[egehring93]

Google keeps redirecting me to search sites such as Searchclick 9 whenever I click on anything. Please help!!

Here's my HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:26:44 PM, on 6/25/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
c:\Program Files\tbh\base\bin\tbhDaemon.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\tbh\base\bin\tbhSystray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O1 - Hosts: 89.149.210.60 www.google.com
O1 - Hosts: 89.149.210.60 www.google.de
O1 - Hosts: 89.149.210.60 www.google.fr
O1 - Hosts: 89.149.210.60 www.google.co.uk
O1 - Hosts: 89.149.210.60 www.google.com.br
O1 - Hosts: 89.149.210.60 www.google.co.jp
O1 - Hosts: 89.149.210.60 www.google.com.mx
O1 - Hosts: 89.149.210.60 www.google.gr
O1 - Hosts: 89.149.210.60 www.google.se
O1 - Hosts: 89.149.210.60 www.google.it
O1 - Hosts: 89.149.210.60 www.google.dk
O1 - Hosts: 89.149.210.60 www.google.ie
O1 - Hosts: 89.149.210.60 www.google.fi
O1 - Hosts: 89.149.210.60 www.google.ca
O1 - Hosts: 89.149.210.60 www.google.com.au
O1 - Hosts: 89.149.210.60 www.google.co.za
O1 - Hosts: 89.149.210.60 www.google.be
O1 - Hosts: 89.149.210.60 www.google.at
O1 - Hosts: 89.149.210.60 www.google.no
O1 - Hosts: 89.149.210.60 www.google.ch
O1 - Hosts: 89.149.210.60 www.google.pt
O1 - Hosts: 89.149.210.60 search.yahoo.com
O1 - Hosts: 89.149.210.60 us.search.yahoo.com
O1 - Hosts: 89.149.210.60 uk.search.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ttool] C:\WINDOWS\s3efad32.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1200966140671
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Fuse Service - Intuit - C:\Program Files\Common Files\Intuit\Fuse\Service\Intuit Fuse Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: The Browser Highlighter Monitor (tbhMonitor.exe) - Unknown owner - C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9827 bytes


Thanks for your help!!

[Advertisements]

Hi there we no longer use Hijackthis as it does not look deep enough

I will do a quick and dirty fix first and then look deeper

Download OTL to your Desktop

Double click OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Commands
  [resethosts]
  [purity]
  [emptytemp]
  [EMPTYFLASH]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

THEN

• Double click OTL. Make sure all other windows are closed and to let it run uninterrupted.
• Check the box that says Scan All Users
• Under the Custom Scan box paste this in
  
  
  netsvcs
  drivers32 /all
  %SYSTEMDRIVE%\*.*
  %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\user32.dll /md5
  %systemroot%\system32\ws2_32.dll /md5
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

FINALLY

GMER Rootkit Scanner - Download - Homepage
[*] Download GMER
[*] Extract the contents of the zipped file to desktop.
[*] Double click GMER.exe.

[*] If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
[*] In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...

• IAT/EAT
• Drives/Partition other than Systemdrive (typically C:\)
• Show All (don't miss this one)
  
  Click the image to enlarge it

• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

[Essexboy]

Hi there we no longer use Hijackthis as it does not look deep enough

I will do a quick and dirty fix first and then look deeper

Download OTL to your Desktop

Double click OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Commands
  [resethosts]
  [purity]
  [emptytemp]
  [EMPTYFLASH]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

THEN

• Double click OTL. Make sure all other windows are closed and to let it run uninterrupted.
• Check the box that says Scan All Users
• Under the Custom Scan box paste this in
  
  
  netsvcs
  drivers32 /all
  %SYSTEMDRIVE%\*.*
  %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\user32.dll /md5
  %systemroot%\system32\ws2_32.dll /md5
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

FINALLY

GMER Rootkit Scanner - Download - Homepage
[*] Download GMER
[*] Extract the contents of the zipped file to desktop.
[*] Double click GMER.exe.

[*] If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
[*] In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...

• IAT/EAT
• Drives/Partition other than Systemdrive (typically C:\)
• Show All (don't miss this one)
  
  Click the image to enlarge it

• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

[egehring93]

Thanks for your quick reply, Essexboy!

OTL.txt:

OTL logfile created on: 6/25/2010 4:22:01 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\dan\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 238.00 Mb Available Physical Memory | 31.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 41.50 Gb Free Space | 74.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANNY
Current User Name: dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/25 16:13:10 | 000,062,760 | ---- | M] () -- c:\Program Files\tbh\base\bin\tbhDaemon.exe
PRC - [2010/06/25 16:05:51 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dan\My Documents\Downloads\OTL.exe
PRC - [2010/06/25 15:01:46 | 000,492,840 | ---- | M] (eBay) -- C:\Program Files\tbh\base\bin\tbhSystray.exe
PRC - [2010/06/25 14:56:14 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/06/25 14:56:07 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/05/06 16:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/10/22 14:57:44 | 000,070,952 | ---- | M] () -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
PRC - [2008/05/10 07:15:28 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2007/09/25 02:11:35 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 18:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/05/24 09:33:07 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2004/02/18 13:55:28 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2002/08/06 17:41:08 | 000,151,552 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
PRC - [2002/04/03 04:01:00 | 000,135,264 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe


========== Modules (SafeList) ==========

MOD - [2010/06/25 16:05:51 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dan\My Documents\Downloads\OTL.exe
MOD - [2004/08/04 03:57:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 02:01:17 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/25 14:56:07 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/10/22 14:57:44 | 000,070,952 | ---- | M] () [Auto | Running] -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/10/05 21:04:29 | 000,072,704 | ---- | M] (Intuit) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\Fuse\Service\Intuit Fuse Service.exe -- (Intuit Fuse Service)


========== Driver Services (SafeList) ==========

DRV - [2010/06/25 14:57:00 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/21 09:26:07 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2006/06/14 12:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2004/08/04 02:08:21 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/04 01:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2003/10/06 15:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2002/08/30 12:29:02 | 001,293,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2002/07/15 02:41:12 | 000,051,712 | ---- | M] (Microsoft® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSWUSB51.sys -- (MSW_USB)
DRV - [2002/06/23 17:31:20 | 000,045,568 | R--- | M] (D-Link Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DLKRTS.SYS -- (DLKRTS)
DRV - [2001/08/17 09:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [1999/12/17 04:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-823518204-1482476501-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-823518204-1482476501-725345543-1004\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
IE - HKU\S-1-5-21-823518204-1482476501-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-823518204-1482476501-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-823518204-1482476501-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://start.mozilla...en-US:official"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/23 10:09:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/23 10:09:33 | 000,000,000 | ---D | M]

[2009/01/17 18:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dan\Application Data\Mozilla\Extensions
[2010/06/24 19:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\1p14tq9w.dan\extensions
[2009/09/06 11:39:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\1p14tq9w.dan\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/25 16:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\1p14tq9w.dan\extensions\[email protected]
[2008/03/17 18:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\1p14tq9w.dan\extensions\[email protected]
[2005/10/03 14:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\ir538thk.default\extensions
[2005/10/03 14:51:40 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\ir538thk.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/06/24 19:37:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/01 17:22:06 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/12/09 11:25:56 | 000,028,488 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2009/12/09 11:25:57 | 000,185,240 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2009/12/09 11:26:57 | 000,046,408 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\atmccli.dll
[2009/12/09 11:27:08 | 000,099,224 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2009/12/09 11:25:55 | 000,061,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2009/01/21 14:58:42 | 000,279,888 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2008/11/15 14:44:45 | 000,514,664 | ---- | M] (WholeSecurity,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPXPEE.dll
[2008/04/25 14:32:20 | 005,817,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll

O1 HOSTS File: ([2010/06/25 16:06:30 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-823518204-1482476501-725345543-1004\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKU\S-1-5-21-823518204-1482476501-725345543-1004\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe (eBay)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-823518204-1482476501-725345543-1004..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKU\S-1-5-21-823518204-1482476501-725345543-1004..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-21-823518204-1482476501-725345543-1004..\Run: [ttool] C:\WINDOWS\s3efad32.exe File not found
O4 - HKU\S-1-5-21-823518204-1482476501-725345543-1004..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk = C:\WINDOWS\Installer\{06B2B442-19FE-4398-BD4B-F5C00928DD8E}\_18be6784.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-1482476501-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 2.0\resources\en-us\local\search.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1200966140671 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\dan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\dan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/13 19:50:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b1f40536-05a2-11de-81fe-0011952a9279}\Shell\AutoRun\command - "" = F:\LinksysConnectPC.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/02/13 19:50:04 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ctmp3 - C:\WINDOWS\system32\ctmp3.acm (Creative Technology Ltd.)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 30 Days ==========

[2010/06/25 16:06:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/25 15:25:22 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/25 14:59:04 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/06/25 14:58:57 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/06/25 14:47:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/06/25 14:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/06/25 14:47:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/06/25 13:48:39 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/25 13:48:38 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/25 13:48:37 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/25 13:48:36 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/25 13:48:33 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/25 13:48:33 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/25 13:48:33 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/25 13:48:17 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/25 13:48:17 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/06/25 13:48:12 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/06/25 13:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/06/04 17:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/04 17:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/04 17:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/04 17:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/06/04 17:30:30 | 003,003,680 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2010/06/04 17:29:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2005/05/23 18:05:30 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 30 Days ==========

[2010/06/25 16:15:26 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/25 16:14:58 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\dan\NTUSER.DAT
[2010/06/25 16:13:15 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/06/25 16:12:54 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/25 16:12:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/25 16:12:25 | 000,002,355 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk
[2010/06/25 16:12:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/25 16:12:07 | 804,331,520 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/25 16:11:10 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\dan\ntuser.ini
[2010/06/25 16:06:30 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/06/25 15:55:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/25 15:25:52 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\HiJackThis.lnk
[2010/06/25 14:58:51 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/06/25 14:58:42 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/06/25 14:57:00 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/06/25 14:47:47 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/06/25 14:47:47 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/06/25 13:49:25 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/06/25 13:49:24 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/06/25 13:48:39 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/06/25 13:48:34 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/21 09:26:07 | 000,028,672 | ---- | M] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2010/06/20 08:03:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2010/06/12 18:22:38 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/12 18:22:38 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/04 17:47:28 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dad's.lnk
[2010/06/04 17:35:08 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/04 17:29:47 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/04 17:29:47 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/06/01 13:31:14 | 000,010,108 | ---- | M] () -- C:\Documents and Settings\dan\My Documents\ELSIE INSURANCE.PDF
[2010/05/31 19:50:22 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\PERFORMANCE_SELF_EVALUATION_-_MASTER.xls
[2010/05/31 19:43:12 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\PERFORMANCE_SELF_EVALUATION_-_MASTER checklist.xls
[2010/05/31 10:37:30 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\dan\My Documents\BURNHAM 2010.doc

========== Files Created - No Company Name ==========

[2010/06/25 15:25:22 | 000,002,443 | ---- | C] () -- C:\Documents and Settings\dan\Desktop\HiJackThis.lnk
[2010/06/25 15:18:31 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/06/25 15:09:37 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/25 14:47:47 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/06/25 14:47:47 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/06/25 13:49:25 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/06/25 13:49:24 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/06/25 13:48:39 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/06/04 17:39:17 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dad's.lnk
[2010/06/04 17:35:08 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/04 17:29:47 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/06/04 17:29:47 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/06/01 13:31:13 | 000,010,108 | ---- | C] () -- C:\Documents and Settings\dan\My Documents\ELSIE INSURANCE.PDF
[2010/05/31 19:43:12 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\dan\Desktop\PERFORMANCE_SELF_EVALUATION_-_MASTER checklist.xls
[2010/05/31 19:42:49 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\dan\Desktop\PERFORMANCE_SELF_EVALUATION_-_MASTER.xls
[2010/05/31 10:37:30 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\dan\My Documents\BURNHAM 2010.doc
[2008/11/15 14:45:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2007/09/27 22:36:56 | 000,000,058 | ---- | C] () -- C:\WINDOWS\ProTSKSCH06.INI
[2007/09/27 22:28:36 | 000,002,600 | ---- | C] () -- C:\WINDOWS\Prowin06.ini
[2007/02/05 22:34:37 | 000,002,729 | ---- | C] () -- C:\WINDOWS\Baswin06.ini
[2006/09/25 21:00:06 | 000,000,058 | ---- | C] () -- C:\WINDOWS\ProTSKSCH05.INI
[2006/09/25 20:56:13 | 000,002,612 | ---- | C] () -- C:\WINDOWS\Prowin05.ini
[2006/04/10 12:17:36 | 000,005,810 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/03/08 20:12:36 | 000,000,051 | ---- | C] () -- C:\WINDOWS\rocksoft.ini
[2006/02/15 08:24:21 | 000,002,361 | ---- | C] () -- C:\WINDOWS\Baswin04.ini
[2006/02/14 22:34:45 | 000,002,699 | ---- | C] () -- C:\WINDOWS\Baswin05.ini
[2006/02/14 22:33:40 | 000,000,038 | ---- | C] () -- C:\WINDOWS\SelecPrd.INI
[2005/10/06 17:58:20 | 000,010,776 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini
[2005/10/06 15:20:34 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/10/05 21:08:44 | 000,000,058 | ---- | C] () -- C:\WINDOWS\ProTSKSCH04.INI
[2005/10/05 21:04:21 | 000,002,702 | ---- | C] () -- C:\WINDOWS\Prowin04.ini
[2005/05/23 18:06:09 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/05/23 18:05:31 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2005/05/23 18:05:31 | 000,002,092 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2005/05/23 18:05:31 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/05/23 18:05:28 | 000,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2005/05/23 18:05:28 | 000,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI
[2005/05/23 18:05:27 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2005/05/23 18:04:38 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/05/15 20:57:29 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/02/23 21:06:12 | 000,000,453 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/10/06 15:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/06/25 16:12:05 | 000,000,220 | ---- | M] () -- C:\aaw7boot.log
[2005/02/13 19:50:30 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/01/23 20:29:39 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2005/02/13 19:50:30 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/11/28 18:18:44 | 000,281,472 | ---- | M] () -- C:\crav2125.08i
[2005/05/15 21:00:27 | 000,000,136 | ---- | M] () -- C:\debugInstaller.txt
[2007/12/22 16:12:22 | 000,327,204 | ---- | M] () -- C:\gehr6300.06i
[2009/06/29 20:43:10 | 000,368,735 | ---- | M] () -- C:\gehr6300.08i
[2010/06/25 16:12:07 | 804,331,520 | -HS- | M] () -- C:\hiberfil.sys
[2006/02/15 08:11:57 | 000,065,642 | ---- | M] () -- C:\hpfr3840.log
[2005/02/13 19:50:30 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/10/04 09:25:02 | 000,000,207 | -H-- | M] () -- C:\IPH.PH
[2009/04/12 21:53:45 | 000,376,988 | ---- | M] () -- C:\kind1766.08i
[2007/12/23 22:40:16 | 000,337,417 | ---- | M] () -- C:\lati3823.06i
[2008/12/23 21:33:58 | 000,374,069 | ---- | M] () -- C:\lati3823.07i
[2005/02/13 19:50:30 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2005/08/27 18:46:41 | 000,000,942 | ---- | M] () -- C:\net_save.dna
[2008/01/23 20:22:54 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/01/23 20:22:54 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/06/25 16:12:05 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
[2005/09/29 14:51:50 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2008/12/03 20:46:30 | 000,325,667 | ---- | M] () -- C:\tars9425.07i

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2 C:\WINDOWS\system32\Spool\prtprocs\w32x86\*.tmp files -> C:\WINDOWS\system32\Spool\prtprocs\w32x86\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/02/13 11:41:07 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/02/13 11:41:07 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/02/13 11:41:07 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2007/03/08 11:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2004/08/04 03:56:46 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< End of report >

Extras.txt:

OTL Extras logfile created on: 6/25/2010 4:22:01 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\dan\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 238.00 Mb Available Physical Memory | 31.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 41.50 Gb Free Space | 74.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANNY
Current User Name: dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5191:TCP" = 5191:TCP:*:Enabled:The Browser Highlighter XCOM

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\tbh\base\bin\tbhDaemon.exe" = C:\Program Files\tbh\base\bin\tbhDaemon.exe:*:Enabled:The Browser Highlighter - Daemon -- ()
"C:\Program Files\tbh\monitor\bin\tbhMonitor.exe" = C:\Program Files\tbh\monitor\bin\tbhMonitor.exe:*:Enabled:The Browser Highlighter - Monitor -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{06B2B442-19FE-4398-BD4B-F5C00928DD8E}" = Microsoft Broadband Networking
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{222285C2-037F-4AF9-83B3-B33A7288EC9D}" = Disney Mix It Plug-in
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A8E36DD-061D-4877-9736-30E7266A4669}" = ProSeries Basic User's Guide 2007
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B62CF95-5E25-4720-A3D6-B4A2B0501961}" = Browser Highlighter - Firefox
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48AFBB60-8CF5-4605-BB04-704DD8702B80}" = VZAccess Manager for RIM
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5658CE44-2822-45C9-A5C0-F93AB4682BBF}" = Document eSort Components
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5F4B558D-8AEB-4DEE-AAB3-C00D1D9A86BA}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{935299DA-7E5D-4870-B317-E362857958E8}" = 2004 ProSeries User's Guide
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9C2AAD60-878D-11D7-9E5C-00D0B76A8705}" = NOMAD Jukebox Zen NX
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B1591C79-1C35-4E09-AA15-F7D6923AFB96}" = HP Deskjet 3840
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B81023A5-71ED-46EB-BE3B-9F974D1155F1}" = HP Software Update
"{BD78DE74-95DB-429D-A66F-6306BCEDA640}" = Arena 10.0 (CPR 7)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C9052439-99E8-4A4C-9C81-49776DDFA969}" = EntlClnt
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA0092C2-C0FE-40DA-A79E-E4C0FCA129F9}" = Intuit Entitlement Client
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Toolbar" = AOL Toolbar 2.0
"avast5" = avast! Free Antivirus
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Creative Jukebox Driver" = Creative Jukebox Driver
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"LimeWire" = LimeWire 4.16.6
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
"MSN Music Assistant" = MSN Music Assistant
"NVIDIA Display Driver" = NVIDIA Display Driver
"ProSeries 2004" = ProSeries 2004
"ProSeries 2005" = ProSeries 2005
"ProSeries 2006" = ProSeries 2006
"ProSeries 2007" = ProSeries 2007
"ProSeries Basic Edition 2004" = ProSeries Basic Edition 2004
"ProSeries Basic Edition 2005" = ProSeries Basic Edition 2005
"ProSeries Basic Edition 2006" = ProSeries Basic Edition 2006
"ProSeries Basic Edition 2007" = ProSeries Basic Edition 2007
"ProSeries Basic Edition 2008" = ProSeries Basic Edition 2008
"ProSeries Basic Edition 2009" = ProSeries Basic Edition 2009
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"Snood_is1" = Snood for Windows version 3.52-W
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-823518204-1482476501-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Confidence Online EE" = Confidence Online™ for Web Applications
"VideoEgg" = VideoEgg Publisher
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/4/2010 5:59:39 PM | Computer Name = DANNY | Source = Bonjour Service | ID = 100
Description = 424: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 6/4/2010 5:59:39 PM | Computer Name = DANNY | Source = Bonjour Service | ID = 100
Description = 412: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 6/4/2010 5:59:39 PM | Computer Name = DANNY | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 6/4/2010 5:59:39 PM | Computer Name = DANNY | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 6/4/2010 5:59:39 PM | Computer Name = DANNY | Source = Bonjour Service | ID = 100
Description = 380: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 6/12/2010 6:13:50 PM | Computer Name = DANNY | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3726, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/12/2010 6:13:58 PM | Computer Name = DANNY | Source = Application Hang | ID = 1001
Description = Fault bucket 1765894641.

Error - 6/12/2010 6:20:35 PM | Computer Name = DANNY | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3726, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/12/2010 6:20:38 PM | Computer Name = DANNY | Source = Application Hang | ID = 1001
Description = Fault bucket 1765894641.

Error - 6/25/2010 2:48:38 PM | Computer Name = DANNY | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

[ System Events ]
Error - 1/5/2010 8:37:26 AM | Computer Name = DANNY | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 1/5/2010 8:37:26 AM | Computer Name = DANNY | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 2/20/2010 4:58:35 PM | Computer Name = DANNY | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2/20/2010 4:58:35 PM | Computer Name = DANNY | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2/20/2010 5:13:35 PM | Computer Name = DANNY | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 30 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2/20/2010 5:13:35 PM | Computer Name = DANNY | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 4/6/2010 8:32:37 PM | Computer Name = DANNY | Source = Print | ID = 54
Description = Document Standard Client Letter was corrupted and has been deleted.
The associated driver is: HP LaserJet 2100 PCL6.

Error - 6/21/2010 9:32:58 AM | Computer Name = DANNY | Source = SCardSvr | ID = 610
Description = Smart Card Reader 'RSA RSA SecurID ® Authenticator 0' rejected IOCTL
EJECT: The request is not supported.

Error - 6/21/2010 9:35:34 AM | Computer Name = DANNY | Source = SCardSvr | ID = 610
Description = Smart Card Reader 'RSA RSA SecurID ® Authenticator 0' rejected IOCTL
EJECT: The request is not supported.

Error - 6/25/2010 1:44:44 PM | Computer Name = DANNY | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Internet Explorer 8 for Windows XP.


< End of report >

ark.txt:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-25 17:11:15
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\dan\LOCALS~1\Temp\fxtdapog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF5140C7A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF5140B36]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xF51410EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF5141014]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF514070C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF5140C10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF514064C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF51406B0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF5140D30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xF51411B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF5140CF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF5140E70]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xF514DAC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xF514D8EA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xF514DA24]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 148 804E27A4 4 Bytes JMP B3F51410
PAGE ntoskrnl.exe!ObInsertObject 80564423 5 Bytes JMP F514AEC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!NtCreateSection 8056469B 7 Bytes JMP F514D8EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 80581EFE 7 Bytes JMP F514DACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A1132 1 Byte [E9]
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A1132 5 Bytes JMP F5149536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805A40FA 7 Bytes JMP F514DA28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF74AE380]
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF6817340, 0x121A5F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF9D6380, 0x25BA81, 0xF8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2592] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

[Essexboy]

OK one bit down and now the main culprit - on completion of this can you let me know if you are still being re-directed

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O4 - HKU\S-1-5-21-823518204-1482476501-725345543-1004..\Run: [ttool] C:\WINDOWS\s3efad32.exe File not found
  
  :Commands
  [resethosts]
  [purity]
  [emptytemp]
  [EMPTYFLASH]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download TDSSKiller and save it to your Desktop.

• Extract the file and run it.
• Once completed it will create a log in your C:\ drive
• Reboot your computer
• Please post the contents of that log

[egehring93]

Ok, thanks again, I'm fixing a friend's computer and won't be able to get back until tomorrow.

[Essexboy]

No problem I am off to bed now

[egehring93]

Essexboy, thank you SO much, TDSSKiller did it!! It was "atapi.sys" that was causing the problem, and it got rid of it. Thanks for all of your help!!!!!

[Essexboy]

Glad to hear that

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Commands
  [resethosts]
  [purity]
  [emptytemp]
  [EMPTYFLASH]
  [CLEARALLRESTOREPOINTS] 
  [Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done


Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
• Click Yes to confirm.
• Click OK.

SPRING CLEAN

Download and run Puran Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

• SpywareBlaster to help prevent spyware from installing in the first place.
  Malwarebytes. Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.