Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus disabling programs


  • Please log in to reply

#1
Anomalous

Anomalous

    Member

  • Member
  • PipPip
  • 63 posts
OTL logfile created on: 9/9/2010 3:38:07 PM - Run 2
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\suprturbocharged\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 348.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 4.73 Gb Free Space | 3.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 5.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1.91 Gb Total Space | 1.23 Gb Free Space | 64.55% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUPERCOMPUTER20
Current User Name: suprturbocharged
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/08 20:24:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\suprturbocharged\Desktop\OTL.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2006/02/28 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/07/08 20:24:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\suprturbocharged\Desktop\OTL.exe
MOD - [2006/02/28 05:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2006/02/28 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/01/07 15:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 15:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/01/07 15:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2002/05/03 11:29:42 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\NMSSvc.Exe -- (NMSSvc) Intel®


========== Driver Services (SafeList) ==========

DRV - [2010/03/06 20:36:41 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/01/07 15:22:02 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2008/05/21 09:26:40 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2004/08/03 15:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/05/03 11:30:08 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NMSCFG.SYS -- (NMSCFG)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1085031214-1677128483-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKU\S-1-5-21-1085031214-1677128483-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1085031214-1677128483-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://google.com/
IE - HKU\S-1-5-21-1085031214-1677128483-1801674531-1004\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Search Toolbar\tbhelper.dll ()
IE - HKU\S-1-5-21-1085031214-1677128483-1801674531-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1085031214-1677128483-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://bing.zugo.com/?cfg=2-77-0-LZPx\n"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA79}:1.0.21
FF - prefs.js..extensions.enabledItems: {896642E4-C556-4ED3-85D1-9AC431603E7D}:1.0.4
FF - prefs.js..extensions.enabledItems: {301eab2b-b40b-0e35-5666-6c34de73ecf2}:4.6.6.6
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6
FF - prefs.js..keyword.URL: "http://bing.zugotool...s&site=Bing&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/04 21:58:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/09 01:06:36 | 000,000,000 | ---D | M]

[2010/03/06 19:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\suprturbocharged\Application Data\Mozilla\Extensions
[2010/08/31 22:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\suprturbocharged\Application Data\Mozilla\Firefox\Profiles\7gw44dt4.default\extensions
[2010/04/05 21:14:09 | 000,000,000 | ---D | M] (Chameleon Tom) -- C:\Documents and Settings\suprturbocharged\Application Data\Mozilla\Firefox\Profiles\7gw44dt4.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA79}
[2010/05/18 17:30:28 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\suprturbocharged\Application Data\Mozilla\Firefox\Profiles\7gw44dt4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/04/05 21:14:18 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\suprturbocharged\Application Data\Mozilla\Firefox\Profiles\7gw44dt4.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}
[2010/05/18 16:57:10 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Application Data\Mozilla\Firefox\Profiles\7gw44dt4.default\searchplugins\bing-ff.xml
[2010/08/31 22:17:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/05 21:14:24 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{301eab2b-b40b-0e35-5666-6c34de73ecf2}

O1 HOSTS File: ([2010/09/09 14:16:21 | 000,419,161 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14466 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (WitBHO Class) - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - C:\Program Files\ChameleonTom\wit4ie.dll (ChameleonTom)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1085031214-1677128483-1801674531-1004\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-1085031214-1677128483-1801674531-1004\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1085031214-1677128483-1801674531-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-1085031214-1677128483-1801674531-1004..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-1677128483-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ChameleonTom - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\ChameleonTom\ct.htm ()
O9 - Extra 'Tools' menuitem : ChameleonTom - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\ChameleonTom\ct.htm ()
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\suprturbocharged\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\suprturbocharged\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/02 15:04:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/12/11 13:03:59 | 000,000,277 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2006/12/07 11:45:13 | 001,095,224 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 90 Days ==========

[2010/09/09 14:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/09/09 14:00:15 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\suprturbocharged\Desktop\spybotsd162.exe
[2010/09/08 23:08:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/08 23:08:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/08 22:52:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/09/08 22:37:37 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\suprturbocharged\Desktop\OTL.exe
[2010/09/04 21:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2010/09/04 20:01:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/09/01 21:55:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/09/01 21:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\suprturbocharged\Local Settings\Application Data\{6D11EF0B-9642-4E05-92E0-27F2F1682C9C}
[2010/09/01 21:43:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\suprturbocharged\Application Data\DE3AEBADDD04D6F514FF087CDCCB33A6
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/09 15:13:28 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/09 14:16:21 | 000,419,161 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/09 14:16:20 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\ntuser.dat
[2010/09/09 14:01:18 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/09 14:01:17 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Desktop\Spybot - Search & Destroy.lnk
[2010/09/09 13:59:30 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/09 13:59:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/09 02:29:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\suprturbocharged\ntuser.ini
[2010/09/09 02:29:39 | 003,184,744 | -H-- | M] () -- C:\Documents and Settings\suprturbocharged\Local Settings\Application Data\IconCache.db
[2010/09/09 01:11:47 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/09 01:11:47 | 000,000,229 | -HS- | M] () -- C:\boot.ini
[2010/09/09 01:11:47 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/08 22:53:13 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2010/09/08 22:29:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/04 21:57:41 | 000,153,600 | ---- | M] () -- C:\WINDOWS\bootcenteraudit.exe
[2010/09/04 19:56:25 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/09/02 20:45:12 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1677128483-1801674531-1004UA.job
[2010/09/02 10:45:05 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1677128483-1801674531-1004Core.job
[2010/09/01 21:45:14 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Rqisexuyo.dat
[2010/09/01 21:45:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Bmefowu.bin
[2010/08/19 22:45:33 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Desktop\Google Chrome.lnk
[2010/08/19 22:45:33 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/10 21:58:15 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/21 13:23:59 | 000,000,154 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Desktop\Network Connections.lnk
[2010/07/08 20:24:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\suprturbocharged\Desktop\OTL.exe
[2010/07/08 10:55:06 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\suprturbocharged\Desktop\spybotsd162.exe
[2010/07/07 09:13:15 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/06/28 15:05:30 | 000,000,412 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\My Documents\spider.sav
[2010/06/28 14:35:29 | 000,001,502 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Desktop\Spider Solitaire.lnk
[2010/06/26 11:55:07 | 000,001,515 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Desktop\Minesweeper.lnk
[2010/06/25 18:08:00 | 000,001,491 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Desktop\Solitaire.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/09 14:01:17 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\suprturbocharged\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/09 14:01:17 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\suprturbocharged\Desktop\Spybot - Search & Destroy.lnk
[2010/09/08 23:15:42 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\suprturbocharged\Desktop\gmer.exe
[2010/09/08 22:53:12 | 000,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2010/09/04 21:57:41 | 000,153,600 | ---- | C] () -- C:\WINDOWS\bootcenteraudit.exe
[2010/09/02 21:01:07 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/09/02 21:01:05 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/09/02 21:01:05 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/09/02 21:01:05 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/09/02 21:01:05 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/09/02 21:01:05 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/09/02 21:01:04 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/09/01 21:45:14 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Rqisexuyo.dat
[2010/09/01 21:45:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bmefowu.bin
[2010/08/20 11:03:53 | 006,815,744 | ---- | C] () -- C:\Documents and Settings\suprturbocharged\ntuser.dat
[2010/07/21 13:23:59 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\suprturbocharged\Desktop\Network Connections.lnk
[2010/07/07 09:13:14 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/07/07 09:13:14 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2010/06/28 17:48:18 | 000,001,502 | ---- | C] () -- C:\Documents and Settings\suprturbocharged\Desktop\Spider Solitaire.lnk
[2010/06/28 15:05:30 | 000,000,412 | ---- | C] () -- C:\Documents and Settings\suprturbocharged\My Documents\spider.sav
[2010/06/27 17:31:34 | 000,001,491 | ---- | C] () -- C:\Documents and Settings\suprturbocharged\Desktop\Solitaire.lnk
[2010/06/27 17:31:23 | 000,001,515 | ---- | C] () -- C:\Documents and Settings\suprturbocharged\Desktop\Minesweeper.lnk
[2006/02/28 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/02/06 09:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 15:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll

========== LOP Check ==========

[2010/03/06 20:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/04/05 21:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Toolbar4
[2010/09/08 22:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\suprturbocharged\Application Data\DAEMON Tools Lite
[2010/09/04 21:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\suprturbocharged\Application Data\DE3AEBADDD04D6F514FF087CDCCB33A6
[2010/04/13 23:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\suprturbocharged\Application Data\Facebook
[2010/03/10 12:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\suprturbocharged\Application Data\Red Kawa
[2010/03/11 12:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\suprturbocharged\Application Data\SlimBrowser
[2010/09/08 22:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\suprturbocharged\Application Data\uTorrent
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/09/04 19:56:25 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/03/10 11:54:02 | 1462,243,328 | ---- | M] () -- C:\2010-03-10 0958.ISO
[2010/03/10 11:54:02 | 000,004,328 | ---- | M] () -- C:\2010-03-10 0958.MDS
[2009/08/02 15:04:44 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/09/09 01:11:47 | 000,000,229 | -HS- | M] () -- C:\boot.ini
[2009/08/02 15:04:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/08/02 15:04:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/08/02 15:04:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/28 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2006/02/28 05:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/09/09 13:59:13 | 1207,959,552 | -HS- | M] () -- C:\pagefile.sys
[2010/09/08 22:33:12 | 000,000,406 | ---- | M] () -- C:\rkill.log

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/08/02 07:48:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/08/02 07:48:38 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/08/02 07:48:38 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-02-24 11:00:21
< End of report >

Edited by Anomalous, 09 September 2010 - 02:54 PM.

  • 0

Advertisements


#2
MariaCristina

MariaCristina

    Visiting Staff

  • Visiting Consultant
  • 277 posts
Hello, Anomalous

Hello,

Welcome to Geeks to Go! :)

My name is Maria Cristina and I will be helping you. I will be back as soon as possible, as each reply must be approved by a resident expert before I can be allowed to post it to you.
  • Please, be patient. Do not try to fix your malware issues by yourself. You should only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyze and fix your PC in the long run.
  • Do not ask for help in other forums. Trying to follow more than one procedure at the same time can cause a lot of issues.
  • POST your logs, do not attach them, as it makes it harder to read.
  • English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.
  • I suggest you to subscribe this thread, by clicking in My Settings, on the top of this page.

    You should click in the Notification Options and check the option Watch every topic I reply to - If enabled, choose default notification type: and set your desired notification type.

Your computer is infected and I can try to help you to remove the malwares, but I see that the free disk space is well below the recommended, and the Master File Table may become corrupted at any time, which will prevent your system from functioning.

To remove the malware we will need to run some tools that will occupy a temporary disk space, and in doing so, the chance of corrupting your system will be enormous.

Backup your files and folders, such as photos, videos and music, and delete them. Be sure to leave at least 10 gb of free space, so we can continue.

TFC - Temp File Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more

Download TFC, by Oldtimer and save it into your desktop.

Close ALL programs and run TFC.
Click the Start button and wait. Your desktop will disappear, do not worry, this is part of the process.

Be patient, as the amount of data to be deleted, the process may take more than 2 minutes.

When finished, you will be prompted to restart your computer. RESTART.

After doing this, please follow the steps in our Malware and Spyware Cleaning Guide and paste the required logs in your next reply.

Note:
This time when you run OTL, the main screen will look slightly different. Please, notice under Extras section it would be marked as None. Change it to Use Safe List and then proceed with the remaining instructions to generate the log.

Edit: tags in conflict

:)

Edited by MariaCristina, 11 September 2010 - 11:54 PM.

  • 0

#3
Anomalous

Anomalous

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hello and thank you for responding, here are my logs (Malwarebytes found no infections, I posted an older log that found some.)


OTL logfile created on: 9/12/2010 3:45:33 PM - Run 3
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\suprturbocharged\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 603.00 Mb Available Physical Memory | 79.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 19.06 Gb Free Space | 12.79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 5.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 1.91 Gb Total Space | 1.23 Gb Free Space | 64.53% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUPERCOMPUTER20
Current User Name: suprturbocharged
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/08 20:24:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\suprturbocharged\Desktop\OTL.exe
PRC - [2006/12/11 12:20:18 | 004,603,904 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Application Data\U3\00001675C6731C97\LaunchPad.exe
PRC - [2006/02/28 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/07/08 20:24:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\suprturbocharged\Desktop\OTL.exe
MOD - [2006/02/28 05:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2006/02/28 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/07 15:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 15:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/01/07 15:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2002/05/03 11:29:42 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\NMSSvc.Exe -- (NMSSvc) Intel®


========== Driver Services (SafeList) ==========

DRV - [2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 07:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 07:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/03/06 20:36:41 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/01/07 15:22:02 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2008/05/21 09:26:40 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2004/08/03 15:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/05/03 11:30:08 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NMSCFG.SYS -- (NMSCFG)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://google.com/
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Search Toolbar\tbhelper.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://bing.zugo.com/?cfg=2-77-0-LZPx\n"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA79}:1.0.21
FF - prefs.js..extensions.enabledItems: {896642E4-C556-4ED3-85D1-9AC431603E7D}:1.0.4
FF - prefs.js..extensions.enabledItems: {301eab2b-b40b-0e35-5666-6c34de73ecf2}:4.6.6.6
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6
FF - prefs.js..keyword.URL: "http://bing.zugotool...s&site=Bing&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/04 21:58:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/09 01:06:36 | 000,000,000 | ---D | M]

[2010/03/06 19:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\suprturbocharged\Application Data\Mozilla\Extensions
[2010/08/31 22:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\suprturbocharged\Application Data\Mozilla\Firefox\Profiles\7gw44dt4.default\extensions
[2010/04/05 21:14:09 | 000,000,000 | ---D | M] (Chameleon Tom) -- C:\Documents and Settings\suprturbocharged\Application Data\Mozilla\Firefox\Profiles\7gw44dt4.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA79}
[2010/05/18 17:30:28 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\suprturbocharged\Application Data\Mozilla\Firefox\Profiles\7gw44dt4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/04/05 21:14:18 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\suprturbocharged\Application Data\Mozilla\Firefox\Profiles\7gw44dt4.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}
[2010/05/18 16:57:10 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Application Data\Mozilla\Firefox\Profiles\7gw44dt4.default\searchplugins\bing-ff.xml
[2010/08/31 22:17:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/05 21:14:24 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{301eab2b-b40b-0e35-5666-6c34de73ecf2}

O1 HOSTS File: ([2010/09/09 14:16:21 | 000,419,161 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14466 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (WitBHO Class) - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - C:\Program Files\ChameleonTom\wit4ie.dll (ChameleonTom)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ChameleonTom - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\ChameleonTom\ct.htm ()
O9 - Extra 'Tools' menuitem : ChameleonTom - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\ChameleonTom\ct.htm ()
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\suprturbocharged\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\suprturbocharged\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/02 15:04:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/12/11 13:03:59 | 000,000,277 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{9a7e694b-bbd2-11df-b5f9-0007e97b1044}\Shell - "" = AutoRun
O33 - MountPoints2\{9a7e694b-bbd2-11df-b5f9-0007e97b1044}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a7e694b-bbd2-11df-b5f9-0007e97b1044}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006/12/07 11:45:13 | 001,095,224 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 90 Days ==========

[2010/09/12 12:46:33 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\suprturbocharged\Desktop\TFC.exe
[2010/09/11 11:11:32 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/11 11:11:32 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/11 11:11:31 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/11 11:11:29 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/11 11:11:27 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/11 11:11:27 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/11 11:11:26 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/09/11 11:11:12 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/09/11 11:11:12 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/09/11 11:11:05 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/09/11 11:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/09/10 14:13:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\suprturbocharged\Application Data\U3
[2010/09/09 16:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/09/09 16:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/09/09 14:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/09/09 14:00:15 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\suprturbocharged\Desktop\spybotsd162.exe
[2010/09/08 23:08:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/08 23:08:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/08 22:37:37 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\suprturbocharged\Desktop\OTL.exe
[2010/09/04 21:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2010/09/04 20:01:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/09/01 21:55:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/09/01 21:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\suprturbocharged\Local Settings\Application Data\{6D11EF0B-9642-4E05-92E0-27F2F1682C9C}
[2010/09/01 21:43:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\suprturbocharged\Application Data\DE3AEBADDD04D6F514FF087CDCCB33A6

========== Files - Modified Within 90 Days ==========

[2010/09/12 15:42:04 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\suprturbocharged\Desktop\TFC.exe
[2010/09/12 15:16:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/12 15:15:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/12 15:15:23 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\ntuser.dat
[2010/09/12 15:15:23 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\suprturbocharged\ntuser.ini
[2010/09/12 15:15:00 | 002,799,040 | -H-- | M] () -- C:\Documents and Settings\suprturbocharged\Local Settings\Application Data\IconCache.db
[2010/09/12 15:14:09 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/12 15:14:09 | 000,000,229 | -HS- | M] () -- C:\boot.ini
[2010/09/12 15:14:09 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/12 15:12:13 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/12 00:51:25 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/09/11 22:52:32 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1677128483-1801674531-1004UA.job
[2010/09/11 22:41:46 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/09/11 22:41:41 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/09/11 22:41:36 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/09/11 22:41:31 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/09/11 22:41:16 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/09/11 22:41:11 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/09/11 22:37:43 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/09/11 22:34:48 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/09/11 22:34:43 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/09/11 22:34:38 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/09/11 22:34:33 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/09/11 22:34:23 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/09/11 22:08:01 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/09/11 11:11:33 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avast!.lnk
[2010/09/11 11:11:27 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/09 15:13:28 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/09 14:16:21 | 000,419,161 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/09 14:01:18 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/09 14:01:17 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Desktop\Spybot - Search & Destroy.lnk
[2010/09/08 22:53:13 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2010/09/07 08:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/09/07 08:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/07 07:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/07 07:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/07 07:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/09/02 10:45:05 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1677128483-1801674531-1004Core.job
[2010/09/01 21:45:14 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Rqisexuyo.dat
[2010/09/01 21:45:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Bmefowu.bin
[2010/08/19 22:45:33 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Desktop\Google Chrome.lnk
[2010/08/19 22:45:33 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/10 21:58:15 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/21 13:23:59 | 000,000,154 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Desktop\Network Connections.lnk
[2010/07/08 20:24:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\suprturbocharged\Desktop\OTL.exe
[2010/07/08 10:55:06 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\suprturbocharged\Desktop\spybotsd162.exe
[2010/07/07 09:13:15 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/06/28 15:05:30 | 000,000,412 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\My Documents\spider.sav
[2010/06/28 14:35:29 | 000,001,502 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Desktop\Spider Solitaire.lnk
[2010/06/26 11:55:07 | 000,001,515 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Desktop\Minesweeper.lnk
[2010/06/25 18:08:00 | 000,001,491 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Desktop\Solitaire.lnk

========== Files Created - No Company Name ==========

[2010/09/11 11:11:33 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avast!.lnk
[2010/09/09 14:01:17 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\suprturbocharged\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/09 14:01:17 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\suprturbocharged\Desktop\Spybot - Search & Destroy.lnk
[2010/09/08 23:15:42 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\suprturbocharged\Desktop\gmer.exe
[2010/09/08 22:53:12 | 000,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2010/09/02 21:01:07 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/09/02 21:01:05 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/09/02 21:01:05 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/09/02 21:01:05 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/09/02 21:01:05 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/09/02 21:01:05 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/09/02 21:01:04 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/09/01 21:45:14 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Rqisexuyo.dat
[2010/09/01 21:45:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bmefowu.bin
[2010/08/20 11:03:53 | 006,815,744 | ---- | C] () -- C:\Documents and Settings\suprturbocharged\ntuser.dat
[2010/07/21 13:23:59 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\suprturbocharged\Desktop\Network Connections.lnk
[2010/07/07 09:13:14 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/07/07 09:13:14 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2010/06/28 17:48:18 | 000,001,502 | ---- | C] () -- C:\Documents and Settings\suprturbocharged\Desktop\Spider Solitaire.lnk
[2010/06/28 15:05:30 | 000,000,412 | ---- | C] () -- C:\Documents and Settings\suprturbocharged\My Documents\spider.sav
[2010/06/27 17:31:34 | 000,001,491 | ---- | C] () -- C:\Documents and Settings\suprturbocharged\Desktop\Solitaire.lnk
[2010/06/27 17:31:23 | 000,001,515 | ---- | C] () -- C:\Documents and Settings\suprturbocharged\Desktop\Minesweeper.lnk
[2006/02/28 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/02/06 09:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 15:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll

========== LOP Check ==========

[2010/09/11 11:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/06 20:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/04/05 21:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Toolbar4
[2010/09/08 22:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\suprturbocharged\Application Data\DAEMON Tools Lite
[2010/09/04 21:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\suprturbocharged\Application Data\DE3AEBADDD04D6F514FF087CDCCB33A6
[2010/04/13 23:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\suprturbocharged\Application Data\Facebook
[2010/03/10 12:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\suprturbocharged\Application Data\Red Kawa
[2010/03/11 12:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\suprturbocharged\Application Data\SlimBrowser
[2010/09/08 22:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\suprturbocharged\Application Data\uTorrent
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/09/11 22:41:36 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/09/11 22:34:43 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/09/11 22:34:33 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/09/11 22:41:41 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/09/11 22:41:16 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/09/11 22:34:48 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/09/11 22:08:01 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/09/11 22:41:31 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/09/11 22:41:46 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/09/12 00:51:25 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/09/11 22:34:23 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/09/11 22:41:11 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/09/11 22:34:38 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/09/11 22:37:43 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/03/10 11:54:02 | 1462,243,328 | ---- | M] () -- C:\2010-03-10 0958.ISO
[2010/03/10 11:54:02 | 000,004,328 | ---- | M] () -- C:\2010-03-10 0958.MDS
[2009/08/02 15:04:44 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/09/12 15:14:09 | 000,000,229 | -HS- | M] () -- C:\boot.ini
[2009/08/02 15:04:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/08/02 15:04:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/08/02 15:04:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/28 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2006/02/28 05:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/09/12 15:16:30 | 1207,959,552 | -HS- | M] () -- C:\pagefile.sys
[2010/09/09 14:08:32 | 000,000,406 | ---- | M] () -- C:\rkill.log

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/08/02 07:48:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/08/02 07:48:38 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/08/02 07:48:38 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-02-24 11:00:21
< End of report >


-----


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4577

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

9/9/2010 1:07:26 AM
mbam-log-2010-09-09 (01-07-26).txt

Scan type: Quick scan
Objects scanned: 140245
Time elapsed: 1 hour(s), 49 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 114
Registry Values Infected: 4
Registry Data Items Infected: 1
Folders Infected: 30
Files Infected: 60

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cntntcntr.cntntdic (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{148e1447-c728-48fd-beec-a7d06c5fff58} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ee46f55-1ce1-4db9-811a-68938ec7f3dd} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a87dfd99-cf81-4241-85ce-881e0026b686} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c96b9fae-a032-4100-bb47-32ef05e28be4} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{14113b47-d59c-4f0f-9d10-ff1730265584} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9c42a57-421c-4572-8b12-249c59183d1c} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cntntcntr.cntntdic.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cntntcntr.cntntdisp (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cntntcntr.cntntdisp.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0729f461-8054-47dc-8d39-a31b61cc0119} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{40ca90f3-4098-4877-ae87-23eb612b18c7} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4c3b62af-ca25-4fba-8405-32e44f83bb6f} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5a635a91-c303-45c9-8db9-f759d98a3b9d} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7e335d04-2e6e-4d0e-a921-c3d9192e7121} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{99ccfb8c-6380-4a14-8fdd-ef3e7e95335d} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b20d7add-989c-4bc0-a797-f6fe7998efd7} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bfc20a15-b0ac-44cc-a25a-a7039014ba9f} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f019aec4-4c95-46de-a107-e302473e3b9a} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2d00aa2a-69ef-487a-8a40-b3e27f07c91e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{86c5840b-80c4-4c30-a655-37344a542009} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{a57470de-14c7-4fcd-9d4c-e5711f24f0ed} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2557dd3f-23a0-477c-bcd8-90fd0aecc4b8} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2893116c-a176-42b1-8794-da8c9fc45564} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{99fdca0c-7380-4e9c-8d99-5dc4750334ef} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b1d9f4b1-b9ff-463f-bf15-ab9cb26160f7} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{71f731b3-008b-4052-9ea4-4145acce40c3} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8292078f-f6e9-412b-8eb1-360c05c5ece5} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2447e305-5e90-42a8-bd1e-0bc333b807e1} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{50d2fdcc-2707-49cb-8223-7fe0424909aa} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{878ce013-7ba9-4650-a78c-b2234c0c1648} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a5b6fa30-d317-41ca-9cb1-c898d3c7f34e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cc19a5f2-b4ad-41d5-a5c9-0680904c1483} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hotbarax.info (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{76d54105-99eb-4ecb-95b2-a944f50cc566} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30b15818-e110-4527-9c05-46ace5a3460d} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{618aad04-921f-44c2-be38-c0818af69861} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b5d2ed96-62f9-4c2c-956d-e425b1f67337} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d3a412e8-1e4b-47d2-9b12-f88291f5afbb} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3e67daa-da01-4da5-98be-3088b554a11e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a3e67daa-da01-4da5-98be-3088b554a11e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d95c7240-0282-4c01-93f5-673bca03da86} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d95c7240-0282-4c01-93f5-673bca03da86} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hotbarax.info.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hotbarax.userprofiles (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hotbarax.userprofiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hotbarweather.weathercontroller (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hotbarweather.weathercontroller.1 (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c62a9e79-2b52-439b-af57-2e60bb06e86c} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{15fd8424-d12a-4c51-8c6c-d5d57b80f781} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{67b3becf-7b6f-42b2-99f0-f7656f89cffa} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{715ffd42-4e05-4eab-9513-c8daa5395ae2} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{759d6f7c-8d30-45b6-abea-fa51c190eed5} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9a4a64a4-a2fb-48fa-9bba-1ac50267695d} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{62906e60-bce2-4e1b-9ed0-8b9042ee15e4} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f9bfa98d-9935-4ea4-a05a-72c7f0778f02} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3ceb04ab-08af-45f4-81b4-70d13c1f7b85} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a7213d71-47e1-4832-92d7-d61dfe9f231f} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf82f350-e1c4-4916-ac12-ba73db60afb7} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d1063603-f045-475f-afbc-8cba7d5797fb} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{0d82acd6-a652-4496-a298-2bde705f4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025e484-d4b0-441a-9f0b-69063bd679ce} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258b35c-05b8-4c0e-9525-9bccc70f8f2d} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a89256ad-ec17-4a83-bef5-4b8bc4f39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2f9ad413-2e0b-4a85-bb2a-cf961238262a} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{70880ce6-308c-4204-a89e-b266c3f7b7fa} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8c788aa2-7530-43be-97b7-4d491f13bea3} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{03d7ff6e-9781-40b5-bb7f-94291a361604} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdc73256-a88d-4642-844e-a8f20b76789c} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\-ozqob_g-afp (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\hotbarsa (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8a9501e4-40b7-4b91-b91e-a2c608b3d0ac} (Adware.LoudMo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8a9501e4-40b7-4b91-b91e-a2c608b3d0ac} (Adware.LoudMo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\srs_it_e8790373b1765b5a34af92 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\[email protected] (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://bing.zugo.com/?cfg=2-77-0-LZPx
) Good: (http://www.google.com) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\IESkins (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\v3.5 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\v3.5\HostOI (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\v3.5\HostOI\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\v3.5\HostOL (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\v3.5\HostOL\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\v3.5\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\v3.5\Hotbar\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\v3.5\Hotbar\dynamic\ustat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\v3.5\Hotbar\static (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\v3.5\Hotbar\static\1 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\v3.5\Hotbar\static\2 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\Weather_XML (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar_Icons (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\firefox\extensions\plugins (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Hotbar\bin\11.0.120.0\CntntCntr.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\CoreSrv.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\HostIE.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\HostOL.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\HotbarSAAX.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\Toolbar.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\Srv.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\Weather.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\plugins\npclntax_HotbarSA.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\-ozQob_g-AFp.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ypgrv.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Local Settings\Temp\2864cf12.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Local Settings\Temp\5023.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Local Settings\Temp\5025.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Local Settings\Temp\5027.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Local Settings\Temp\502C.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Local Settings\Temp\597337437.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Local Settings\Temp\e19ab4de.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Local Settings\Temp\loader.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Local Settings\Temp\mkcxhunr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Local Settings\Temp\rnexacwmos.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Local Settings\Temp\SHO43.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Local Settings\Temp\smss.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Local Settings\Temp\wtpvaae.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\17fd3b4b.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\6fc7ec27.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\history (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\WeatherStartup.xml (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\WeatherDPA\Links (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\WeatherDPA\radar-big.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\WeatherDPA\radar-small (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\WeatherDPA\satellite-big.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\WeatherDPA\satellite-small (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\WeatherDPA\WeatherPreferences (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\Display (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\Loading (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\screen2 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\Weather_XML\Default (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\Weather_XML\Genera1 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\Weather_XML\General (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar_Icons\dealnews.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\arrow.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\HotbarSA.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\HotbarSADF.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\HotbarSAHook.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\HotbarUninstaller.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\WeSkin.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\firefox\extensions\chrome.manifest (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\firefox\extensions\plugins\npclntax_HotbarSA.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\About Hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Hotbar Games!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Hotbar Uninstall Instructions.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Hotbar Videos!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Reset Cursor.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Weather.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Local Settings\Temp\skaioejiesfjoee.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Templates\memory.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rEI-d_b---.dll (Adware.LoudMo) -> Quarantined and deleted successfully.



-----



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-12 16:31:57
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\SUPRTU~1\LOCALS~1\Temp\awacraog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xEEAF6CF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xEEAF6BAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xEEAF7160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xEEAF708A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xEEAF6782]
SSDT spuy.sys ZwEnumerateKey [0xF7434DA4]
SSDT spuy.sys ZwEnumerateValueKey [0xF7435132]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xEEAF6C86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xEEAF66C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xEEAF6726]
SSDT spuy.sys ZwQueryKey [0xF743520A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xEEAF6DA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xEEAF722E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xEEAF6D66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xEEAF6EE6]

INT 0x62 ? 82FDCBF8
INT 0x63 ? 82E24D28
INT 0x82 ? 82FDCBF8
INT 0x83 ? 82E24D28
INT 0xA4 ? 82E24D28
INT 0xB4 ? 82E24D28

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEEB03BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xEEB039D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xEEB03B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ObInsertObject 80564423 5 Bytes JMP EEB00FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!NtCreateSection 8056469B 7 Bytes JMP EEB039D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 80581EFE 7 Bytes JMP EEB03BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A1132 5 Bytes JMP EEAFF5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805A40FA 7 Bytes JMP EEB03B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? spuy.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F720C62C 5 Bytes JMP 82E24308
.text azq66oa6.SYS F6FC7386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text azq66oa6.SYS F6FC73AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text azq66oa6.SYS F6FC73C4 3 Bytes [00, 80, 02]
.text azq66oa6.SYS F6FC73C9 1 Byte [30]
.text azq66oa6.SYS F6FC73C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1032] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007A000A
.text C:\WINDOWS\System32\svchost.exe[1032] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 007B000A
.text C:\WINDOWS\System32\svchost.exe[1032] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0079000C
.text C:\WINDOWS\System32\svchost.exe[1032] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 008F000A
.text C:\WINDOWS\Explorer.EXE[1512] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A0000A
.text C:\WINDOWS\Explorer.EXE[1512] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A6000A
.text C:\WINDOWS\Explorer.EXE[1512] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 009F000C
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1628] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\WINDOWS\system32\wuauclt.exe[1640] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007B000A
.text C:\WINDOWS\system32\wuauclt.exe[1640] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 007C000A
.text C:\WINDOWS\system32\wuauclt.exe[1640] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 003D000C

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 82FDB1F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Fastfat \FatCdrom 82D05500

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\PCI_PNP3288 \Device\00000042 spuy.sys
Device \Driver\usbuhci \Device\USBPDO-0 82CE5500
Device \Driver\usbuhci \Device\USBPDO-1 82CE5500
Device \Driver\usbuhci \Device\USBPDO-2 82CE5500
Device \Driver\usbehci \Device\USBPDO-3 82CE43F8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 82F711F8
Device \Driver\Cdrom \Device\CdRom0 82CB81F8
Device \Driver\USBSTOR \Device\00000059 82B2B1F8
Device \Driver\atapi \Device\Ide\IdePort0 82FDC1F8
Device \Driver\atapi \Device\Ide\IdePort1 82FDC1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 82FDC1F8
Device \Driver\Cdrom \Device\CdRom1 82CB81F8
Device \Driver\Cdrom \Device\CdRom2 82CB81F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 82B90500
Device \Driver\NetBT \Device\NetbiosSmb 82B90500
Device \Driver\USBSTOR \Device\0000005a 82B2B1F8
Device \Driver\USBSTOR \Device\0000005b 82B2B1F8

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbuhci \Device\USBFDO-0 82CE5500
Device \Driver\usbuhci \Device\USBFDO-1 82CE5500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82B6A500
Device \Driver\usbuhci \Device\USBFDO-2 82CE5500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 82B6A500
Device \Driver\usbehci \Device\USBFDO-3 82CE43F8
Device \Driver\sptd \Device\3647755788 spuy.sys
Device \Driver\Ftdisk \Device\FtControl 82F711F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{57302538-F887-4678-A13B-69CCCA8DCF3D} 82B90500
Device \Driver\azq66oa6 \Device\Scsi\azq66oa61Port2Path0Target0Lun0 82DC5500
Device \Driver\azq66oa6 \Device\Scsi\azq66oa61 82DC5500
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Fastfat \Fat 82D05500

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Cdfs \Cdfs 82B42500

---- Processes - GMER 1.0.15 ----

Process C:\Program Files\Internet Explorer\IEXPLORE.EXE (*** hidden *** ) 1072
Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** ) 3296

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8[email protected] 0xFF 0x9B 0x61 0xB3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xD3 0x9D 0x6E 0xD9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x5D 0x34 0x59 0x13 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0xFF 0x9B 0x61 0xB3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xD3 0x9D 0x6E 0xD9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x5D 0x34 0x59 0x13 ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt 94 bytes
File C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WLYZ8XY3\default[1].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WLYZ8XY3\result[1].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WLYZ8XY3\search[1].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WLYZ8XY3\search[2].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WLYZ8XY3\search[3].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WLYZ8XY3\search[4].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WLYZ8XY3\search[5].htm 0 bytes

---- EOF - GMER 1.0.15 ----
  • 0

#4
MariaCristina

MariaCristina

    Visiting Staff

  • Visiting Consultant
  • 277 posts
Hello, Anomalous

Did you set any proxy in Internet Explorer?

I noticed you ran the tools in Safe Mode.
You should run the OTL fix in Safe Mode, but after that, you should reboot in normal mode and run Combofix.

STEP 1:

We need to make some changes in the Registry. Before we do that, we need to make a full backup of your Registry.
Posted Image ERUNT allows you to store a complete backup of your registry and restore if needed. Removing modern malware infections often requires making changes to the registry, and a corrupt registry can prevent a system from booting. Compatible with Windows NT, 2000, 2003, XP, Vista, 32 & 64-bit versions.

  • Download ERUNT (Emergency Recovery Utility NT)
  • Double-click erunt_setup.exe to run.
  • Follow the prompts and install using the default configuration (setup language, install location, shortcuts...).
  • Say No to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later.
  • Start ERUNT
  • Choose a location for the backup
    The default location C:\WINDOWS\ERDNT\[today's date] is preferred
  • The first two check boxes are ticked by default (System registry and Current user registry).
  • Press OK
  • When prompted, click YES to create a new folder.
  • Progress bars will show backup status.
  • A confirmation window will popup when complete. Click OK to close.

STEP 2:

Select these lines in red bellow, then right-click on the selection and go to copy:

:OTL
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Search Toolbar\tbhelper.dll ()
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://bing.zugo.com/?cfg=2-77-0-LZPx\n"
FF - prefs.js..keyword.URL: "http://bing.zugotool...s&site=Bing&q="
[2010/05/18 16:57:10 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Application Data\Mozilla\Firefox\Profiles\7gw44dt4.default\searchplugins\bing-ff.xml
[2010/04/05 21:14:09 | 000,000,000 | ---D | M] (Chameleon Tom) -- C:\Documents and Settings\suprturbocharged\Application Data\Mozilla\Firefox\Profiles\7gw44dt4.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA79}
[2010/04/05 21:14:18 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\suprturbocharged\Application Data\Mozilla\Firefox\Profiles\7gw44dt4.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}
O2 - BHO: (WitBHO Class) - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - C:\Program Files\ChameleonTom\wit4ie.dll (ChameleonTom)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O9 - Extra Button: ChameleonTom - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\ChameleonTom\ct.htm ()
O9 - Extra 'Tools' menuitem : ChameleonTom - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\ChameleonTom\ct.htm ()
[2010/09/01 21:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\suprturbocharged\Local Settings\Application Data\{6D11EF0B-9642-4E05-92E0-27F2F1682C9C}
[2010/09/01 21:43:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\suprturbocharged\Application Data\DE3AEBADDD04D6F514FF087CDCCB33A6
[2010/09/01 21:45:14 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Rqisexuyo.dat
[2010/09/01 21:45:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Bmefowu.bin

:files
C:\WINDOWS\bootcenteraudit.exe
C:\Windows\Tasks\at*.job
C:\Program Files\Search Toolbar
C:\Program Files\ChameleonTom

:commands
[emptytemp]
[emptyflash]
[purity]


Run OTL.exe

** Windows Vista and Windows 7 users:
Right-click on the file then choose Run as admin option.

Right-click on any blank part under Custom Scans/Fixes then click on Paste

Close ALL open windows except OTL.

Click on Fix button.

The tool will run the script and will ask to reboot your system. Allow it.

When back into Windows, OTL will be automatically ran. Allow it, if asked.

A notepad window will be shown, with some data.
Copy ALL (edit > select all > copy) its contents and paste here in a new reply.

This log would be saved in C:\_OTL\MovedFiles folder, named as date_time.log.

Eg: 03142010_145545.log

STEP 3:

Reboot and load Windows in normal mode.

STEP 4:

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.



Please, paste the required logs in your next reply.

:)
  • 0

#5
Anomalous

Anomalous

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
This computer is a mess, I've been loading programs into it through a flash drive but now even the mouse is disabled, I cant do anything from here.

I am completely comfortable with reformatting, will this remove my problems?
  • 0

#6
MariaCristina

MariaCristina

    Visiting Staff

  • Visiting Consultant
  • 277 posts
Hello, Anomalous

I am completely comfortable with reformatting, will this remove my problems?


Sure, it will remove the problems and also is the safest solution, if you normally perform financial transactions over the web.

Nevertheless, there is others options we can try in order to help you resolve these issues and leave your machine operating normally, if these problems are not hardware related.
You will need some other non-infected machine for downloading the tools, because we will boot Windows in some special way and will be working outside your Windows installation. You also will need a blank CD and also a clean flash drive for transferring the logs between the machines, as you will need to post these logs back here.

The choice is yours. Just let me know your decision.

:)
  • 0

#7
Anomalous

Anomalous

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
I decided to reformat, I was able to save what information I needed.
  • 0

#8
MariaCristina

MariaCristina

    Visiting Staff

  • Visiting Consultant
  • 277 posts
Hello, Anomalous

Now that you formatted and has a clean Windows installation, I have included bellow a number of recommendations regarding maintenance, in order to get your system running fine, and how to protect your computer against malware infections.

Maintenance
When you delete a file or uninstall a program, Windows frees the space it was occupying for new recordings. And when the operation is performed multiple times, your HD gets many empty spaces in the middle of occupied spaces.

In order to save a file, Windows puts in the first free space it finds. But often the new file does not fit in that space first found. In these cases, Windows records a part of the new file and looking for another space to save the rest of the file.

Thus, the new file or program is divided into several parts separated from each other: it is "fragmented". Consequence: when you have to open that file or program, Windows has to go from one place to another in search of hard disk from various parts, which makes opening the file slower.

Therefore, from time to time you need a disk defragmenter. Windows has a built-in defragmenter, but I suggest Puran Disc Defragmenter.

Just download it, install it and run it.

TFC - Temp File Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

Security

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • Malwarebytes' Anti-Malware - In its commercial version it offers realtime protection from spyware and trojans installation attempts and block access to known malicious IPs. In its free version, it has no real time protection, but you are allowed to manually update it and run a scan. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    Update the Java.
    Old Java versions have vulnerability what some malwares can use to infect your system.
    • Download the last Java Runtime Environment (JRE) 6u21 version.
    • Look for "Java Runtime Environment (JRE) 6update21".
    • Click in the button Download JRE.
    • Mark the option Accept License Agreement.
    • The page will be refresh.
    • Click in the link to download Windows Offline Installation, Multi-language jre-6u21-windows-i586.exe and save at your desktop.
    • Close any open windows and programs (browsers mainly).
    • Go to Control Panel > Add/Remove Programs and uninstall all the old Java versions.
      Old versions exemples:
      Java 2 Runtime Environment, SE v1.4.2
      J2SE Runtime Environment 5.0
      J2SE Runtime Environment 5.0 Update 6
    • Select any item with the name "Java Runtime Environment (JRE ou J2SE)".
    • Click in the button Remove or Change/Remove.
    • Repeat it as many times as you need to remove each old Java version.
    • When all the Java versions were removed, restart you computer.
    • Now, go to your desktop, and run jre-6u21-windows-i586-p.exe to install the latest version.

    Click here to update the Adobe Reader.
    Old versions have vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system.
  • Criminals constantly exploits flaws in popular programs, in order to redirect such program to execute some malicious file. Therefore it is imperative to keep ALL your programs always updated, especially the browser's components, such as Java, Flash and Shockwave player, pdf reader, media players's extensions and so on.
  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls
  • I highly recommend these FireFox add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
  • Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
    Here
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • Worms USB: This kind of malware exploits a built-in Windows feature, called Autoplay (when you plug or insert some media in your CD drive or USB, it asks you what do you want to do). The Autoplay feature needs a file called autorun.inf to work. There are two procedures you can perform to reduce the risk of having your system infected:

    Disable the Autoplay feature:
    http://go.microsoft....?linkid=9741395

    Keep a clean and protected autorun.inf file on all removable media and system partitions. This way, in case you plug your flash drive in some infected machine, the worm will not be able to override the pre-existent file. But it will be able to write a copy of its others malicious files, as .exe, .scr, .cmd, .pif. If you plug this flash drive in a clean machine and run some of such malicious file, that system will be infected as well. Be careful!

    For Windows XP:

    Download Flash_Disinfector.exe by sUBs and save it into your desktop.
    • Insert all your removable devices in USBs (such as memory sticks from cell phones and cameras and flash drives). Save what you need, EXCEPT executable files, such as .exe, .pif, .cmd, .bat, .scr, .com, then format the removable devices, by My Computer window then right-click on desired drive icon and choose "Format" option.
    • Double-click in Flash_Disinfector.exe.
    • Follow the prompts.
    • When its scan is complete, close the tool and unplug the removable devices.

    For Windows Vista and 7:
    http://research.pand...utorun-vaccine/
  • Again: Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.


Thank you for your patience, and performing all of the procedures requested.

:)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP