\Documents and Settings\Over 9000\...\services977.exe

It gets about 5 of those I have to choose "CANCEL OPENING" on every one.
They always have the same letters in the names but different numbers.
(Naturally I always try to hunt detected files down but even following the full address of the files and searching for them - I cannot find them on my computer)

And of course, thank you Very much for helping me, I appreciate it.

**broni** · 16-05-2011

You're very welcome

Running Combofix from safe mode is fine, if it doesn't want to run from normal mode.
Leave Avast alone.

All I need now, is to see those logs.

**TheTopPro** · 16-05-2011

Bootkit Remover
(c) 2009 eSage Lab
eSage Lab - Digital security research and consulting - Main

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;
Press any key to quit...

So its okay to go on with the Combo Fix scan even if it tells me that my anti-virus is still on?
Does running in safe mode disable anti-virus programs?
Your instructions told me I should have them off, I turn them off to my best knowledge but ComboFix says I still haven't. . . Thats why I'm worried.

**broni** · 16-05-2011

Run Combofix from safe mode and disregard any Combofix warnings.

**TheTopPro** · 17-05-2011

Yes sir.

ComboFix 11-05-16.02 - Over 9000 05/16/2011 18:59:40.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1730 [GMT -4:00]
Running from: c:\documents and settings\Over 9000\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Over 9000\Application Data\Microsoft\services977.exe
c:\documents and settings\Over 9000\Local Settings\Temporary Internet Files\tmp_1118.exe
c:\documents and settings\Over 9000\Local Settings\Temporary Internet Files\tmp_1321.exe
c:\documents and settings\Over 9000\Local Settings\Temporary Internet Files\tmp_2178.exe
c:\documents and settings\Over 9000\Local Settings\Temporary Internet Files\tmp_2987.exe
c:\documents and settings\Over 9000\Local Settings\Temporary Internet Files\tmp_5933.exe
c:\documents and settings\Over 9000\Local Settings\Temporary Internet Files\tmp_6004.exe
c:\documents and settings\Over 9000\Local Settings\Temporary Internet Files\tmp_6148.exe
c:\documents and settings\Over 9000\Local Settings\Temporary Internet Files\tmp_6505.exe
c:\documents and settings\Over 9000\Local Settings\Temporary Internet Files\tmp_6639.exe
c:\documents and settings\Over 9000\Local Settings\Temporary Internet Files\tmp_6770.exe
c:\documents and settings\Over 9000\Local Settings\Temporary Internet Files\tmp_7434.exe
c:\documents and settings\Over 9000\Local Settings\Temporary Internet Files\tmp_7649.exe
c:\documents and settings\Over 9000\Local Settings\Temporary Internet Files\tmp_7966.exe
c:\documents and settings\Over 9000\Local Settings\Temporary Internet Files\tmp_8567.exe
c:\documents and settings\Over 9000\Local Settings\Temporary Internet Files\tmp_8755.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-16 to 2011-05-16 )))))))))))))))))))))))))))))))
.
.
2011-05-12 21:34 . 2010-10-21 13:38 642928 ----a-w- c:\windows\system32\Pen_Touch_Tablet.dll
2011-05-12 08:09 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-12 08:09 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-12 08:09 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-12 08:09 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-12 08:09 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-12 08:09 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-12 08:09 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-12 08:09 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-12 08:08 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-12 08:08 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-12 08:08 . 2011-05-12 08:08 -------- d-----w- c:\program files\AVAST Software
2011-05-07 22:37 . 2011-05-07 22:37 -------- d-----w- c:\program files\TidySongs
2011-05-07 21:57 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-05-07 21:57 . 2004-08-04 04:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-05-02 14:21 . 2011-05-02 14:21 -------- d-----w- c:\program files\Portal
2011-05-02 05:03 . 2011-05-02 05:03 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2011-05-02 05:00 . 2004-08-04 02:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-05-02 05:00 . 2004-08-04 02:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-05-02 04:58 . 2011-05-02 04:58 -------- d-----w- c:\program files\HP
2011-05-02 04:58 . 2004-06-22 15:05 51088 ----a-w- c:\windows\system32\drivers\hpzid412.sys
2011-05-02 04:58 . 2004-06-22 15:05 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2011-05-02 04:58 . 2004-06-22 15:05 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2011-05-02 04:58 . 2004-06-22 15:05 90112 ----a-w- c:\windows\system32\hpovst08.dll
2011-05-02 04:58 . 2004-06-22 15:05 581632 ----a-w- c:\windows\system32\hpotscl.dll
2011-05-02 04:58 . 2004-06-22 15:05 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
2011-05-02 04:58 . 2004-06-22 15:04 270336 ----a-w- c:\windows\system32\HPZc3212.dll
2011-05-02 04:58 . 2004-06-22 15:05 135249 ----a-w- c:\windows\system32\hpzlnt10.dll
2011-05-02 04:58 . 2004-06-22 15:05 196608 ----a-w- c:\windows\system32\hpzcoi10.dll
2011-05-02 04:58 . 2004-06-22 15:05 344064 ----a-w- c:\windows\system32\hpzcon10.dll
2011-05-02 00:37 . 2009-10-25 01:15 1332224 ----a-w- c:\windows\system32\SYNSOEMU.DLL
2011-05-02 00:36 . 2006-09-14 05:21 2240 ----a-w- c:\windows\LENDIG.sys
2011-05-02 00:26 . 2011-05-02 00:39 -------- d-----w- c:\program files\Native Instruments
2011-05-02 00:09 . 2009-01-07 22:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2011-05-02 00:08 . 2011-05-02 00:09 -------- dc-h--w- c:\windows\ie8
2011-05-02 00:07 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2011-05-02 00:07 . 2009-08-02 20:09 1554944 ----a-w- c:\windows\system32\vorbis.acm
2011-05-02 00:07 . 2011-05-02 01:34 -------- d-----w- c:\program files\VstPlugins
2011-05-02 00:07 . 2011-05-02 00:07 -------- d-----w- c:\program files\Outsim
2011-05-02 00:06 . 2011-05-02 00:07 -------- d-----w- c:\program files\Image-Line
2011-05-01 23:31 . 2011-05-01 23:31 -------- d-----w- c:\program files\VideoLAN
2011-05-01 23:30 . 2011-05-01 23:30 -------- d-----w- c:\program files\Conduit
2011-05-01 23:30 . 2011-05-02 12:55 -------- d-----w- c:\program files\uTorrent
2011-05-01 23:25 . 2011-05-01 23:25 -------- d-----w- c:\program files\HP Button Manager
2011-05-01 23:23 . 2005-04-27 20:36 245408 ----a-w- c:\windows\system32\unicows.dll
2011-05-01 23:23 . 1995-07-31 17:44 212480 ----a-w- c:\windows\system32\PCDLIB32.DLL
2011-05-01 23:23 . 2008-04-26 01:06 55808 ----a-w- c:\windows\system32\ArcSoftKsUFilter.dll
2011-05-01 23:23 . 2008-04-25 09:06 14336 ----a-w- c:\windows\system32\drivers\ArcSoftKsUFilter.sys
2011-05-01 23:23 . 2011-05-01 23:23 -------- d-----w- c:\program files\Common Files\ArcSoft
2011-05-01 23:23 . 2011-05-01 23:24 -------- d-----w- c:\program files\ArcSoft
2011-05-01 23:03 . 2011-05-01 23:03 -------- d-----w- c:\program files\iPod
2011-05-01 23:03 . 2011-05-01 23:04 -------- d-----w- c:\program files\iTunes
2011-05-01 23:01 . 2011-05-01 23:01 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-05-01 23:01 . 2011-05-01 23:01 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-05-01 23:01 . 2011-05-01 23:01 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-05-01 23:01 . 2011-05-01 23:01 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-05-01 23:01 . 2011-05-01 23:01 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-05-01 23:01 . 2011-05-01 23:01 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-05-01 23:01 . 2011-05-01 23:01 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-05-01 23:01 . 2011-05-01 23:01 -------- d-----w- c:\program files\QuickTime
2011-05-01 23:00 . 2011-02-18 20:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-01 23:00 . 2011-02-18 20:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-01 22:59 . 2011-05-01 22:59 -------- d-----w- c:\program files\Bonjour
2011-05-01 22:56 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-01 22:56 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-05-01 22:54 . 2011-05-01 22:54 -------- d-----w- c:\program files\Apple Software Update
2011-05-01 22:54 . 2011-05-01 23:03 -------- d-----w- c:\program files\Common Files\Apple
2011-05-01 22:52 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-01 22:52 . 2011-05-12 08:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-01 22:52 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-01 22:51 . 2006-10-26 23:58 30512 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.d ll
2011-05-01 22:51 . 2006-10-26 23:58 30512 ----a-w- c:\windows\system32\mdimon.dll
2011-05-01 22:51 . 2011-05-01 22:51 -------- d-----w- c:\program files\Microsoft Works
2011-05-01 22:43 . 2009-11-24 00:53 245032 ------w- c:\windows\system32\Touch_Tablet.dll
2011-05-01 22:43 . 2011-05-12 21:34 -------- d-----w- c:\program files\WTouch
2011-05-01 22:42 . 2007-02-16 19:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2011-05-01 22:42 . 2010-10-05 17:26 14120 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2011-05-01 22:42 . 2009-08-27 23:06 16168 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2011-05-01 22:42 . 2010-10-21 13:38 506736 ----a-w- c:\windows\system32\Wintab32.dll
2011-05-01 22:42 . 2010-10-21 13:38 650096 ----a-w- c:\windows\system32\Pen_Tablet.dll
2011-05-01 22:42 . 2009-11-24 00:53 4497704 ------w- c:\windows\system32\Pen_Tablet.exe
2011-05-01 22:42 . 2011-05-12 21:34 -------- d-----w- c:\program files\Tablet
2011-05-01 22:36 . 2005-12-13 15:55 2382710 ----a-w- c:\windows\system32\madiousb.dll
2011-05-01 22:36 . 2005-12-13 15:40 18944 ----a-w- c:\windows\system32\mausbasio.dll
2011-05-01 22:36 . 2005-12-13 15:39 102528 ----a-w- c:\windows\system32\drivers\mausb.sys
2011-05-01 22:36 . 2005-12-13 15:39 172032 ----a-w- c:\windows\system32\M-AudioFastTrackProControlPanelApplet.cpl
2011-05-01 22:36 . 2005-12-13 14:39 91136 ----a-w- c:\windows\system32\M-AudioTaskBarIcon.exe
2011-05-01 22:35 . 2011-05-01 23:23 -------- d-----w- c:\program files\Common Files\InstallShield
2011-05-01 22:03 . 2001-08-17 17:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2011-05-01 22:03 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-05-01 19:57 . 2005-08-14 01:05 516096 ------w- c:\windows\system32\ati2sgag.exe
2011-05-01 19:42 . 2010-04-30 19:28 911800 ----a-w- c:\windows\system32\amtlib.dll
2011-05-01 19:39 . 2011-05-01 19:39 -------- d-----w- c:\program files\Adobe Media Player
2011-05-01 19:30 . 2011-05-16 03:54 -------- d-----w- c:\documents and settings\Over 9000
2011-05-01 19:29 . 2011-05-01 19:29 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY
2011-05-01 19:28 . 2011-05-01 19:28 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY
2011-05-01 19:26 . 2004-08-04 12:00 44544 -c--a-w- c:\windows\system32\dllcache\nsepm.dll
2011-05-01 19:25 . 2004-08-04 12:00 7168 -c--a-w- c:\windows\system32\dllcache\f3ahvoas.dll
2011-05-01 19:21 . 2004-08-04 12:00 6656 -c--a-w- c:\windows\system32\dllcache\wuauserv.dll
2011-05-01 19:20 . 2004-08-04 12:00 5632 -c--a-w- c:\windows\system32\dllcache\write.exe
2011-05-01 19:19 . 2004-08-04 12:00 68608 ----a-w- c:\windows\system32\access.cpl
2011-05-01 15:12 . 2004-08-03 22:58 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2011-05-01 15:11 . 2004-08-03 22:39 142464 ----a-w- c:\windows\system32\drivers\aec.sys
2011-05-01 15:11 . 2004-08-03 23:10 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2011-05-01 15:11 . 2004-08-03 23:10 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2011-05-01 15:11 . 2001-08-17 13:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2011-05-01 15:11 . 2004-08-03 23:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-05-01 15:11 . 2004-08-04 00:56 90624 ----a-w- c:\windows\system32\kswdmcap.ax
2011-05-01 15:11 . 2004-08-04 00:56 28672 ----a-w- c:\windows\system32\vidcap.ax
2011-05-01 15:11 . 2004-08-04 00:56 61952 ----a-w- c:\windows\system32\kstvtune.ax
2011-05-01 15:11 . 2004-08-04 00:56 43008 ----a-w- c:\windows\system32\ksxbar.ax
2011-05-01 15:11 . 2004-08-04 00:56 20992 ----a-w- c:\windows\system32\dshowext.ax
2011-05-01 15:11 . 2004-08-04 00:56 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-05-01 15:11 . 2004-08-03 23:10 78464 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-05-01 15:10 . 2004-08-03 23:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-05-01 15:10 . 2004-08-03 22:59 57472 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-05-01 15:10 . 2004-08-03 22:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2011-05-01 15:09 . 2004-08-04 03:15 145792 -c--a-w- c:\windows\system32\dllcache\portcls.sys
2011-05-01 15:09 . 2004-08-04 03:15 145792 ----a-w- c:\windows\system32\drivers\portcls.sys
2011-05-01 15:09 . 2004-08-04 03:08 60288 -c--a-w- c:\windows\system32\dllcache\drmk.sys
2011-05-01 15:09 . 2004-08-04 03:08 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
2011-05-01 15:09 . 2004-08-04 00:56 130048 ----a-w- c:\windows\system32\ksproxy.ax
2011-05-01 15:09 . 2004-08-04 00:56 4096 ----a-w- c:\windows\system32\ksuser.dll
2011-05-01 15:09 . 2001-08-17 12:19 40704 ----a-w- c:\windows\system32\drivers\es1371mp.sys
2011-05-01 15:09 . 2001-08-17 13:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-14 16:26 . 2011-05-01 22:39 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 17:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 17:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.ex e" [2010-02-22 406992]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-14 344064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Button Manager.lnk - c:\program files\HP Button Manager\BM.exe [2011-5-1 266240]
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.s ys [5/12/2011 4:09 AM 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/12/2011 4:09 AM 307928]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [5/12/2011 4:09 AM 19544]
S2 MAudioUSBService;M-Audio USB Installer;c:\program files\M-Audio\Fast Track Pro\MAUSBInst.exe [3/5/2011 7:28 PM 49152]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [5/12/2011 5:33 PM 4869488]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [5/12/2011 5:34 PM 416112]
S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [5/1/2011 7:23 PM 104960]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilte r.sys [5/1/2011 7:23 PM 14336]
S3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);c:\windows\system32\drivers\mausb.sys [5/1/2011 6:36 PM 102528]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.s ys [5/1/2011 6:42 PM 16168]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-10 c:\windows\Tasks\AdobeAAMUpdater-1.0-VLAD-65BEF05E72-Over 9000.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.e xe [2011-05-01 07:44]
.
2011-05-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Over 9000\Application Data\Mozilla\Firefox\Profiles\muqds8cm.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_ActiveSetup-{01DF3AE3-2FA2-A163-EAD0-E9F93E0BFCDD} - c:\documents and settings\Over 9000\Application Data\titanbot.exe
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-16 19:02
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(448)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-05-16 19:03:57
ComboFix-quarantined-files.txt 2011-05-16 23:03
.
Pre-Run: 158,452,482,048 bytes free
Post-Run: 163,791,335,424 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 579C534088092405F1D6E2246D6B8A79

**broni** · 17-05-2011

It looks good now.

How is computer doing?

Feel free to reinstall Avast now, if you uninstalled it.

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

**TheTopPro** · 17-05-2011

It's already running faster and better. Here is the first log. OTL.txt

OTL logfile created on: 5/17/2011 12:17:43 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Over 9000\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 152.55 Gb Free Space | 51.18% Space Free | Partition Type: NTFS
Drive D: | 404.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: VLAD-65BEF05E72 | User Name: Over 9000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/17 00:14:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Over 9000\Desktop\OTL.exe
PRC - [2011/05/10 08:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/10/21 09:38:32 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe
PRC - [2010/10/21 09:38:32 | 002,953,584 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
PRC - [2010/10/21 09:38:32 | 001,153,392 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
PRC - [2010/10/21 09:38:32 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/02/22 17:30:52 | 000,266,240 | ---- | M] () -- C:\Program Files\HP Button Manager\BM.exe
PRC - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2005/12/02 10:20:46 | 000,049,152 | ---- | M] (M-Audio) -- C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
PRC - [2004/08/04 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/05/17 00:14:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Over 9000\Desktop\OTL.exe
MOD - [2011/05/10 08:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2004/08/04 08:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/10/21 09:38:32 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2010/10/21 09:38:32 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2005/12/02 10:20:46 | 000,049,152 | ---- | M] (M-Audio) [Auto | Running] -- C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe -- (MAudioUSBService)

========== Driver Services (SafeList) ==========

DRV - [2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 08:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 07:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/10/05 13:26:00 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/08/27 19:06:32 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/04/25 05:06:44 | 000,014,336 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007/02/16 15:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2005/12/13 11:39:54 | 000,102,528 | ---- | M] (Midiman/M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mausb.sys -- (MAUSB) Service for M-Audio Fast Track Pro Driver (WDM)
DRV - [2005/08/13 21:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 08:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-343818398-1715567821-839522115-1003\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-343818398-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-343818398-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avas t.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/12 04:08:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 19:01:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/01 15:49:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Over 9000\Application Data\Mozilla\Extensions
[2011/05/01 19:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Over 9000\Application Data\Mozilla\Firefox\Profiles\muqds8cm.default\ext ensions
[2011/05/01 19:30:32 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Over 9000\Application Data\Mozilla\Firefox\Profiles\muqds8cm.default\ext ensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/05/01 19:30:33 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Over 9000\Application Data\Mozilla\Firefox\Profiles\muqds8cm.default\ext ensions\engine@conduit.com
[2011/05/01 18:39:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/05/12 04:08:42 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/16 19:02:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.ex e (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Button Manager.lnk = C:\Program Files\HP Button Manager\BM.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-1715567821-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-343818398-1715567821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-343818398-1715567821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-343818398-1715567821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/12 19:00:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/11/25 10:05:10 | 000,000,046 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/17 00:14:04 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Over 9000\Desktop\OTL.exe
[2011/05/16 19:03:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/16 18:58:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/16 18:54:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/16 18:54:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/16 18:54:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/16 18:54:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/16 18:53:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/16 01:38:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/16 01:15:18 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Documents and Settings\Over 9000\Desktop\remover.exe
[2011/05/15 23:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SSScanAppDataDir
[2011/05/15 23:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MSScanAppDataDir
[2011/05/15 08

13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Application Data\vlc
[2011/05/12 17:34:18 | 000,642,928 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Pen_Touch_Tablet.dll
[2011/05/12 17:34:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Bamboo
[2011/05/12 15:31:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\My Documents\WebCam Media
[2011/05/12 04:09:17 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/05/12 04:09:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\avast! Free Antivirus
[2011/05/12 04:09:16 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/12 04:09:11 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/12 04:09:10 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/12 04:09:09 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/12 04:09:07 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/12 04:09:07 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/12 04:09:02 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/12 04:08:36 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/05/12 04:08:35 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/12 04:08:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/12 04:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2011/05/10 17:10:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Application Data\WinDir
[2011/05/08 18:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Local Settings\Application Data\Identities
[2011/05/07 18:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Application Data\tidysongs15.27F6A35B76E5883BF9E6FEE514586561E 60595CA.1
[2011/05/07 18:37:08 | 000,000,000 | ---D | C] -- C:\Program Files\TidySongs
[2011/05/07 10:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Application Data\Juce VST Host
[2011/05/07 10:22:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Over 9000\Start Menu\Programs\Administrative Tools
[2011/05/02 10

03 | 000,000,000 | ---D | C] -- C:\Program Files\Portal
[2011/05/02 01:03:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011/05/02 00:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/05/01 21:32:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Over 9000\IETldCache
[2011/05/01 20:40:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Start Menu\Programs\Native Instruments FM8
[2011/05/01 20:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Start Menu\Programs\rgcaudio software
[2011/05/01 20:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Start Menu\Programs\Native Instruments Massive
[2011/05/01 20:37:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\reFX
[2011/05/01 20:37:20 | 001,332,224 | ---- | C] (AD © 2009) -- C:\WINDOWS\System32\SYNSOEMU.DLL
[2011/05/01 20:36:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Start Menu\Programs\Lennar Digital Sylenth VSTi v1.2.1
[2011/05/01 20:32:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Start Menu\Programs\Native Instruments
[2011/05/01 20:27:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Local Settings\Application Data\Native Instruments
[2011/05/01 20:26:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\My Documents\Native Instruments
[2011/05/01 20:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2011/05/01 20:14:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Start Menu\Programs\ASIO4ALL v2
[2011/05/01 20:09:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/05/01 20:08:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/05/01 20:08:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/05/01 20:07:40 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\rewire.dll
[2011/05/01 20:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Local Settings\Application Data\OpenCandy
[2011/05/01 20:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Application Data\OpenCandy
[2011/05/01 20:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\My Documents\Image-Line
[2011/05/01 20:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Image-Line
[2011/05/01 20:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2011/05/01 20:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Start Menu\Programs\Image-Line
[2011/05/01 20:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim
[2011/05/01 20:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2011/05/01 19:32:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\VideoLAN
[2011/05/01 19:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/05/01 19:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Local Settings\Application Data\uTorrentBar
[2011/05/01 19:30:36 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/05/01 19:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Local Settings\Application Data\Conduit
[2011/05/01 19:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/05/01 19:30:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Local Settings\Application Data\ConduitEngine
[2011/05/01 19:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentBar
[2011/05/01 19:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Local Settings\Application Data\Temp
[2011/05/01 19:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/05/01 19:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\HP Button Manager
[2011/05/01 19:24:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Application Data\InstallShield
[2011/05/01 19:24:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Local Settings\Application Data\ArcSoft
[2011/05/01 19:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ArcSoft WebCam Companion 3
[2011/05/01 19:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ArcSoft Connect
[2011/05/01 19:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Application Data\ArcSoft
[2011/05/01 19:24:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ArcSoft
[2011/05/01 19:23:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ArcSoft Magic-i Visual Effects 2
[2011/05/01 19:23:38 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\System32\PCDLIB32.DLL
[2011/05/01 19:23:33 | 000,055,808 | ---- | C] (ArcSoft, Inc.) -- C:\WINDOWS\System32\ArcSoftKsUFilter.dll
[2011/05/01 19:23:33 | 000,014,336 | ---- | C] (ArcSoft, Inc.) -- C:\WINDOWS\System32\drivers\ArcSoftKsUFilter.sys
[2011/05/01 19:23:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2011/05/01 19:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2011/05/01 19:04:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\iTunes
[2011/05/01 19:03:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/01 19:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/01 19:01:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\QuickTime
[2011/05/01 19:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/05/01 18:59:50 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/01 18

14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Application Data\Apple Computer
[2011/05/01 18:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/05/01 18:54:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
[2011/05/01 18:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Local Settings\Application Data\Apple
[2011/05/01 18:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/05/01 18:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/05/01 18:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
[2011/05/01 18:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Local Settings\Application Data\Apple Computer
[2011/05/01 18:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Application Data\Malwarebytes
[2011/05/01 18:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/01 18:52:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/01 18:52:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/01 18:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/01 18:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2011/05/01 18:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Start Menu\Programs\WinRAR
[2011/05/01 18:51:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Office
[2011/05/01 18:51:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011/05/01 18:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011/05/01 18:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/05/01 18:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Local Settings\Application Data\Microsoft Help
[2011/05/01 18:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/05/01 18:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
[2011/05/01 18:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Application Data\WTablet
[2011/05/01 18:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Application Data\WTouch
[2011/05/01 18:43:11 | 000,245,032 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Touch_Tablet.dll
[2011/05/01 18:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\WTouch
[2011/05/01 18:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\TabletPlugins
[2011/05/01 18:42:25 | 000,011,312 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacommousefilter.sys
[2011/05/01 18:42:17 | 000,014,120 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacomvhid.sys
[2011/05/01 18:42:16 | 000,016,168 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacmoumonitor.sys
[2011/05/01 18:42:12 | 000,506,736 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wintab32.dll
[2011/05/01 18:42:11 | 000,650,096 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Pen_Tablet.dll
[2011/05/01 18:42:08 | 004,497,704 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Pen_Tablet.exe
[2011/05/01 18:42:02 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2011/05/01 18:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/05/01 18:36:22 | 002,382,710 | ---- | C] (Digidesign) -- C:\WINDOWS\System32\madiousb.dll
[2011/05/01 18:36:22 | 000,172,032 | ---- | C] (M-Audio, an Avid Technology, Inc. company) -- C:\WINDOWS\System32\M-AudioFastTrackProControlPanelApplet.cpl
[2011/05/01 18:36:22 | 000,102,528 | ---- | C] (Midiman/M-Audio) -- C:\WINDOWS\System32\drivers\mausb.sys
[2011/05/01 18:36:22 | 000,091,136 | ---- | C] (M-Audio, an Avid Technology, Inc. company) -- C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
[2011/05/01 18:36:22 | 000,018,944 | ---- | C] (Midiman/M-Audio) -- C:\WINDOWS\System32\mausbasio.dll
[2011/05/01 18:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\M-Audio
[2011/05/01 18:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/05/01 18:26:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Local Settings\Application Data\WMTools Downloaded Files
[2011/05/01 18:26:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Over 9000\My Documents\My Videos
[2011/05/01 18:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WinRAR
[2011/05/01 18:17:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Application Data\WinRAR
[2011/05/01 17:04:07 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Over 9000\UserData
[2011/05/01 16:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Application Data\acccore
[2011/05/01 16:13:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Local Settings\Application Data\AIM
[2011/05/01 16:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\My Documents\Documents
[2011/05/01 15

11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\My Documents\Downloads
[2011/05/01 15:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Local Settings\Application Data\Mozilla
[2011/05/01 15:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Application Data\Mozilla
[2011/05/01 15:48:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Application Data\uTorrent
[2011/05/01 15:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\regid.1986-12.com.adobe
[2011/05/01 15:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2011/05/01 15:39:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe
[2011/05/01 15:34:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Application Data\Macromedia
[2011/05/01 15:34:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
[2011/05/01 15:34:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Application Data\Adobe
[2011/05/01 15:34:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Local Settings\Application Data\Adobe
[2011/05/01 15:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Application Data\Identities
[2011/05/01 15:30:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Over 9000\My Documents\My Pictures
[2011/05/01 15:30:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Over 9000\My Documents\My Music
[2011/05/01 15:30:26 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Over 9000\Application Data\Microsoft
[2011/05/01 15:30:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Over 9000\SendTo
[2011/05/01 15:30:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Over 9000\Recent
[2011/05/01 15:30:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Over 9000\Application Data
[2011/05/01 15:30:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Over 9000\Start Menu\Programs\Startup
[2011/05/01 15:30:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Over 9000\Start Menu
[2011/05/01 15:30:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Over 9000\My Documents
[2011/05/01 15:30:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Over 9000\Favorites
[2011/05/01 15:30:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Over 9000\Start Menu\Programs\Accessories
[2011/05/01 15:30:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Over 9000\Cookies
[2011/05/01 15:30:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Over 9000\Templates
[2011/05/01 15:30:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Over 9000\PrintHood
[2011/05/01 15:30:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Over 9000\NetHood
[2011/05/01 15:30:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Over 9000\Local Settings
[2011/05/01 15:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Local Settings\Application Data\Microsoft
[2011/05/01 15:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Over 9000\Desktop
[2011/05/01 15:27:10 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/05/01 15:27:10 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/05/01 15:27:09 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/05/01 15:25:44 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/05/01 15:23:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS\DRM
[2011/05/01 15

35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Pictures
[2011/05/01 15

16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Games
[2011/05/01 15:20:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Administrative Tools
[2011/05/01 15:20:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Music
[2011/05/01 15:19:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Videos
[2011/05/01 15:17:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories
[2011/05/01 11:05:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
[2011/05/01 11:05:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu
[2011/05/01 11:05:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents
[2011/05/01 11:05:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Templates
[2011/05/01 11:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Favorites
[2011/05/01 11:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Desktop
[2011/05/01 11:05:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
[2011/05/01 11:05:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data
[2011/04/29 21:02:14 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/04/29 19:43:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/04/27 15:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/04/26 16:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/26 16:34:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/22 02:12:56 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/17 00:14:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Over 9000\Desktop\OTL.exe
[2011/05/17 00:08:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/16 19:02:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/16 18:58:09 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/16 18:53:48 | 004,349,551 | R--- | M] () -- C:\Documents and Settings\Over 9000\Desktop\ComboFix.exe
[2011/05/16 01:30:59 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Over 9000\Desktop\rkill.com
[2011/05/16 01:13:43 | 000,039,605 | ---- | M] () -- C:\Documents and Settings\Over 9000\Desktop\bootkit_remover.rar
[2011/05/15 08

02 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Over 9000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/15 08:39:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/12 15:24:28 | 000,000,468 | ---- | M] () -- C:\WINDOWS\System32\PenTouchTabletUserDefaults.xml
[2011/05/12 15:24:28 | 000,000,468 | ---- | M] () -- C:\WINDOWS\System32\PenTabletUserDefaults.xml
[2011/05/12 04:09:17 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2011/05/12 04:09:08 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/12 04:03:58 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/12 01:09:57 | 003,505,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/11 16:08:32 | 003,525,401 | ---- | M] () -- C:\Documents and Settings\Over 9000\Desktop\Feeling of a King.mp3
[2011/05/11 16:08:22 | 004,406,037 | ---- | M] () -- C:\Documents and Settings\Over 9000\Desktop\Under the Fun.mp3
[2011/05/11 16:08:08 | 004,590,159 | ---- | M] () -- C:\Documents and Settings\Over 9000\Desktop\Seismic Shift.mp3
[2011/05/11 16:07:56 | 005,723,350 | ---- | M] () -- C:\Documents and Settings\Over 9000\Desktop\Element.mp3
[2011/05/10 18:12:14 | 004,754,215 | ---- | M] () -- C:\Documents and Settings\Over 9000\Desktop\Inner Contemplations.mp3
[2011/05/10 18:06:26 | 003,799,364 | ---- | M] () -- C:\Documents and Settings\Over 9000\Desktop\The Core.mp3
[2011/05/10 18:04:30 | 003,492,167 | ---- | M] () -- C:\Documents and Settings\Over 9000\Desktop\Lucid Dream.mp3
[2011/05/10 18:01:30 | 003,724,965 | ---- | M] () -- C:\Documents and Settings\Over 9000\Desktop\Amoral.mp3
[2011/05/10 08:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/05/10 08:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/10 08:02:25 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/10 08:02:22 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/10 07:59:37 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/05/10 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-VLAD-65BEF05E72-Over 9000.job
[2011/05/06 11:47:10 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Over 9000\Desktop\Microsoft Office Word 2007.lnk
[2011/05/02 14:54:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/02 01:03:48 | 000,103,509 | ---- | M] () -- C:\WINDOWS\hpoins04.dat
[2011/05/01 21:32:48 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Over 9000\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/01 20:07:39 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\FL Studio 9.lnk
[2011/05/01 19:32:10 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\VLC media player.lnk
[2011/05/01 19:30:27 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Over 9000\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/05/01 19:30:27 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\µTorrent.lnk
[2011/05/01 19:26:36 | 000,002,485 | ---- | M] () -- C:\Documents and Settings\Over 9000\Desktop\Microsoft Office Excel 2007.lnk
[2011/05/01 19:25:04 | 000,001,351 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Button Manager.lnk
[2011/05/01 19:24:49 | 000,001,657 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\WebCam Companion 3.lnk
[2011/05/01 19:23:42 | 000,001,906 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Magic-i Visual Effects 2.lnk
[2011/05/01 19:04:03 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk
[2011/05/01 18:52:46 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\Over 9000\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/01 18:51:57 | 000,002,551 | ---- | M] () -- C:\Documents and Settings\Over 9000\Desktop\Microsoft Office PowerPoint 2007.lnk
[2011/05/01 18:39:25 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Over 9000\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/01 18:39:25 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2011/05/01 15:49:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/05/01 15:41:27 | 000,000,854 | ---- | M] () -- C:\Documents and Settings\Over 9000\Desktop\Adobe Photoshop CS5.lnk
[2011/05/01 15:30:51 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/01 15:30:51 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/01 15:30:40 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Over 9000\Desktop\Internet Explorer.lnk
[2011/05/01 15:30:40 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Over 9000\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/05/01 15:28:55 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/05/01 15:27:53 | 000,004,326 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/01 15:27:53 | 000,000,606 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/05/01 15:24:45 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/05/01 15:24:44 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/05/01 15:24:44 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/05/01 15:24:31 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/01 15

14 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/05/01 15:16:27 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/16 18:58:09 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/16 18:58:07 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/16 18:54:25 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/16 18:54:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/16 18:54:25 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/16 18:54:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/16 18:54:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/16 01:30:59 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Over 9000\Desktop\rkill.com
[2011/05/16 01:17:01 | 004,349,551 | R--- | C] () -- C:\Documents and Settings\Over 9000\Desktop\ComboFix.exe
[2011/05/16 01:13:42 | 000,039,605 | ---- | C] () -- C:\Documents and Settings\Over 9000\Desktop\bootkit_remover.rar
[2011/05/12 17:33:24 | 000,000,468 | ---- | C] () -- C:\WINDOWS\System32\PenTouchTabletUserDefaults.xml
[2011/05/12 04:09:17 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2011/05/12 04:03:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/11 15:51:35 | 005,723,350 | ---- | C] () -- C:\Documents and Settings\Over 9000\Desktop\Element.mp3
[2011/05/11 14:00:17 | 004,590,159 | ---- | C] () -- C:\Documents and Settings\Over 9000\Desktop\Seismic Shift.mp3
[2011/05/10 18:06:35 | 004,406,037 | ---- | C] () -- C:\Documents and Settings\Over 9000\Desktop\Under the Fun.mp3
[2011/05/10 18:04:50 | 003,799,364 | ---- | C] () -- C:\Documents and Settings\Over 9000\Desktop\The Core.mp3
[2011/05/10 18:03:59 | 003,492,167 | ---- | C] () -- C:\Documents and Settings\Over 9000\Desktop\Lucid Dream.mp3
[2011/05/10 18:02:32 | 004,754,215 | ---- | C] () -- C:\Documents and Settings\Over 9000\Desktop\Inner Contemplations.mp3
[2011/05/10 18:01:38 | 003,525,401 | ---- | C] () -- C:\Documents and Settings\Over 9000\Desktop\Feeling of a King.mp3
[2011/05/10 18:00:33 | 003,724,965 | ---- | C] () -- C:\Documents and Settings\Over 9000\Desktop\Amoral.mp3
[2011/05/07 18:37:13 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\TidySongs.lnk
[2011/05/02 00:58:22 | 000,103,509 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2011/05/02 00:58:22 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2011/05/01 20:36:39 | 000,002,240 | ---- | C] () -- C:\WINDOWS\LENDIG.sys
[2011/05/01 20:07:39 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\FL Studio 9.lnk
[2011/05/01 19:34:34 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-VLAD-65BEF05E72-Over 9000.job
[2011/05/01 19:32:10 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\VLC media player.lnk
[2011/05/01 19:30:55 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Over 9000\Desktop\Internet Explorer.lnk
[2011/05/01 19:30:27 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\Over 9000\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/05/01 19:30:27 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\µTorrent.lnk
[2011/05/01 19:28:54 | 005,296,128 | ---- | C] () -- C:\Documents and Settings\Over 9000\Desktop\audacity.exe
[2011/05/01 19:26:09 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\Over 9000\Desktop\Adobe Photoshop CS5.lnk
[2011/05/01 19:25:04 | 000,001,351 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Button Manager.lnk
[2011/05/01 19:24:49 | 000,001,657 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\WebCam Companion 3.lnk
[2011/05/01 19:23:42 | 000,001,906 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Magic-i Visual Effects 2.lnk
[2011/05/01 19:04:03 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk
[2011/05/01 18:54:52 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/01 18:54:50 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Apple Software Update.lnk
[2011/05/01 18:52:46 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\Over 9000\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/01 18:51:57 | 000,002,551 | ---- | C] () -- C:\Documents and Settings\Over 9000\Desktop\Microsoft Office PowerPoint 2007.lnk
[2011/05/01 18:51:57 | 000,002,515 | ---- | C] () -- C:\Documents and Settings\Over 9000\Desktop\Microsoft Office Word 2007.lnk
[2011/05/01 18:51:57 | 000,002,485 | ---- | C] () -- C:\Documents and Settings\Over 9000\Desktop\Microsoft Office Excel 2007.lnk
[2011/05/01 18:42:01 | 000,000,468 | ---- | C] () -- C:\WINDOWS\System32\PenTabletUserDefaults.xml
[2011/05/01 18:39:25 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Over 9000\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/01 18:39:25 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/01 18:39:25 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2011/05/01 16:45:26 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Over 9000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/01 15:57:11 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/05/01 15:49:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/01 15:30:40 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Over 9000\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/05/01 15:30:32 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Over 9000\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/01 15:30:32 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Over 9000\Start Menu\Programs\Internet Explorer.lnk
[2011/05/01 15:30:27 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Over 9000\Start Menu\Programs\Remote Assistance.lnk
[2011/05/01 15:30:27 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Over 9000\Start Menu\Programs\Windows Media Player.lnk
[2011/05/01 15:28:55 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/05/01 15:27:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/01 15:27:03 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/05/01 15:26:42 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/05/01 15:26:35 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/05/01 15:26:34 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/05/01 15:26:31 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/05/01 15:26:14 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/05/01 15:26:05 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/05/01 15:26:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2011/05/01 15:25:48 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/05/01 15:24:54 | 000,002,625 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/01 15:24:44 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/05/01 15:24:44 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/05/01 15:24:43 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011/05/01 15:23:03 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Windows Movie Maker.lnk
[2011/05/01 15:22:48 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2011/05/01 15:22:13 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/05/01 15:22:13 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/05/01 15:22:06 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2011/05/01 15

47 | 000,376,320 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2011/05/01 15

15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/05/01 15:20:23 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/05/01 15:20:23 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/05/01 15:20:23 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/05/01 15:20:23 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/05/01 15:20:23 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/05/01 15:20:23 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/05/01 15:20:23 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/05/01 15:20:23 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/05/01 15:20:23 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/05/01 15:20:22 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/05/01 15:20:22 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/05/01 15:20:19 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/05/01 15:20:19 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/05/01 15:20:18 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/05/01 15:20:11 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2011/05/01 11:06:28 | 000,004,326 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/05/01 11:06:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/01 11:06:06 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/05/01 11:05:55 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/05/01 11:05:55 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/05/01 11:05:55 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/05/01 11:05:55 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2011/05/01 11:05:55 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2011/05/01 11:05:55 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/05/01 11:05:55 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2011/05/01 11:05:55 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/05/01 11:05:55 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/05/01 11:05:55 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/05/01 11:05:55 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/05/01 11:05:55 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/05/01 11:05:55 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/05/01 11:05:55 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/05/01 11:05:55 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/05/01 11:05:55 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/05/01 11:05:55 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/05/01 11:05:54 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/05/01 11:05:54 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/05/01 11:05:01 | 003,505,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/01 11:03:47 | 000,000,606 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2005/07/19 08:25:16 | 000,104,361 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,311,934 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,040,196 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/01/12 20:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2011/04/29 20:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/04/29 20:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/04/29 20:42:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/01/13 00:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2011/04/24 23:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Media Get LLC
[2011/04/29 20:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/04/24 22:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011/01/12 23:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/05/12 04:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2011/05/15 23:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MSScanAppDataDir
[2011/05/01 19:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\regid.1986-12.com.adobe
[2011/05/15 23:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SSScanAppDataDir
[2011/05/01 18

03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/05/01 16:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Over 9000\Application Data\acccore
[2011/05/07 10:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Over 9000\Application Data\Juce VST Host
[2011/05/01 20:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Over 9000\Application Data\OpenCandy
[2011/05/07 18:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Over 9000\Application Data\tidysongs15.27F6A35B76E5883BF9E6FEE514586561E 60595CA.1
[2011/05/10 17:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Over 9000\Application Data\uTorrent
[2011/05/10 17:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Over 9000\Application Data\WinDir
[2011/05/01 18:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Over 9000\Application Data\WTouch
[2011/01/12 20

15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlad\Application Data\acccore
[2011/04/29 20:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlad\Application Data\AVG10
[2011/04/24 23:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlad\Application Data\BabylonToolbar
[2011/02/21 23:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlad\Application Data\OnLive App
[2011/01/12 20:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlad\Application Data\Psicraft
[2011/02/15 12:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlad\Application Data\Red Alert 3
[2011/04/29 17:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlad\Application Data\uTorrent
[2011/01/12 19:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlad\Application Data\WinBatch
[2011/01/12 21:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vlad\Application Data\WTouch

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/01/13 00:05:41 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2011/01/12 19:00:14 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/05/01 19:25:04 | 000,000,175 | ---- | M] () -- C:\BMSetup.log
[2011/05/01 15:16:27 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/05/16 18:58:09 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/05/16 19:03:57 | 000,020,053 | ---- | M] () -- C:\ComboFix.txt
[2011/01/12 19:00:14 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/01/12 19:00:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/01/12 20:24:28 | 000,000,362 | -H-- | M] () -- C:\IPH.PH
[2011/01/12 19:00:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 08:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/05/17 00:08:39 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011/02/27 19:47:49 | 000,037,420 | ---- | M] () -- C:\TDSSKiller.2.4.18.0_27.02.2011_18.46.28_log.txt

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2011/05/01 15:24:19 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/10/26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.d ll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/05/10 08:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2011/05/01 11:03:53 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2011/05/01 11:03:53 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2011/05/01 11:03:52 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2011/05/01 15:25:02 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/05/01 15:30:40 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Over 9000\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2011/05/01 15:30:40 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Over 9000\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2006/11/13 00:47:00 | 005,296,128 | ---- | M] () -- C:\Documents and Settings\Over 9000\Desktop\audacity.exe
[2011/05/16 18:53:48 | 004,349,551 | R--- | M] () -- C:\Documents and Settings\Over 9000\Desktop\ComboFix.exe
[2011/05/17 00:14:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Over 9000\Desktop\OTL.exe
[2010/09/01 15:33:49 | 000,083,968 | ---- | M] (eSage Lab) -- C:\Documents and Settings\Over 9000\Desktop\remover.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/05/01 15:30:40 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Over 9000\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/05/17 00:08:45 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Over 9000\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/04 08:00:00 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

**TheTopPro** · 17-05-2011

Second Report

Extras.txt

OTL Extras logfile created on: 5/17/2011 12:17:43 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Over 9000\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 152.55 Gb Free Space | 51.18% Space Free | Partition Type: NTFS
Drive D: | 404.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: VLAD-65BEF05E72 | User Name: Over 9000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-343818398-1715567821-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1A5B672C-66B6-43C4-8265-9B1D49462EA0}" = ArcSoft WebCam Companion 3
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{3E67F68D-3797-4B6A-B02C-27BC98DFEBDA}" = Fast Track Pro
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7777EACC-A4EA-68AC-6669-C33522B1125B}" = TidySongs
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CA634931-0CC3-4067-ABCC-7182E1DC23B7}" = HP Button Manager
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CF2371B6-8422-49DB-908B-14B67C074667}" = ArcSoft Magic-i Visual Effects 2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D31612BB-C6D7-4142-96AE-16DB062354CF}" = HP Webcam User's Guide
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASIO4ALL" = ASIO4ALL
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485 DF8CE.1" = Adobe Media Player
"conduitEngine" = Conduit Engine
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FL Studio 9" = FL Studio 9
"Hardcore" = Hardcore
"HP Photo & Imaging" = HP Image Zone 4.2
"ie8" = Windows Internet Explorer 8
"IL Download Manager" = IL Download Manager
"Lennar Digital Sylenth VSTi v1.2.1" = Lennar Digital Sylenth VSTi v1.2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"Native Instruments Absynth 4" = Native Instruments Absynth 4
"Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS" = Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS
"Native Instruments Massive v1.0.1.008 VSTi DXi RTAS" = Native Instruments Massive v1.0.1.008 VSTi DXi RTAS
"Pen Tablet Driver" = Bamboo
"PoiZone" = PoiZone
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"rgcAudio z3ta Plus v1.40" = rgcAudio z3ta Plus v1.40
"Sawer" = Sawer
"tidysongs15.27F6A35B76E5883BF9E6FEE514586561E6059 5CA.1" = TidySongs
"Toxic Biohazard" = Toxic Biohazard
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"VLC media player" = VLC media player 1.1.4
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/12/2011 3:24:19 AM | Computer Name = VLAD-65BEF05E72 | Source = TabletServicePen | ID = 0
Description =

Error - 5/12/2011 4:17:30 AM | Computer Name = VLAD-65BEF05E72 | Source = TabletServicePen | ID = 0
Description =

Error - 5/12/2011 4:17:58 AM | Computer Name = VLAD-65BEF05E72 | Source = TabletServicePen | ID = 0
Description =

Error - 5/12/2011 10:33:15 AM | Computer Name = VLAD-65BEF05E72 | Source = TabletServicePen | ID = 0
Description =

Error - 5/12/2011 1:22:26 PM | Computer Name = VLAD-65BEF05E72 | Source = TabletServicePen | ID = 0
Description =

Error - 5/12/2011 2:01:17 PM | Computer Name = VLAD-65BEF05E72 | Source = Application Hang | ID = 1002
Description = Hanging application PDapp.exe, version 1.0.175.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/12/2011 3:25:29 PM | Computer Name = VLAD-65BEF05E72 | Source = TabletServicePen | ID = 0
Description =

Error - 5/12/2011 3:39:55 PM | Computer Name = VLAD-65BEF05E72 | Source = TabletServicePen | ID = 0
Description =

Error - 5/12/2011 5:09:31 PM | Computer Name = VLAD-65BEF05E72 | Source = TabletServicePen | ID = 0
Description =

Error - 5/15/2011 10:09:39 AM | Computer Name = VLAD-65BEF05E72 | Source = Application Hang | ID = 1002
Description = Hanging application FL.dll, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/16/2011 1:38:13 AM | Computer Name = VLAD-65BEF05E72 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 5/16/2011 1:38:13 AM | Computer Name = VLAD-65BEF05E72 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 5/16/2011 1:38:13 AM | Computer Name = VLAD-65BEF05E72 | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 5/16/2011 1:38:13 AM | Computer Name = VLAD-65BEF05E72 | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 5/16/2011 1:38:13 AM | Computer Name = VLAD-65BEF05E72 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 5/16/2011 1:38:13 AM | Computer Name = VLAD-65BEF05E72 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss
Tcpip

Error - 5/16/2011 1:42:26 AM | Computer Name = VLAD-65BEF05E72 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/16/2011 6:52:58 PM | Computer Name = VLAD-65BEF05E72 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/16/2011 6:54:16 PM | Computer Name = VLAD-65BEF05E72 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSnx aswSP aswTdi Fips Processor

Error - 5/16/2011 7:50:16 PM | Computer Name = VLAD-65BEF05E72 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

< End of report >

Constant Infections

Constant Infections

Similar Threads

Multiple Infections? : [

USB - Infections

CPU 100% constant!!!

Constant Pop-ups

Constant pop-ups and viruses