Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Congradulation You Are a Winner


  • Please log in to reply

#1
KingHenrytheIV

KingHenrytheIV

    New Member

  • Member
  • Pip
  • 2 posts
OTL logfile created on: 9/9/2010 9:06:32 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Hank\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 133.39 Gb Free Space | 89.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HANK-PC
Current User Name: Hank
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/09 20:50:55 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Hank\Desktop\OTL.exe
PRC - [2010/09/08 17:16:17 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/01 05:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/03/31 08:26:20 | 000,079,416 | R--- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe


========== Modules (SafeList) ==========

MOD - [2010/09/09 20:50:55 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Hank\Desktop\OTL.exe
MOD - [2009/07/13 21:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 21:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 21:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 21:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 21:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 21:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 21:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 21:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/08 13:02:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/01/09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 21:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 21:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 21:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 21:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Driver Services (SafeList) ==========

DRV - [2010/09/08 17:38:36 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/12/11 03:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 21:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 21:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 21:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 21:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 19:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 19:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 19:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 19:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 19:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 19:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 19:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 18:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 18:02:48 | 001,131,008 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/04/20 09:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/01/18 11:31:26 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/07/21 22:05:34 | 002,920,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 32 C9 5D BE 7B 4F CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://go.microsoft..../?LinkId=69157"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/08 17:05:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/09 08:53:33 | 000,000,000 | ---D | M]

[2010/09/08 16:44:34 | 000,000,000 | ---D | M] -- C:\Users\Hank\AppData\Roaming\Mozilla\Extensions
[2010/09/09 08:16:36 | 000,000,000 | ---D | M] -- C:\Users\Hank\AppData\Roaming\Mozilla\Firefox\Profiles\85lasmbx.default\extensions
[2010/09/08 16:44:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/09 20:50:43 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Hank\Desktop\OTL.exe
[2010/09/09 20:27:40 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Hank\Desktop\mbam-setup.exe
[2010/09/09 20:26:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/09 20:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/09 20:22:26 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Hank\Desktop\erunt-setup.exe
[2010/09/09 20:01:09 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Hank\Desktop\TFC.exe
[2010/09/09 19:10:21 | 000,000,000 | ---D | C] -- C:\Users\Hank\AppData\Roaming\Malwarebytes
[2010/09/09 19:10:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/09 19:09:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/09 19:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/09 19:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/08 17:48:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/09/08 17:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/09/08 17:47:38 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/09/08 17:47:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/09/08 17:47:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/09/08 17:45:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/09/08 17:44:34 | 000,000,000 | ---D | C] -- C:\Users\Hank\AppData\Local\Microsoft Help
[2010/09/08 17:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/09/08 17:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/09/08 17:44:10 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/09/08 17:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/09/08 17:37:55 | 000,000,000 | ---D | C] -- C:\Users\Hank\AppData\Roaming\DAEMON Tools Lite
[2010/09/08 17:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/09/08 17:16:20 | 000,000,000 | ---D | C] -- C:\Users\Hank\AppData\Roaming\Macromedia
[2010/09/08 17:16:20 | 000,000,000 | ---D | C] -- C:\Users\Hank\AppData\Roaming\Adobe
[2010/09/08 17:16:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/09/08 17:15:28 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/09/08 17:15:13 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/09/08 17:14:42 | 000,000,000 | ---D | C] -- C:\Users\Hank\AppData\Roaming\uTorrent
[2010/09/08 17:11:50 | 000,000,000 | ---D | C] -- C:\Users\Hank\AppData\Local\ElevatedDiagnostics
[2010/09/08 17:06:12 | 000,000,000 | ---D | C] -- C:\Users\Hank\AppData\Local\Apple Computer
[2010/09/08 17:06:11 | 000,000,000 | ---D | C] -- C:\Users\Hank\AppData\Roaming\Apple Computer
[2010/09/08 17:06:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/09/08 17:05:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/08 17:05:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/08 17:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/08 17:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/09/08 17:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/09/08 17:04:49 | 000,000,000 | ---D | C] -- C:\Users\Hank\AppData\Local\Apple
[2010/09/08 17:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/09/08 17:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/08 17:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/09/08 17:04:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/09/08 17:02:34 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/09/08 17:02:33 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/08 17:02:32 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/08 17:02:30 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/09/08 17:02:26 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/08 17:01:38 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/09/08 17:01:38 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/08 17:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/09/08 17:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/09/08 16:50:53 | 000,000,000 | ---D | C] -- C:\Users\Hank\AppData\Roaming\hpqLog
[2010/09/08 16:50:08 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/09/08 16:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/09/08 16:49:41 | 000,000,000 | ---D | C] -- C:\Users\Hank\AppData\Roaming\InstallShield
[2010/09/08 16:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/09/08 16:44:33 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/09/08 16:44:20 | 000,000,000 | ---D | C] -- C:\Users\Hank\AppData\Roaming\Mozilla
[2010/09/08 16:44:20 | 000,000,000 | ---D | C] -- C:\Users\Hank\AppData\Local\Mozilla
[2010/09/08 16:44:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/09/08 15:48:15 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/09/08 15:45:27 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/09/08 15:45:05 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/09/08 13:29:22 | 000,000,000 | ---D | C] -- C:\Users\Hank\AppData\Roaming\ATI
[2010/09/08 13:29:22 | 000,000,000 | ---D | C] -- C:\Users\Hank\AppData\Local\ATI
[2010/09/08 13:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/09/08 13:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/09/08 13:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/09/08 13:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/09/08 13:17:49 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/09/08 13:17:49 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2010/09/08 13:12:59 | 000,000,000 | ---D | C] -- C:\Intel
[2010/09/08 13:02:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010/09/08 12:52:03 | 000,000,000 | R--D | C] -- C:\Users\Hank\Searches
[2010/09/08 12:52:03 | 000,000,000 | -H-D | C] -- C:\Users\Hank\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/09/08 12:51:54 | 000,000,000 | ---D | C] -- C:\Users\Hank\AppData\Roaming\Identities
[2010/09/08 12:51:52 | 000,000,000 | R--D | C] -- C:\Users\Hank\Contacts
[2010/09/08 12:51:39 | 000,000,000 | ---D | C] -- C:\Users\Hank\AppData\Local\VirtualStore
[2010/09/08 12:51:37 | 000,000,000 | --SD | C] -- C:\Users\Hank\AppData\Roaming\Microsoft
[2010/09/08 12:51:37 | 000,000,000 | R--D | C] -- C:\Users\Hank\Videos
[2010/09/08 12:51:37 | 000,000,000 | R--D | C] -- C:\Users\Hank\Saved Games
[2010/09/08 12:51:37 | 000,000,000 | R--D | C] -- C:\Users\Hank\Pictures
[2010/09/08 12:51:37 | 000,000,000 | R--D | C] -- C:\Users\Hank\Music
[2010/09/08 12:51:37 | 000,000,000 | R--D | C] -- C:\Users\Hank\Links
[2010/09/08 12:51:37 | 000,000,000 | R--D | C] -- C:\Users\Hank\Favorites
[2010/09/08 12:51:37 | 000,000,000 | R--D | C] -- C:\Users\Hank\Downloads
[2010/09/08 12:51:37 | 000,000,000 | R--D | C] -- C:\Users\Hank\My Documents
[2010/09/08 12:51:37 | 000,000,000 | R--D | C] -- C:\Users\Hank\Desktop
[2010/09/08 12:51:37 | 000,000,000 | -HSD | C] -- C:\Users\Hank\AppData\Local\Temporary Internet Files
[2010/09/08 12:51:37 | 000,000,000 | -HSD | C] -- C:\Users\Hank\Templates
[2010/09/08 12:51:37 | 000,000,000 | -HSD | C] -- C:\Users\Hank\Start Menu
[2010/09/08 12:51:37 | 000,000,000 | -HSD | C] -- C:\Users\Hank\SendTo
[2010/09/08 12:51:37 | 000,000,000 | -HSD | C] -- C:\Users\Hank\Recent
[2010/09/08 12:51:37 | 000,000,000 | -HSD | C] -- C:\Users\Hank\PrintHood
[2010/09/08 12:51:37 | 000,000,000 | -HSD | C] -- C:\Users\Hank\NetHood
[2010/09/08 12:51:37 | 000,000,000 | -HSD | C] -- C:\Users\Hank\Documents\My Videos
[2010/09/08 12:51:37 | 000,000,000 | -HSD | C] -- C:\Users\Hank\Documents\My Pictures
[2010/09/08 12:51:37 | 000,000,000 | -HSD | C] -- C:\Users\Hank\Documents\My Music
[2010/09/08 12:51:37 | 000,000,000 | -HSD | C] -- C:\Users\Hank\My Documents
[2010/09/08 12:51:37 | 000,000,000 | -HSD | C] -- C:\Users\Hank\Local Settings
[2010/09/08 12:51:37 | 000,000,000 | -HSD | C] -- C:\Users\Hank\AppData\Local\History
[2010/09/08 12:51:37 | 000,000,000 | -HSD | C] -- C:\Users\Hank\Cookies
[2010/09/08 12:51:37 | 000,000,000 | -HSD | C] -- C:\Users\Hank\Application Data
[2010/09/08 12:51:37 | 000,000,000 | -HSD | C] -- C:\Users\Hank\AppData\Local\Application Data
[2010/09/08 12:51:37 | 000,000,000 | -H-D | C] -- C:\Users\Hank\AppData
[2010/09/08 12:51:37 | 000,000,000 | ---D | C] -- C:\Users\Hank\AppData\Local\Temp
[2010/09/08 12:51:37 | 000,000,000 | ---D | C] -- C:\Users\Hank\AppData\Local\Microsoft
[2010/09/08 12:51:37 | 000,000,000 | ---D | C] -- C:\Users\Hank\AppData\Roaming\Media Center Programs
[2010/09/08 12:51:28 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 90 Days ==========

[2010/09/09 21:08:34 | 000,786,432 | -HS- | M] () -- C:\Users\Hank\NTUSER.DAT
[2010/09/09 20:54:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/09 20:50:55 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Hank\Desktop\OTL.exe
[2010/09/09 20:35:20 | 000,284,915 | ---- | M] () -- C:\Users\Hank\Desktop\gmer.zip
[2010/09/09 20:29:06 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/09 20:28:02 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Hank\Desktop\mbam-setup.exe
[2010/09/09 20:25:06 | 000,000,898 | ---- | M] () -- C:\Users\Hank\Desktop\NTREGOPT.lnk
[2010/09/09 20:25:06 | 000,000,879 | ---- | M] () -- C:\Users\Hank\Desktop\ERUNT.lnk
[2010/09/09 20:22:48 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Hank\Desktop\erunt-setup.exe
[2010/09/09 20:12:32 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/09 20:12:32 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/09 20:09:40 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/09 20:09:40 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/09 20:09:40 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/09 20:05:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/09 20:05:10 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/09 20:01:19 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Hank\Desktop\TFC.exe
[2010/09/09 19:20:18 | 000,930,666 | -H-- | M] () -- C:\Users\Hank\AppData\Local\IconCache.db
[2010/09/09 11:47:29 | 000,405,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/08 17:38:36 | 000,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2010/09/08 17:07:59 | 000,000,017 | ---- | M] () -- C:\Users\Hank\AppData\Local\resmon.resmoncfg
[2010/09/08 17:07:39 | 000,057,560 | ---- | M] () -- C:\Users\Hank\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/08 17:07:05 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/09/08 16:49:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010/09/08 16:44:15 | 000,001,913 | ---- | M] () -- C:\Users\Hank\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/08 15:48:28 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/09/08 15:46:44 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/09/08 12:58:48 | 000,001,411 | ---- | M] () -- C:\Users\Hank\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/08 12:55:21 | 000,524,288 | -HS- | M] () -- C:\Users\Hank\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/09/08 12:55:21 | 000,524,288 | -HS- | M] () -- C:\Users\Hank\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/09/08 12:55:21 | 000,065,536 | -HS- | M] () -- C:\Users\Hank\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/09/08 12:51:37 | 000,000,020 | -HS- | M] () -- C:\Users\Hank\ntuser.ini
[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/07 11:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

========== Files Created - No Company Name ==========

[2010/09/09 20:35:12 | 000,284,915 | ---- | C] () -- C:\Users\Hank\Desktop\gmer.zip
[2010/09/09 20:23:17 | 000,000,898 | ---- | C] () -- C:\Users\Hank\Desktop\NTREGOPT.lnk
[2010/09/09 20:23:17 | 000,000,879 | ---- | C] () -- C:\Users\Hank\Desktop\ERUNT.lnk
[2010/09/09 19:10:02 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/08 17:38:36 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010/09/08 17:07:59 | 000,000,017 | ---- | C] () -- C:\Users\Hank\AppData\Local\resmon.resmoncfg
[2010/09/08 16:53:35 | 000,000,000 | ---- | C] () -- C:\Users\Hank\AppData\Local\QSwitch.txt
[2010/09/08 16:53:35 | 000,000,000 | ---- | C] () -- C:\Users\Hank\AppData\Local\DSwitch.txt
[2010/09/08 16:53:35 | 000,000,000 | ---- | C] () -- C:\Users\Hank\AppData\Local\AtStart.txt
[2010/09/08 16:49:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010/09/08 16:44:15 | 000,001,913 | ---- | C] () -- C:\Users\Hank\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/08 15:46:44 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/09/08 15:45:05 | 1610,063,872 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/08 12:58:48 | 000,001,411 | ---- | C] () -- C:\Users\Hank\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/08 12:51:37 | 000,786,432 | -HS- | C] () -- C:\Users\Hank\NTUSER.DAT
[2010/09/08 12:51:37 | 000,524,288 | -HS- | C] () -- C:\Users\Hank\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/09/08 12:51:37 | 000,524,288 | -HS- | C] () -- C:\Users\Hank\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/09/08 12:51:37 | 000,262,144 | -HS- | C] () -- C:\Users\Hank\ntuser.dat.LOG1
[2010/09/08 12:51:37 | 000,065,536 | -HS- | C] () -- C:\Users\Hank\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/09/08 12:51:37 | 000,000,290 | ---- | C] () -- C:\Users\Hank\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/09/08 12:51:37 | 000,000,272 | ---- | C] () -- C:\Users\Hank\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/09/08 12:51:37 | 000,000,020 | -HS- | C] () -- C:\Users\Hank\ntuser.ini
[2010/09/08 12:51:37 | 000,000,000 | -HS- | C] () -- C:\Users\Hank\ntuser.dat.LOG2
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2007/07/21 21:55:20 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/03/09 09:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2010/09/08 17:44:30 | 000,000,000 | ---D | M] -- C:\Users\Hank\AppData\Roaming\DAEMON Tools Lite
[2010/09/08 17:38:58 | 000,000,000 | ---D | M] -- C:\Users\Hank\AppData\Roaming\uTorrent
[2009/07/14 00:53:46 | 000,003,350 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/09/09 20:05:10 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/09 20:05:10 | 2146,754,560 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-09 15:23:11

< End of report >
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4585

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/9/2010 7:19:09 PM
mbam-log-2010-09-09 (19-19-09).txt

Scan type: Quick scan
Objects scanned: 130364
Time elapsed: 5 minute(s), 24 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 28
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 10
Files Infected: 17

Memory Processes Infected:
C:\Program Files\ClickPotatoLite\bin\10.0.529.0\ClickPotatoLiteSA.exe (Adware.ClickPotato) -> Unloaded process successfully.

Memory Modules Infected:
c:\program files\clickpotatolite\bin\10.0.529.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\clickpotatoliteax.info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c55ca95c-324b-451c-b2d2-6e895aa75fec} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30b15818-e110-4527-9c05-46ace5a3460d} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{618aad04-921f-44c2-be38-c0818af69861} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b5d2ed96-62f9-4c2c-956d-e425b1f67337} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d3a412e8-1e4b-47d2-9b12-f88291f5afbb} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1602f07d-8bf3-4c08-bdd6-dddb1c48aedc} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602f07d-8bf3-4c08-bdd6-dddb1c48aedc} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ac6d819e-aa8f-4418-a3bb-d165c1b18bb5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ac6d819e-aa8f-4418-a3bb-d165c1b18bb5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.userprofiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.userprofiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\menubuttonie.buttonie (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{814baa91-dc22-4350-87d6-0c86e93f7f08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{419eda30-6dff-432c-b534-e15d899abee4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7a3d6d17-9dd5-4c60-8076-d1784dabaf8c} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\menubuttonie.buttonie.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{11c27351-716b-4052-9361-e3b0a3f8221c} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\[email protected] (Adware.ClickPotato) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Users\Hank\AppData\Roaming\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite (Adware.ClickPotato) -> Delete on reboot.
C:\Program Files\ClickPotatoLite\bin (Adware.ClickPotato) -> Delete on reboot.
C:\Program Files\ClickPotatoLite\bin\10.0.529.0 (Adware.ClickPotato) -> Delete on reboot.
C:\Program Files\ClickPotatoLite\bin\10.0.529.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.529.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.529.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\ClickPotatoLite\bin\10.0.529.0\ClickPotatoLiteSA.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.529.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Delete on reboot.
C:\Program Files\ClickPotatoLite\bin\10.0.529.0\ClickPotatoLiteSAAX.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.529.0\ClickPotatoLiteSABHO.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.529.0\ClickPotatoLiteUninstaller.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.529.0\firefox\extensions\chrome.manifest (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.529.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.529.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-09 20:50:02
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Hank\AppData\Local\Temp\kxldipoc.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C3EAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C3E104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C3E3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C26634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C26898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C3E1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C3E958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C3E6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C3EF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C3F1A8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x88E15BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x88E159D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x88E15B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82857599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8287BF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntkrnlpa.exe!ZwLoadDriver 829B5291 7 Bytes JMP 88E15B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82A1CFBF 5 Bytes JMP 88E115D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82A36CF3 5 Bytes JMP 88E13012 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 82A44D63 7 Bytes JMP 88E159D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82AEEEAC 7 Bytes JMP 88E15BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? System32\Drivers\sprt.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8DF8CCA0 5 Bytes JMP 85BE61D8
.text aao6t38b.SYS 8EDC3000 12 Bytes [44, 98, C2, 82, EE, 96, C2, ...]
.text aao6t38b.SYS 8EDC300D 9 Bytes [77, C2, 82, 48, 9B, C2, 82, ...] {JA 0xffffffffffffffc4; OR BYTE [EAX-0x65], -0x3e; ADD BYTE [EAX], 0x0}
.text aao6t38b.SYS 8EDC3017 170 Bytes [00, DE, D7, 97, 88, E6, D5, ...]
.text aao6t38b.SYS 8EDC30C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text aao6t38b.SYS 8EDC30CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text peauth.sys 95619C9D 28 Bytes [DE, 26, 16, 32, 6F, DC, 1D, ...]
.text peauth.sys 95619CC1 28 Bytes [DE, 26, 16, 32, 6F, DC, 1D, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1292] kernel32.dll!SetUnhandledExceptionFilter 76593162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!CreateDialogParamW 775C9BFF 5 Bytes JMP 7161C570 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!EnableWindow 775CA72E 5 Bytes JMP 7161C4EB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!GetAsyncKeyState 775CC09A 5 Bytes JMP 715DD6E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 716D835E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!CallNextHookEx 775CCC8F 5 Bytes JMP 716B9D5C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!CreateWindowExW 775D0E51 5 Bytes JMP 716C8157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 71674633 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!GetKeyState 775D4FDA 5 Bytes JMP 7161D762 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!IsDialogMessageW 775D6F06 5 Bytes JMP 715E4284 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!CreateDialogParamA 775E3E79 5 Bytes JMP 717F0571 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!IsDialogMessage 775E407A 5 Bytes JMP 717EFE12 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!CreateDialogIndirectParamA 775E9110 5 Bytes JMP 717F05A8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!CreateDialogIndirectParamW 775F08AD 5 Bytes JMP 717F05DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!DialogBoxIndirectParamW 775F4AA7 5 Bytes JMP 717EF970 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!EndDialog 775F555C 5 Bytes JMP 715E5AE9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!DialogBoxParamW 775F564A 5 Bytes JMP 715E4BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!SetKeyboardState 775F6B52 5 Bytes JMP 717F0177 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!SendInput 775F7055 5 Bytes JMP 717F0D3C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!SetCursorPos 7760C1D8 5 Bytes JMP 717F0D94 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!DialogBoxParamA 7760CF6A 5 Bytes JMP 717EF90D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!DialogBoxIndirectParamA 7760D29C 5 Bytes JMP 717EF9D3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!MessageBoxIndirectA 7761E8C9 5 Bytes JMP 717EF8A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!MessageBoxIndirectW 7761E9C3 5 Bytes JMP 717EF837 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!MessageBoxExA 7761EA29 5 Bytes JMP 717EF7D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!MessageBoxExW 7761EA4D 5 Bytes JMP 717EF773 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!keybd_event 7761EC9B 5 Bytes JMP 717F10C7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] SHELL32.dll!SHChangeNotification_Lock + 45BA 7595B440 4 Bytes [11, 36, 34, 62] {ADC [ESI], ESI; XOR AL, 0x62}
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] SHELL32.dll!SHChangeNotification_Lock + 45C2 7595B448 8 Bytes [5F, 35, 34, 62, D0, 73, 33, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] ole32.dll!OleLoadFromStream 76D25B88 5 Bytes JMP 717EFCCE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] ole32.dll!CoCreateInstance 76D757FC 5 Bytes JMP 716C8C45 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3232] USER32.dll!CreateWindowExW 775D0E51 5 Bytes JMP 716C8157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3232] USER32.dll!DialogBoxIndirectParamW 775F4AA7 5 Bytes JMP 717EF970 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3232] USER32.dll!DialogBoxParamW 775F564A 5 Bytes JMP 715E4BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3232] USER32.dll!DialogBoxParamA 7760CF6A 5 Bytes JMP 717EF90D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3232] USER32.dll!DialogBoxIndirectParamA 7760D29C 5 Bytes JMP 717EF9D3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3232] USER32.dll!MessageBoxIndirectA 7761E8C9 5 Bytes JMP 717EF8A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3232] USER32.dll!MessageBoxIndirectW 7761E9C3 5 Bytes JMP 717EF837 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3232] USER32.dll!MessageBoxExA 7761EA29 5 Bytes JMP 717EF7D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3232] USER32.dll!MessageBoxExW 7761EA4D 5 Bytes JMP 717EF773 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3256] USER32.dll!CreateDialogParamW 775C9BFF 5 Bytes JMP 7161C570 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3256] USER32.dll!EnableWindow 775CA72E 5 Bytes JMP 7161C4EB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3256] USER32.dll!GetAsyncKeyState 775CC09A 5 Bytes JMP 715DD6E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3256] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 716D835E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3256] USER32.dll!CallNextHookEx 775CCC8F 5 Bytes JMP 716B9D5C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3256] USER32.dll!CreateWindowExW 775D0E51 5 Bytes JMP 716C8157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3256] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 71674633 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3256] USER32.dll!GetKeyState 775D4FDA 5 Bytes JMP 7161D762 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3256] USER32.dll!IsDialogMessageW 775D6F06 5 Bytes JMP 715E4284 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3256] USER32.dll!CreateDialogParamA 775E3E79 5 Bytes JMP 717F0571 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3256] USER32.dll!IsDialogMessage 775E407A 5 Bytes JMP 717EFE12 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3256] USER32.dll!CreateDialogIndirectParamA 775E9110 5 Bytes JMP 717F05A8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3256] USER32.dll!CreateDialogIndirectParamW 775F08AD 5 Bytes JMP 717F05DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3256] USER32.dll!DialogBoxIndirectParamW 775F4AA7 5 Bytes JMP 717EF970 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3256] USER32.dll!EndDialog 775F555C 5 Bytes JMP 715E5AE9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3256] USER32.dll!DialogBoxParamW 775F564A 5 Bytes JMP 715E4BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3256] USER32.dll!SetKeyboardState 775F6B52 5 Bytes JMP 717F0177 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3256] USER32.dll!SendInput 775F7055 5 Bytes JMP 717F0D3C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3256] USER32.dll!SetCursorPos 7760C1D8 5 Bytes JMP 717F0D94 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3256] USER32.dll!DialogBoxParamA 7760CF6A 5 Bytes JMP 717EF90D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3256] USER32.dll!DialogBoxIndirectParamA 7760D29C 5 Bytes JMP 717EF9D3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3256] USER32.dll!MessageBoxIndirectA 7761E8C9 5 Bytes JMP 717EF8A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3256] USER32.dll!MessageBoxIndirectW 7761E9C3 5 Bytes JMP 717EF837 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3256] USER32.dll!MessageBoxExA 7761EA29 5 Bytes JMP 717EF7D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3256] USER32.dll!MessageBoxExW 7761EA4D 5 Bytes JMP 717EF773 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3256] USER32.dll!keybd_event 7761EC9B 5 Bytes JMP 717F10C7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3256] SHELL32.dll!SHChangeNotification_Lock + 45BA 7595B440 4 Bytes [11, 36, 34, 62] {ADC [ESI], ESI; XOR AL, 0x62}
.text C:\Program Files\Internet Explorer\iexplore.exe[3256] SHELL32.dll!SHChangeNotification_Lock + 45C2 7595B448 8 Bytes [5F, 35, 34, 62, D0, 73, 33, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[3256] ole32.dll!OleLoadFromStream 76D25B88 5 Bytes JMP 717EFCCE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3256] ole32.dll!CoCreateInstance 76D757FC 5 Bytes JMP 716C8C45 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84A761F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBT_Tcpip_{BE75CF0D-8F03-46F4-B5A1-AD458593B1D7} 85BA31F8
Device \Driver\volmgr \Device\VolMgrControl 84A711F8
Device \Driver\usbuhci \Device\USBPDO-0 85BD6500
Device \Driver\usbuhci \Device\USBPDO-1 85BD6500
Device \Driver\usbehci \Device\USBPDO-2 85C00500
Device \Driver\usbuhci \Device\USBPDO-3 85BD6500
Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-4 85BD6500

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbuhci \Device\USBPDO-5 85BD6500
Device \Driver\PCI_PNP1455 \Device\00000063 sprt.sys
Device \Driver\usbehci \Device\USBPDO-6 85C00500
Device \Driver\volmgr \Device\HarddiskVolume1 84A711F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 84A711F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 85986458
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84A731F8
Device \Driver\atapi \Device\Ide\IdePort0 84A731F8
Device \Driver\atapi \Device\Ide\IdePort1 84A731F8
Device \Driver\msahci \Device\Ide\PciIde1Channel0 84A741F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 84A731F8
Device \Driver\cdrom \Device\CdRom1 85986458
Device \Driver\sptd \Device\3472001457 sprt.sys
Device \Driver\cdrom \Device\CdRom2 85986458
Device \Driver\NetBT \Device\NetBt_Wins_Export 85BA31F8

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbuhci \Device\USBFDO-0 85BD6500
Device \Driver\usbuhci \Device\USBFDO-1 85BD6500
Device \Driver\usbehci \Device\USBFDO-2 85C00500
Device \Driver\NetBT \Device\NetBT_Tcpip_{9573F0A7-1271-4576-947F-B1BF4C25E2FA} 85BA31F8
Device \Driver\usbuhci \Device\USBFDO-3 85BD6500
Device \Driver\usbuhci \Device\USBFDO-4 85BD6500
Device \Driver\usbuhci \Device\USBFDO-5 85BD6500
Device \Driver\usbehci \Device\USBFDO-6 85C00500
Device \Driver\aao6t38b \Device\Scsi\aao6t38b1Port2Path0Target1Lun0 85CC51F8
Device \Driver\aao6t38b \Device\Scsi\aao6t38b1 85CC51F8
Device \Driver\aao6t38b \Device\Scsi\aao6t38b1Port2Path0Target0Lun0 85CC51F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x1F 0xFA 0x2F 0x90 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xCA 0x14 0x41 0x26 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xD8 0x51 0x1C 0xC8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x24 0xCB 0x1B 0xCC ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0x6D 0xE5 0x31 0x1E ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xCA 0x14 0x41 0x26 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xD8 0x51 0x1C 0xC8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x24 0xCB 0x1B 0xCC ...

---- EOF - GMER 1.0.15 ----

Edited by KingHenrytheIV, 09 September 2010 - 07:36 PM.

  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#3
KingHenrytheIV

KingHenrytheIV

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
ComboFix 10-09-09.04 - Hank 09/11/2010 1:23.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.1358 [GMT -4:00]
Running from: c:\users\Hank\Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
.

2010-09-11 05:30 . 2010-09-11 05:30 -------- d-----w- c:\users\Hank\AppData\Local\temp
2010-09-11 05:30 . 2010-09-11 05:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-11 05:20 . 2010-09-11 05:20 -------- d-----w- C:\32788R22FWJFW
2010-09-11 04:58 . 2010-09-11 04:58 -------- d-----w- c:\program files\Activision
2010-09-11 04:57 . 2010-09-11 04:57 -------- d-----w- c:\program files\Common Files\InstallShield
2010-09-10 08:53 . 2010-09-10 08:53 -------- d-----w- C:\Diskeeper
2010-09-10 02:37 . 2009-12-10 18:48 45616 ----a-w- c:\windows\system32\drivers\DKRtWrt.sys
2010-09-10 02:37 . 2010-09-10 02:37 -------- d-----w- c:\programdata\Diskeeper Corporation
2010-09-10 02:37 . 2010-09-10 02:37 -------- d-----w- c:\program files\Common Files\Diskeeper Corporation
2010-09-10 02:37 . 2010-09-10 02:37 -------- d-----w- c:\program files\Windows Home Server
2010-09-10 02:37 . 2010-09-10 02:37 -------- d-----w- c:\program files\Diskeeper Corporation
2010-09-10 02:35 . 2010-09-10 02:35 -------- d-----w- c:\program files\7-Zip
2010-09-10 00:50 . 2010-09-10 00:50 574976 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\otl.exe
2010-09-09 23:10 . 2010-09-09 23:10 -------- d-----w- c:\users\Hank\AppData\Roaming\Malwarebytes
2010-09-09 23:10 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-09 23:09 . 2010-09-10 00:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-09 23:09 . 2010-09-09 23:09 -------- d-----w- c:\programdata\Malwarebytes
2010-09-09 23:09 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-09 15:22 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-09-09 15:21 . 2009-11-25 16:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-09-09 15:21 . 2009-11-25 16:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-09-09 15:21 . 2009-11-25 16:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-09-09 15:21 . 2009-11-25 16:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-09-09 15:21 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-09-09 12:30 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-09-09 12:30 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-09-09 12:30 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-09-09 12:30 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-09-09 12:29 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-09-09 12:29 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-09-09 12:29 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-09-09 12:29 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-09-09 12:29 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll
2010-09-09 12:24 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-09-09 12:19 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-09-09 12:19 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-09-09 12:19 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-09-08 21:47 . 2010-09-08 21:47 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-09-08 21:47 . 2010-09-10 02:58 -------- d-----w- c:\program files\Microsoft.NET
2010-09-08 21:47 . 2010-09-08 21:47 -------- d-----w- c:\windows\PCHEALTH
2010-09-08 21:47 . 2010-09-08 21:47 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-08 21:45 . 2010-09-08 21:45 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-09-08 21:44 . 2010-09-08 21:44 -------- d-----w- c:\users\Hank\AppData\Local\Microsoft Help
2010-09-08 21:44 . 2010-09-10 03:04 -------- d-----w- c:\programdata\Microsoft Help
2010-09-08 21:44 . 2010-09-08 21:44 -------- d-----r- C:\MSOCache
2010-09-08 21:38 . 2010-09-08 21:38 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-08 21:38 . 2010-09-08 21:38 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-09-08 21:37 . 2010-09-08 21:44 -------- d-----w- c:\users\Hank\AppData\Roaming\DAEMON Tools Lite
2010-09-08 21:37 . 2010-09-08 21:38 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-09-08 21:16 . 2010-09-08 21:16 -------- d-----w- c:\windows\system32\Macromed
2010-09-08 21:15 . 2010-09-08 21:15 -------- d-----w- c:\program files\uTorrent
2010-09-08 21:14 . 2010-09-11 04:53 -------- d-----w- c:\users\Hank\AppData\Roaming\uTorrent
2010-09-08 21:14 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-09-08 21:14 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-09-08 21:11 . 2010-09-08 21:11 -------- d-----w- c:\users\Hank\AppData\Local\ElevatedDiagnostics
2010-09-08 21:07 . 2010-09-10 04:40 108432 ----a-w- c:\users\Hank\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-08 21:06 . 2010-09-08 21:06 -------- d-----w- c:\users\Hank\AppData\Local\Apple Computer
2010-09-08 21:06 . 2010-09-08 21:06 -------- d-----w- c:\users\Hank\AppData\Roaming\Apple Computer
2010-09-08 21:06 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-08 21:06 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-09-08 21:06 . 2010-09-10 02:37 -------- dc----w- c:\windows\system32\DRVSTORE
2010-09-08 21:05 . 2010-09-08 21:05 -------- d-----w- c:\program files\iPod
2010-09-08 21:05 . 2010-09-08 21:05 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-08 21:05 . 2010-09-08 21:05 -------- d-----w- c:\program files\iTunes
2010-09-08 21:04 . 2010-09-08 21:05 -------- d-----w- c:\programdata\Apple Computer
2010-09-08 21:04 . 2010-09-08 21:05 -------- d-----w- c:\program files\QuickTime
2010-09-08 21:04 . 2010-09-08 21:04 -------- d-----w- c:\users\Hank\AppData\Local\Apple
2010-09-08 21:04 . 2010-09-08 21:04 -------- d-----w- c:\program files\Apple Software Update
2010-09-08 21:04 . 2010-09-08 21:04 -------- d-----w- c:\program files\Bonjour
2010-09-08 21:04 . 2010-09-08 21:05 -------- d-----w- c:\program files\Common Files\Apple
2010-09-08 21:04 . 2010-09-08 21:04 -------- d-----w- c:\programdata\Apple
2010-09-08 21:02 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-08 21:02 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-08 21:02 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-08 21:02 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-08 21:02 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-08 21:01 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-09-08 21:01 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-08 21:01 . 2010-09-08 21:01 -------- d-----w- c:\programdata\Alwil Software
2010-09-08 21:01 . 2010-09-08 21:01 -------- d-----w- c:\program files\Alwil Software
2010-09-08 20:50 . 2010-09-08 20:50 -------- d-----w- c:\users\Hank\AppData\Roaming\hpqLog
2010-09-08 20:50 . 2009-04-20 13:38 9344 ----a-w- c:\windows\system32\drivers\CPQBttn.sys
2010-09-08 20:50 . 2007-06-18 21:12 16768 ----a-w- c:\windows\system32\drivers\HpqKbFiltr.sys
2010-09-08 20:50 . 2006-11-02 11:09 1419232 ----a-w- c:\windows\system32\drivers\wdfcoinstaller01005.dll
2010-09-08 20:50 . 2010-09-11 05:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-08 20:50 . 2010-09-08 20:50 -------- d-----w- c:\program files\Hewlett-Packard
2010-09-08 20:50 . 2008-09-08 18:31 1885488 ----a-w- c:\windows\system32\BttnCmns.dll
2010-09-08 20:50 . 2008-09-08 18:31 1885488 ----a-w- c:\windows\system32\BttnCmn.dll
2010-09-08 20:49 . 2010-09-08 20:49 -------- d-----w- c:\users\Hank\AppData\Roaming\InstallShield
2010-09-08 20:49 . 2010-09-08 20:49 -------- d-----w- c:\program files\Synaptics
2010-09-08 20:44 . 2010-09-08 16:51 -------- d-----w- c:\windows\Panther
2010-09-08 20:44 . 2010-09-08 20:44 -------- d-----w- c:\users\Hank\AppData\Local\Mozilla
2010-09-08 17:29 . 2010-09-08 17:29 -------- d-----w- c:\users\Hank\AppData\Roaming\ATI
2010-09-08 17:29 . 2010-09-08 17:29 -------- d-----w- c:\users\Hank\AppData\Local\ATI
2010-09-08 17:29 . 2010-09-08 17:29 -------- d-----w- c:\programdata\ATI
2010-09-08 17:26 . 2010-09-08 17:27 -------- d-----w- c:\program files\ATI Technologies
2010-09-08 17:26 . 2010-09-08 17:26 -------- d-----w- c:\program files\ATI
2010-09-08 17:17 . 2010-09-08 17:17 10134 ----a-r- c:\users\Hank\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2010-09-08 17:17 . 2010-09-08 17:17 -------- d-----w- c:\program files\HP
2010-09-08 17:17 . 2010-09-11 05:02 -------- d-sh--w- c:\windows\Installer
2010-09-08 17:17 . 2010-09-08 17:17 -------- d-----w- c:\windows\Downloaded Installations
2010-09-08 17:14 . 2010-05-21 18:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 17:12 . 2010-09-08 17:12 -------- d-----w- C:\Intel
2010-09-08 17:02 . 2010-09-08 17:02 -------- d-----w- c:\windows\system32\Wat
2010-09-08 17:00 . 2010-09-11 05:27 -------- d-----w- c:\windows\system32\wbem\Performance
2010-09-01 13:12 . 2010-09-01 13:12 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-09 15:45 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-09-08 20:49 . 2010-09-08 20:49 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-09-08 19:46 . 2010-09-08 19:46 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-07-27 22:44 . 2010-07-27 22:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 22:44 . 2010-07-27 22:44 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-27 22:44 . 2010-07-27 22:44 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 22:44 . 2010-07-27 22:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-06-30 06:25 . 2010-09-09 12:24 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-22 02:47 . 2010-09-09 12:25 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-09-09 12:25 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-09-09 12:25 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-09-09 12:24 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-09-09 12:24 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-09-09 12:25 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-09-09 12:24 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48 . 2010-09-09 12:24 224256 ----a-w- c:\windows\system32\schannel.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-04-15 181816]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-04-23 239160]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-08 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-09-08 691696]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2009-12-10 45616]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Hank\AppData\Roaming\Mozilla\Firefox\Profiles\85lasmbx.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\windows\system32\Wat\npWatWeb.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-09-11 01:34:18
ComboFix-quarantined-files.txt 2010-09-11 05:34

Pre-Run: 135,075,352,576 bytes free
Post-Run: 134,912,118,784 bytes free

- - End Of File - - BC38A95C8814F68A36723745F08FEEE5
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP