Hello and thank you for responding, here are my logs (Malwarebytes found no infections, I posted an older log that found some.)
OTL logfile created on: 9/12/2010 3:45:33 PM - Run 3
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\suprturbocharged\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
767.00 Mb Total Physical Memory | 603.00 Mb Available Physical Memory | 79.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 19.06 Gb Free Space | 12.79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 5.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 1.91 Gb Total Space | 1.23 Gb Free Space | 64.53% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SUPERCOMPUTER20
Current User Name: suprturbocharged
Logged in as Administrator.
Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2010/07/08 20:24:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\suprturbocharged\Desktop\OTL.exe
PRC - [2006/12/11 12:20:18 | 004,603,904 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Application Data\U3\00001675C6731C97\LaunchPad.exe
PRC - [2006/02/28 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ========== MOD - [2010/07/08 20:24:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\suprturbocharged\Desktop\OTL.exe
MOD - [2006/02/28 05:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2006/02/28 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/07 15:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 15:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/01/07 15:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2002/05/03 11:29:42 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\NMSSvc.Exe -- (NMSSvc) Intel®
========== Driver Services (SafeList) ========== DRV - [2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 07:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 07:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/03/06 20:36:41 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/01/07 15:22:02 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2008/05/21 09:26:40 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2004/08/03 15:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/05/03 11:30:08 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NMSCFG.SYS -- (NMSCFG)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.com/IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://us.rd.yahoo.c...//www.yahoo.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.c...//www.yahoo.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
http://us.rd.yahoo.c...rch/search.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.c...//www.yahoo.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
http://google.com/IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Search Toolbar\tbhelper.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "
http://bing.zugo.com/?cfg=2-77-0-LZPx\n"FF - prefs.js..extensions.enabledItems:
[email protected]:1.0
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA79}:1.0.21
FF - prefs.js..extensions.enabledItems: {896642E4-C556-4ED3-85D1-9AC431603E7D}:1.0.4
FF - prefs.js..extensions.enabledItems: {301eab2b-b40b-0e35-5666-6c34de73ecf2}:4.6.6.6
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6
FF - prefs.js..keyword.URL: "
http://bing.zugotool...s&site=Bing&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/04 21:58:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/09 01:06:36 | 000,000,000 | ---D | M]
[2010/03/06 19:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\suprturbocharged\Application Data\Mozilla\Extensions
[2010/08/31 22:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\suprturbocharged\Application Data\Mozilla\Firefox\Profiles\7gw44dt4.default\extensions
[2010/04/05 21:14:09 | 000,000,000 | ---D | M] (Chameleon Tom) -- C:\Documents and Settings\suprturbocharged\Application Data\Mozilla\Firefox\Profiles\7gw44dt4.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA79}
[2010/05/18 17:30:28 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\suprturbocharged\Application Data\Mozilla\Firefox\Profiles\7gw44dt4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/04/05 21:14:18 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\suprturbocharged\Application Data\Mozilla\Firefox\Profiles\7gw44dt4.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}
[2010/05/18 16:57:10 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Application Data\Mozilla\Firefox\Profiles\7gw44dt4.default\searchplugins\bing-ff.xml
[2010/08/31 22:17:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/05 21:14:24 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{301eab2b-b40b-0e35-5666-6c34de73ecf2}
O1 HOSTS File: ([2010/09/09 14:16:21 | 000,419,161 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14466 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (WitBHO Class) - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - C:\Program Files\ChameleonTom\wit4ie.dll (ChameleonTom)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ChameleonTom - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\ChameleonTom\ct.htm ()
O9 - Extra 'Tools' menuitem : ChameleonTom - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\ChameleonTom\ct.htm ()
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\suprturbocharged\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\suprturbocharged\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/02 15:04:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/12/11 13:03:59 | 000,000,277 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{9a7e694b-bbd2-11df-b5f9-0007e97b1044}\Shell - "" = AutoRun
O33 - MountPoints2\{9a7e694b-bbd2-11df-b5f9-0007e97b1044}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a7e694b-bbd2-11df-b5f9-0007e97b1044}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006/12/07 11:45:13 | 001,095,224 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.
========== Files/Folders - Created Within 90 Days ========== [2010/09/12 12:46:33 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\suprturbocharged\Desktop\TFC.exe
[2010/09/11 11:11:32 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/11 11:11:32 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/11 11:11:31 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/11 11:11:29 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/11 11:11:27 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/11 11:11:27 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/11 11:11:26 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/09/11 11:11:12 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/09/11 11:11:12 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/09/11 11:11:05 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/09/11 11:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/09/10 14:13:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\suprturbocharged\Application Data\U3
[2010/09/09 16:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/09/09 16:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/09/09 14:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/09/09 14:00:15 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\suprturbocharged\Desktop\spybotsd162.exe
[2010/09/08 23:08:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/08 23:08:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/08 22:37:37 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\suprturbocharged\Desktop\OTL.exe
[2010/09/04 21:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2010/09/04 20:01:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/09/01 21:55:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/09/01 21:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\suprturbocharged\Local Settings\Application Data\{6D11EF0B-9642-4E05-92E0-27F2F1682C9C}
[2010/09/01 21:43:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\suprturbocharged\Application Data\DE3AEBADDD04D6F514FF087CDCCB33A6
========== Files - Modified Within 90 Days ========== [2010/09/12 15:42:04 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\suprturbocharged\Desktop\TFC.exe
[2010/09/12 15:16:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/12 15:15:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/12 15:15:23 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\ntuser.dat
[2010/09/12 15:15:23 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\suprturbocharged\ntuser.ini
[2010/09/12 15:15:00 | 002,799,040 | -H-- | M] () -- C:\Documents and Settings\suprturbocharged\Local Settings\Application Data\IconCache.db
[2010/09/12 15:14:09 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/12 15:14:09 | 000,000,229 | -HS- | M] () -- C:\boot.ini
[2010/09/12 15:14:09 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/12 15:12:13 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/12 00:51:25 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/09/11 22:52:32 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1677128483-1801674531-1004UA.job
[2010/09/11 22:41:46 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/09/11 22:41:41 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/09/11 22:41:36 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/09/11 22:41:31 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/09/11 22:41:16 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/09/11 22:41:11 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/09/11 22:37:43 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/09/11 22:34:48 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/09/11 22:34:43 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/09/11 22:34:38 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/09/11 22:34:33 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/09/11 22:34:23 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/09/11 22:08:01 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/09/11 11:11:33 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avast!.lnk
[2010/09/11 11:11:27 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/09 15:13:28 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/09 14:16:21 | 000,419,161 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/09 14:01:18 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/09 14:01:17 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Desktop\Spybot - Search & Destroy.lnk
[2010/09/08 22:53:13 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2010/09/07 08:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/09/07 08:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/07 07:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/07 07:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/07 07:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/09/02 10:45:05 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1677128483-1801674531-1004Core.job
[2010/09/01 21:45:14 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Rqisexuyo.dat
[2010/09/01 21:45:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Bmefowu.bin
[2010/08/19 22:45:33 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Desktop\Google Chrome.lnk
[2010/08/19 22:45:33 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/10 21:58:15 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/21 13:23:59 | 000,000,154 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Desktop\Network Connections.lnk
[2010/07/08 20:24:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\suprturbocharged\Desktop\OTL.exe
[2010/07/08 10:55:06 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\suprturbocharged\Desktop\spybotsd162.exe
[2010/07/07 09:13:15 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/06/28 15:05:30 | 000,000,412 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\My Documents\spider.sav
[2010/06/28 14:35:29 | 000,001,502 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Desktop\Spider Solitaire.lnk
[2010/06/26 11:55:07 | 000,001,515 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Desktop\Minesweeper.lnk
[2010/06/25 18:08:00 | 000,001,491 | ---- | M] () -- C:\Documents and Settings\suprturbocharged\Desktop\Solitaire.lnk
========== Files Created - No Company Name ========== [2010/09/11 11:11:33 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avast!.lnk
[2010/09/09 14:01:17 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\suprturbocharged\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/09 14:01:17 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\suprturbocharged\Desktop\Spybot - Search & Destroy.lnk
[2010/09/08 23:15:42 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\suprturbocharged\Desktop\gmer.exe
[2010/09/08 22:53:12 | 000,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2010/09/02 21:01:07 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/09/02 21:01:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/09/02 21:01:05 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/09/02 21:01:05 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/09/02 21:01:05 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/09/02 21:01:05 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/09/02 21:01:05 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/09/02 21:01:04 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/09/01 21:45:14 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Rqisexuyo.dat
[2010/09/01 21:45:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bmefowu.bin
[2010/08/20 11:03:53 | 006,815,744 | ---- | C] () -- C:\Documents and Settings\suprturbocharged\ntuser.dat
[2010/07/21 13:23:59 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\suprturbocharged\Desktop\Network Connections.lnk
[2010/07/07 09:13:14 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/07/07 09:13:14 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2010/06/28 17:48:18 | 000,001,502 | ---- | C] () -- C:\Documents and Settings\suprturbocharged\Desktop\Spider Solitaire.lnk
[2010/06/28 15:05:30 | 000,000,412 | ---- | C] () -- C:\Documents and Settings\suprturbocharged\My Documents\spider.sav
[2010/06/27 17:31:34 | 000,001,491 | ---- | C] () -- C:\Documents and Settings\suprturbocharged\Desktop\Solitaire.lnk
[2010/06/27 17:31:23 | 000,001,515 | ---- | C] () -- C:\Documents and Settings\suprturbocharged\Desktop\Minesweeper.lnk
[2006/02/28 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/02/06 09:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 15:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
========== LOP Check ========== [2010/09/11 11:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/06 20:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/04/05 21:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Toolbar4
[2010/09/08 22:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\suprturbocharged\Application Data\DAEMON Tools Lite
[2010/09/04 21:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\suprturbocharged\Application Data\DE3AEBADDD04D6F514FF087CDCCB33A6
[2010/04/13 23:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\suprturbocharged\Application Data\Facebook
[2010/03/10 12:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\suprturbocharged\Application Data\Red Kawa
[2010/03/11 12:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\suprturbocharged\Application Data\SlimBrowser
[2010/09/08 22:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\suprturbocharged\Application Data\uTorrent
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/09/11 22:41:36 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/09/11 22:34:43 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/09/11 22:34:33 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/09/11 22:41:41 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/09/11 22:41:16 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/09/11 22:34:48 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/09/11 22:08:01 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/09/11 22:41:31 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/09/11 22:41:46 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/09/12 00:51:25 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/09/11 22:34:23 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/09/11 22:41:11 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/09/11 22:34:38 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/09/11 22:37:43 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/09/02 21:01:07 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* >[2010/03/10 11:54:02 | 1462,243,328 | ---- | M] () -- C:\2010-03-10 0958.ISO
[2010/03/10 11:54:02 | 000,004,328 | ---- | M] () -- C:\2010-03-10 0958.MDS
[2009/08/02 15:04:44 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/09/12 15:14:09 | 000,000,229 | -HS- | M] () -- C:\boot.ini
[2009/08/02 15:04:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/08/02 15:04:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/08/02 15:04:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/28 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2006/02/28 05:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/09/12 15:16:30 | 1207,959,552 | -HS- | M] () -- C:\pagefile.sys
[2010/09/09 14:08:32 | 000,000,406 | ---- | M] () -- C:\rkill.log
< %systemroot%\*. /mp /s > < %systemroot%\System32\config\*.sav >[2009/08/02 07:48:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/08/02 07:48:38 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/08/02 07:48:38 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-02-24 11:00:21
< End of report >
-----
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4577
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180
9/9/2010 1:07:26 AM
mbam-log-2010-09-09 (01-07-26).txt
Scan type: Quick scan
Objects scanned: 140245
Time elapsed: 1 hour(s), 49 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 114
Registry Values Infected: 4
Registry Data Items Infected: 1
Folders Infected: 30
Files Infected: 60
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\cntntcntr.cntntdic (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{148e1447-c728-48fd-beec-a7d06c5fff58} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ee46f55-1ce1-4db9-811a-68938ec7f3dd} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a87dfd99-cf81-4241-85ce-881e0026b686} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c96b9fae-a032-4100-bb47-32ef05e28be4} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{14113b47-d59c-4f0f-9d10-ff1730265584} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9c42a57-421c-4572-8b12-249c59183d1c} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cntntcntr.cntntdic.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cntntcntr.cntntdisp (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cntntcntr.cntntdisp.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0729f461-8054-47dc-8d39-a31b61cc0119} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{40ca90f3-4098-4877-ae87-23eb612b18c7} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4c3b62af-ca25-4fba-8405-32e44f83bb6f} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5a635a91-c303-45c9-8db9-f759d98a3b9d} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7e335d04-2e6e-4d0e-a921-c3d9192e7121} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{99ccfb8c-6380-4a14-8fdd-ef3e7e95335d} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b20d7add-989c-4bc0-a797-f6fe7998efd7} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bfc20a15-b0ac-44cc-a25a-a7039014ba9f} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f019aec4-4c95-46de-a107-e302473e3b9a} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2d00aa2a-69ef-487a-8a40-b3e27f07c91e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{86c5840b-80c4-4c30-a655-37344a542009} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{a57470de-14c7-4fcd-9d4c-e5711f24f0ed} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2557dd3f-23a0-477c-bcd8-90fd0aecc4b8} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2893116c-a176-42b1-8794-da8c9fc45564} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{99fdca0c-7380-4e9c-8d99-5dc4750334ef} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b1d9f4b1-b9ff-463f-bf15-ab9cb26160f7} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{71f731b3-008b-4052-9ea4-4145acce40c3} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8292078f-f6e9-412b-8eb1-360c05c5ece5} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2447e305-5e90-42a8-bd1e-0bc333b807e1} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{50d2fdcc-2707-49cb-8223-7fe0424909aa} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{878ce013-7ba9-4650-a78c-b2234c0c1648} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a5b6fa30-d317-41ca-9cb1-c898d3c7f34e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cc19a5f2-b4ad-41d5-a5c9-0680904c1483} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hotbarax.info (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{76d54105-99eb-4ecb-95b2-a944f50cc566} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30b15818-e110-4527-9c05-46ace5a3460d} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{618aad04-921f-44c2-be38-c0818af69861} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b5d2ed96-62f9-4c2c-956d-e425b1f67337} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d3a412e8-1e4b-47d2-9b12-f88291f5afbb} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3e67daa-da01-4da5-98be-3088b554a11e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a3e67daa-da01-4da5-98be-3088b554a11e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d95c7240-0282-4c01-93f5-673bca03da86} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d95c7240-0282-4c01-93f5-673bca03da86} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hotbarax.info.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hotbarax.userprofiles (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hotbarax.userprofiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hotbarweather.weathercontroller (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hotbarweather.weathercontroller.1 (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c62a9e79-2b52-439b-af57-2e60bb06e86c} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{15fd8424-d12a-4c51-8c6c-d5d57b80f781} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{67b3becf-7b6f-42b2-99f0-f7656f89cffa} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{715ffd42-4e05-4eab-9513-c8daa5395ae2} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{759d6f7c-8d30-45b6-abea-fa51c190eed5} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9a4a64a4-a2fb-48fa-9bba-1ac50267695d} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{62906e60-bce2-4e1b-9ed0-8b9042ee15e4} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f9bfa98d-9935-4ea4-a05a-72c7f0778f02} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3ceb04ab-08af-45f4-81b4-70d13c1f7b85} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a7213d71-47e1-4832-92d7-d61dfe9f231f} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf82f350-e1c4-4916-ac12-ba73db60afb7} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d1063603-f045-475f-afbc-8cba7d5797fb} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{0d82acd6-a652-4496-a298-2bde705f4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025e484-d4b0-441a-9f0b-69063bd679ce} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258b35c-05b8-4c0e-9525-9bccc70f8f2d} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a89256ad-ec17-4a83-bef5-4b8bc4f39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2f9ad413-2e0b-4a85-bb2a-cf961238262a} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{70880ce6-308c-4204-a89e-b266c3f7b7fa} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8c788aa2-7530-43be-97b7-4d491f13bea3} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{03d7ff6e-9781-40b5-bb7f-94291a361604} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdc73256-a88d-4642-844e-a8f20b76789c} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\-ozqob_g-afp (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\hotbarsa (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8a9501e4-40b7-4b91-b91e-a2c608b3d0ac} (Adware.LoudMo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8a9501e4-40b7-4b91-b91e-a2c608b3d0ac} (Adware.LoudMo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\srs_it_e8790373b1765b5a34af92 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\
[email protected] (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (
http://bing.zugo.com/?cfg=2-77-0-LZPx) Good: (
http://www.google.com) -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\IESkins (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\v3.5 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\v3.5\HostOI (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\v3.5\HostOI\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\v3.5\HostOL (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\v3.5\HostOL\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\v3.5\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\v3.5\Hotbar\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\v3.5\Hotbar\dynamic\ustat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\v3.5\Hotbar\static (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\v3.5\Hotbar\static\1 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\v3.5\Hotbar\static\2 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\Weather_XML (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar_Icons (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\firefox\extensions\plugins (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Hotbar\bin\11.0.120.0\CntntCntr.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\CoreSrv.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\HostIE.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\HostOL.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\HotbarSAAX.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\Toolbar.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\Srv.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\Weather.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\plugins\npclntax_HotbarSA.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\-ozQob_g-AFp.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ypgrv.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Local Settings\Temp\2864cf12.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Local Settings\Temp\5023.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Local Settings\Temp\5025.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Local Settings\Temp\5027.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Local Settings\Temp\502C.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Local Settings\Temp\597337437.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Local Settings\Temp\e19ab4de.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Local Settings\Temp\loader.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Local Settings\Temp\mkcxhunr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Local Settings\Temp\rnexacwmos.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Local Settings\Temp\SHO43.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Local Settings\Temp\smss.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Local Settings\Temp\wtpvaae.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\17fd3b4b.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\6fc7ec27.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\history (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\WeatherStartup.xml (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\WeatherDPA\Links (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\WeatherDPA\radar-big.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\WeatherDPA\radar-small (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\WeatherDPA\satellite-big.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\WeatherDPA\satellite-small (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\WeatherDPA\WeatherPreferences (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\Display (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\Loading (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\screen2 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\Weather_XML\Default (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\Weather_XML\Genera1 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar\Weather\Weather_XML\General (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Application Data\Hotbar_Icons\dealnews.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\arrow.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\HotbarSA.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\HotbarSADF.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\HotbarSAHook.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\HotbarUninstaller.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\WeSkin.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\firefox\extensions\chrome.manifest (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar\bin\11.0.120.0\firefox\extensions\plugins\npclntax_HotbarSA.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\About Hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Hotbar Games!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Hotbar Uninstall Instructions.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Hotbar Videos!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Reset Cursor.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Weather.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Local Settings\Temp\skaioejiesfjoee.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\suprturbocharged\Templates\memory.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rEI-d_b---.dll (Adware.LoudMo) -> Quarantined and deleted successfully.
-----
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-09-12 16:31:57
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\SUPRTU~1\LOCALS~1\Temp\awacraog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xEEAF6CF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xEEAF6BAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xEEAF7160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xEEAF708A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xEEAF6782]
SSDT spuy.sys ZwEnumerateKey [0xF7434DA4]
SSDT spuy.sys ZwEnumerateValueKey [0xF7435132]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xEEAF6C86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xEEAF66C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xEEAF6726]
SSDT spuy.sys ZwQueryKey [0xF743520A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xEEAF6DA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xEEAF722E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xEEAF6D66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xEEAF6EE6]
INT 0x62 ? 82FDCBF8
INT 0x63 ? 82E24D28
INT 0x82 ? 82FDCBF8
INT 0x83 ? 82E24D28
INT 0xA4 ? 82E24D28
INT 0xB4 ? 82E24D28
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEEB03BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xEEB039D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xEEB03B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntoskrnl.exe!ObInsertObject 80564423 5 Bytes JMP EEB00FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!NtCreateSection 8056469B 7 Bytes JMP EEB039D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 80581EFE 7 Bytes JMP EEB03BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A1132 5 Bytes JMP EEAFF5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805A40FA 7 Bytes JMP EEB03B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? spuy.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F720C62C 5 Bytes JMP 82E24308
.text azq66oa6.SYS F6FC7386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text azq66oa6.SYS F6FC73AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text azq66oa6.SYS F6FC73C4 3 Bytes [00, 80, 02]
.text azq66oa6.SYS F6FC73C9 1 Byte [30]
.text azq66oa6.SYS F6FC73C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\svchost.exe[1032] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007A000A
.text C:\WINDOWS\System32\svchost.exe[1032] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 007B000A
.text C:\WINDOWS\System32\svchost.exe[1032] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0079000C
.text C:\WINDOWS\System32\svchost.exe[1032] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 008F000A
.text C:\WINDOWS\Explorer.EXE[1512] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A0000A
.text C:\WINDOWS\Explorer.EXE[1512] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A6000A
.text C:\WINDOWS\Explorer.EXE[1512] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 009F000C
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1628] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\WINDOWS\system32\wuauclt.exe[1640] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007B000A
.text C:\WINDOWS\system32\wuauclt.exe[1640] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 007C000A
.text C:\WINDOWS\system32\wuauclt.exe[1640] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 003D000C
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 82FDB1F8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Fastfat \FatCdrom 82D05500
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\PCI_PNP3288 \Device\00000042 spuy.sys
Device \Driver\usbuhci \Device\USBPDO-0 82CE5500
Device \Driver\usbuhci \Device\USBPDO-1 82CE5500
Device \Driver\usbuhci \Device\USBPDO-2 82CE5500
Device \Driver\usbehci \Device\USBPDO-3 82CE43F8
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\Ftdisk \Device\HarddiskVolume1 82F711F8
Device \Driver\Cdrom \Device\CdRom0 82CB81F8
Device \Driver\USBSTOR \Device\00000059 82B2B1F8
Device \Driver\atapi \Device\Ide\IdePort0 82FDC1F8
Device \Driver\atapi \Device\Ide\IdePort1 82FDC1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 82FDC1F8
Device \Driver\Cdrom \Device\CdRom1 82CB81F8
Device \Driver\Cdrom \Device\CdRom2 82CB81F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 82B90500
Device \Driver\NetBT \Device\NetbiosSmb 82B90500
Device \Driver\USBSTOR \Device\0000005a 82B2B1F8
Device \Driver\USBSTOR \Device\0000005b 82B2B1F8
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbuhci \Device\USBFDO-0 82CE5500
Device \Driver\usbuhci \Device\USBFDO-1 82CE5500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82B6A500
Device \Driver\usbuhci \Device\USBFDO-2 82CE5500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 82B6A500
Device \Driver\usbehci \Device\USBFDO-3 82CE43F8
Device \Driver\sptd \Device\3647755788 spuy.sys
Device \Driver\Ftdisk \Device\FtControl 82F711F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{57302538-F887-4678-A13B-69CCCA8DCF3D} 82B90500
Device \Driver\azq66oa6 \Device\Scsi\azq66oa61Port2Path0Target0Lun0 82DC5500
Device \Driver\azq66oa6 \Device\Scsi\azq66oa61 82DC5500
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Fastfat \Fat 82D05500
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \FileSystem\Cdfs \Cdfs 82B42500
---- Processes - GMER 1.0.15 ----
Process C:\Program Files\Internet Explorer\IEXPLORE.EXE (*** hidden *** ) 1072
Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** ) 3296
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFF 0x9B 0x61 0xB3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD3 0x9D 0x6E 0xD9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5D 0x34 0x59 0x13 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFF 0x9B 0x61 0xB3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD3 0x9D 0x6E 0xD9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5D 0x34 0x59 0x13 ...
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\NetworkService\Cookies\system@mevio[1].txt 94 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@pubmatic[2].txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@realmedia[2].txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@adap[2].txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WLYZ8XY3\default[1].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WLYZ8XY3\result[1].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WLYZ8XY3\search[1].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WLYZ8XY3\search[2].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WLYZ8XY3\search[3].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WLYZ8XY3\search[4].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WLYZ8XY3\search[5].htm 0 bytes
---- EOF - GMER 1.0.15 ----