Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

trojan svc host fake several malware and adware

Started by Pat_54 , Nov 10 2010 10:51 PM

This topic is locked

#1
Pat_54

Posted 10 November 2010 - 10:51 PM

Member

Member
212 posts

I threw together a cheap computer so that my son could have something to use. Money is tight so I used what I had. It is small but would do what little he would use it for. I just never knew how dumb he was about computers. I had installed free version avast antivirus, malwarebytes and super antispyware which I use on my computer and they do quite good and have served me well. The problem was after son started using the computer which only took two days. The computer really was a mess. He opened all kinds of emails and downloaded lots of junk from the internet. He called me and told me what was happening with the computer and I knew he had some kind of virus. I didn't know how bad it was until I plugged it in. I found keylogger isnake pro, trojan injectorbz, email worm zhelatin, backdoor poison bqa, spyware banker id, my web search, trojan svc host fake and this is just to name a few. I deleted all the junk I found and I ran super antispyware several times, malwarebytes and avast. All are now showing all is clean but the computer is very slow on shutdown and startup and after running for a while it will just hang up. I have tried everything I can think of and I'm at a loss now. I know my way around a computer pretty good but this thing has me stumped. I'm at witts end, please help me. I will be sending along a copy of OTL if I can get this thing to cooperate. Thanks Pat
Oh also need to say that when I open IE computer goes nuts starts running like crazy and trys directing me to all kinds of web sites.
OTL logfile created on: 11/10/2010 11:33:27 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Patty\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

384.00 Mb Total Physical Memory | 142.00 Mb Available Physical Memory | 37.00% Memory free
924.00 Mb Paging File | 602.00 Mb Available in Paging File | 65.00% Paging File free
Paging file location(s): c:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.73 Gb Total Space | 7.71 Gb Free Space | 48.98% Space Free | Partition Type: NTFS
Drive D: | 6.00 Gb Total Space | 5.94 Gb Free Space | 98.95% Space Free | Partition Type: NTFS

Computer Name: GATEWAY | User Name: Patty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/09 18:45:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patty\Desktop\OTL.exe
PRC - [2010/11/08 18:35:55 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/12 07:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/11/09 18:45:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patty\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

========== Driver Services (SafeList) ==========

DRV - [2010/11/08 18:35:55 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/08 18:35:55 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/11/08 18:35:54 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/08/18 12:51:26 | 000,237,632 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/02/28 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2006/02/28 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 12:28:16 | 000,794,654 | ---- | M] (U.S. Robotics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USR1801.SYS -- (USR1801)
DRV - [2001/08/17 11:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin File not found

O1 HOSTS File: ([2001/08/23 11:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Patty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Patty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/30 18:49:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/10 01:28:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/10 01:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/09 18:45:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patty\Desktop\OTL.exe
[2010/11/08 19:19:43 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/11/08 19:19:42 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/11/08 19:19:39 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/11/08 19:19:37 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/11/08 19:19:34 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/11/08 19:19:34 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/11/08 19:19:33 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/11/08 19:04:31 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/11/08 19:04:27 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/11/08 02:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Application Data\Malwarebytes
[2010/11/08 02:36:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/08 02:36:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/08 02:36:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/08 02:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/07 22:21:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/11/07 22:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Application Data\SUPERAntiSpyware.com
[2010/11/07 22:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/11/07 22:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/11/06 13:02:23 | 000,237,632 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/11/06 13:02:23 | 000,159,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/11/06 13:01:17 | 000,087,400 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys
[2010/11/06 13:01:17 | 000,031,960 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys
[2010/11/06 13:01:15 | 000,123,712 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys
[2010/11/06 13:01:03 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/11/06 12:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/11/06 12:59:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/06 12:53:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/06 12:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/11/06 03:58:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/11/05 23:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Local Settings\Application Data\PackageAware
[2010/11/04 19:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Local Settings\Application Data\cache
[2010/11/04 11:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Local Settings\Application Data\FullTiltPoker
[2010/11/04 11:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\Full Tilt Poker
[2010/11/03 22:30:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/11/03 14:31:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/11/03 10:44:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/11/03 10:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/11/03 09:03:10 | 000,000,000 | ---D | C] -- C:\396e74ebe575747634f9
[2010/11/03 02:31:56 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/11/03 02:31:56 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/11/03 02:27:05 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/11/02 21:46:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/11/02 20:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Application Data\MSN6
[2010/11/02 20:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2010/11/02 19:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/11/02 19:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Local Settings\Application Data\Temp
[2010/11/02 19:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/11/02 19:41:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Local Settings\Application Data\Google
[2010/11/02 19:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/11/02 19:40:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/02 18:10:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/11/02 18:10:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/11/02 18:10:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/11/02 17:59:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/11/02 16:42:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Patty\IECompatCache
[2010/11/02 16:42:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Patty\PrivacIE
[2010/11/02 01:26:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Patty\IETldCache
[2010/11/02 01:10:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/11/02 01:08:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/11/02 01:07:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/11/02 01:07:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/11/01 23:36:14 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/11/01 23:05:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2010/11/01 22:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/11/01 22:42:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/11/01 22:42:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/11/01 22:25:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/11/01 22:23:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/11/01 14:26:21 | 000,000,000 | ---D | C] -- C:\My Drivers
[2010/11/01 14:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/11/01 13:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\My Documents\My Drivers
[2010/11/01 13:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Local Settings\Application Data\Innovative Solutions
[2010/11/01 13:04:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/29 00:03:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Local Settings\Application Data\Identities
[2010/10/28 21:09:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/10 23:32:44 | 000,001,549 | ---- | M] () -- C:\Documents and Settings\Patty\My Documents\computer.rtf
[2010/11/10 22:51:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/10 11:00:12 | 000,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/10 10:59:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/10 10:59:25 | 402,235,392 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/10 00:36:56 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/11/09 20:04:45 | 000,122,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/09 18:45:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patty\Desktop\OTL.exe
[2010/11/08 19:19:44 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/08 19:19:35 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/08 02:36:40 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/07 22:21:31 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/07 22:17:53 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 22:17:53 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/06 13:42:58 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Patty\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
[2010/11/04 11:25:52 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2010/11/04 11:13:03 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Patty\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/11/03 15:43:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/03 14:35:40 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/11/03 10:21:42 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Patty\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/03 02:35:06 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/11/03 02:22:23 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/11/03 02:22:23 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/11/03 02:21:57 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/03 02:15:48 | 000,022,748 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/02 22:56:01 | 000,263,469 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/11/02 22:33:55 | 000,001,632 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/11/02 17:58:26 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/01 23:58:57 | 000,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/10 23:32:44 | 000,001,549 | ---- | C] () -- C:\Documents and Settings\Patty\My Documents\computer.rtf
[2010/11/09 15:24:04 | 402,235,392 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/08 19:19:44 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/08 02:36:40 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/07 22:21:31 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/06 13:42:58 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Patty\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
[2010/11/04 11:25:52 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2010/11/03 03:50:09 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/11/03 03:50:09 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/11/03 03:50:08 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/11/03 03:50:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/11/03 03:50:04 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/11/03 03:50:03 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/11/03 03:50:03 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010/11/03 03:50:01 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/11/03 03:50:01 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/11/03 03:50:00 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/11/03 03:50:00 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/11/03 03:50:00 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/11/03 03:50:00 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/11/03 03:49:59 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/11/03 03:49:59 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/11/03 03:49:59 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/11/03 03:49:58 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2010/11/03 03:49:40 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/11/03 03:49:39 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/11/03 03:49:38 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/11/03 03:49:38 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/11/03 03:49:37 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/11/03 03:49:37 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/11/03 03:49:37 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/11/03 03:49:37 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/11/03 03:49:37 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/11/03 03:49:37 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/11/03 03:49:36 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/11/03 03:49:06 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/11/03 03:49:06 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/11/03 03:49:06 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/11/03 03:48:26 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/11/03 03:48:26 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/11/03 03:48:26 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/11/03 03:48:26 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/11/03 03:48:25 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/11/03 03:48:25 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/11/03 03:48:17 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/11/03 03:48:17 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/11/03 03:48:17 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/11/03 03:48:17 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/11/03 03:47:12 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/11/03 03:47:07 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/11/03 03:46:48 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/11/03 03:46:44 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2010/11/03 03:46:31 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/11/03 03:46:31 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2010/11/03 03:46:31 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2010/11/03 03:46:31 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2010/11/03 03:46:31 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2010/11/03 03:46:30 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2010/11/03 03:46:30 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2010/11/03 03:46:30 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2010/11/03 03:46:30 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2010/11/03 03:46:30 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2010/11/03 03:46:30 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2010/11/03 03:46:30 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2010/11/03 03:46:30 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2010/11/03 03:46:30 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2010/11/03 03:46:30 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2010/11/03 03:46:30 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2010/11/03 03:46:11 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/11/03 03:46:03 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/11/03 03:46:03 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/11/03 03:44:58 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/11/03 03:44:58 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/11/03 03:44:58 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/11/03 03:44:42 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/11/03 03:42:43 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/11/03 03:42:11 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/11/03 03:42:11 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/11/03 03:42:11 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/11/03 03:42:11 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/11/03 03:42:06 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2010/11/03 03:42:05 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/11/03 03:42:05 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/11/03 03:42:05 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/11/03 03:42:04 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/11/03 03:42:04 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/11/03 03:41:51 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/11/03 03:16:33 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2010/11/03 02:31:30 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/11/03 02:29:46 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/11/03 02:29:17 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/11/03 02:29:15 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/11/03 02:29:11 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/11/03 02:28:50 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/11/03 02:28:35 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/11/03 02:27:14 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/11/03 02:01:05 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/11/03 02:01:05 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/11/03 02:01:05 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/11/03 02:01:05 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/11/03 02:01:04 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/11/03 02:01:04 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/11/03 02:01:04 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/11/01 23:58:58 | 000,013,668 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2010/11/01 23:27:58 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/11/01 09:57:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/30 00:31:35 | 000,001,632 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2005/01/30 19:17:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/30 18:45:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2010/11/02 19:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/08 00:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Edited by Pat_54, 10 November 2010 - 11:31 PM.

#2
Essexboy

Posted 11 November 2010 - 02:49 PM

GeekU Moderator

Retired Staff
69,964 posts

Kids - doncha just love 'em

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

#3
Pat_54

Posted 11 November 2010 - 04:08 PM

Member

Topic Starter
Member
212 posts

hi this computer was really giving me fits when opening IE wants to take me everything finally was able to run everything and here are the logs

2010/11/11 16:45:15.0810 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/11 16:45:15.0810 ================================================================================
2010/11/11 16:45:15.0810 SystemInfo:
2010/11/11 16:45:15.0810
2010/11/11 16:45:15.0810 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/11 16:45:15.0810 Product type: Workstation
2010/11/11 16:45:15.0810 ComputerName: GATEWAY
2010/11/11 16:45:15.0810 UserName: Patty
2010/11/11 16:45:15.0810 Windows directory: C:\WINDOWS
2010/11/11 16:45:15.0810 System windows directory: C:\WINDOWS
2010/11/11 16:45:15.0810 Processor architecture: Intel x86
2010/11/11 16:45:15.0810 Number of processors: 1
2010/11/11 16:45:15.0810 Page size: 0x1000
2010/11/11 16:45:15.0810 Boot type: Normal boot
2010/11/11 16:45:15.0810 ================================================================================
2010/11/11 16:45:16.0631 Initialize success
2010/11/11 16:45:23.0791 ================================================================================
2010/11/11 16:45:23.0791 Scan started
2010/11/11 16:45:23.0791 Mode: Manual;
2010/11/11 16:45:23.0791 ================================================================================
2010/11/11 16:45:24.0752 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/11/11 16:45:25.0533 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/11 16:45:25.0834 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/11 16:45:26.0405 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/11 16:45:26.0715 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/11 16:45:27.0006 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/11 16:45:29.0139 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/11/11 16:45:29.0429 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/11/11 16:45:29.0750 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/11/11 16:45:30.0130 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/11/11 16:45:30.0421 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/11/11 16:45:30.0761 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/11 16:45:31.0071 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/11 16:45:31.0582 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/11 16:45:31.0903 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/11 16:45:32.0243 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/11 16:45:32.0564 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/11 16:45:33.0064 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/11 16:45:33.0345 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/11 16:45:33.0645 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/11 16:45:35.0368 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/11 16:45:35.0778 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/11 16:45:36.0239 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
2010/11/11 16:45:36.0479 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/11 16:45:36.0760 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/11 16:45:37.0160 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2010/11/11 16:45:37.0461 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2010/11/11 16:45:37.0711 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
2010/11/11 16:45:38.0041 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2010/11/11 16:45:38.0552 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/11 16:45:38.0863 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys
2010/11/11 16:45:39.0243 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/11 16:45:39.0554 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/11 16:45:39.0864 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/11 16:45:40.0225 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/11 16:45:40.0505 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/11 16:45:40.0856 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/11 16:45:41.0286 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/11 16:45:41.0557 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/11/11 16:45:41.0807 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/11 16:45:42.0227 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/11 16:45:42.0768 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/11 16:45:43.0569 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/11 16:45:43.0830 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/11 16:45:44.0451 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/11 16:45:44.0741 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/11 16:45:45.0011 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/11 16:45:45.0262 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/11 16:45:45.0542 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/11 16:45:45.0893 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/11 16:45:46.0203 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/11 16:45:46.0494 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/11 16:45:46.0804 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/11 16:45:47.0165 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/11 16:45:47.0445 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/11 16:45:48.0076 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/11 16:45:48.0336 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/11 16:45:48.0567 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/11 16:45:48.0827 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/11 16:45:49.0167 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/11 16:45:49.0698 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/11 16:45:50.0059 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/11 16:45:50.0569 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/11 16:45:50.0850 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/11 16:45:51.0090 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/11 16:45:51.0401 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/11 16:45:51.0671 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/11 16:45:51.0951 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/11 16:45:52.0312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/11 16:45:52.0582 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/11 16:45:52.0853 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/11 16:45:53.0153 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/11 16:45:53.0474 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/11 16:45:53.0744 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/11 16:45:54.0034 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/11 16:45:54.0485 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2010/11/11 16:45:54.0745 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/11 16:45:55.0166 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/11 16:45:55.0537 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/11 16:45:56.0218 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/11 16:45:56.0798 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/11 16:45:57.0089 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/11 16:45:57.0379 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2010/11/11 16:45:57.0680 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2010/11/11 16:45:57.0980 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2010/11/11 16:45:58.0291 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/11/11 16:45:58.0601 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/11 16:45:58.0861 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/11 16:45:59.0162 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/11 16:45:59.0462 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/11 16:46:00.0303 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/11 16:46:00.0664 PCTCore (8f93fb300deac55c553c2255f1d0342d) C:\WINDOWS\system32\drivers\PCTCore.sys
2010/11/11 16:46:02.0727 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/11 16:46:03.0027 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/11 16:46:03.0298 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/11 16:46:04.0760 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/11 16:46:05.0060 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/11 16:46:05.0371 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/11 16:46:05.0671 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/11 16:46:05.0992 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/11 16:46:06.0282 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/11 16:46:06.0593 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/11 16:46:06.0943 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/11 16:46:07.0263 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/11 16:46:07.0684 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/11/11 16:46:07.0854 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/11/11 16:46:08.0005 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/11/11 16:46:08.0195 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2010/11/11 16:46:08.0575 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/11 16:46:08.0916 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/11 16:46:09.0246 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/11 16:46:09.0537 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/11 16:46:10.0318 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/11 16:46:10.0638 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/11 16:46:11.0019 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/11 16:46:11.0450 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/11 16:46:11.0740 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/11 16:46:12.0942 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/11 16:46:13.0362 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/11 16:46:13.0703 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2010/11/11 16:46:13.0963 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/11 16:46:14.0284 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/11 16:46:14.0554 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/11 16:46:15.0245 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2010/11/11 16:46:15.0515 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/11 16:46:16.0116 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/11 16:46:16.0597 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/11 16:46:16.0877 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/11 16:46:17.0198 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/11 16:46:17.0588 USR1801 (a80feb3e2b5bd47d12080439771fdab1) C:\WINDOWS\system32\DRIVERS\USR1801.SYS
2010/11/11 16:46:18.0019 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/11 16:46:18.0520 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/11 16:46:18.0920 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/11 16:46:19.0421 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/11 16:46:19.0972 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/11/11 16:46:19.0992 ================================================================================
2010/11/11 16:46:19.0992 Scan finished
2010/11/11 16:46:19.0992 ================================================================================
2010/11/11 16:46:20.0072 Detected object count: 1
2010/11/11 16:47:07.0130 \HardDisk1 - will be cured after reboot
2010/11/11 16:47:07.0130 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
2010/11/11 16:47:16.0072 Deinitialize success

OTL logfile created on: 11/11/2010 4:58:09 PM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Patty\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

384.00 Mb Total Physical Memory | 144.00 Mb Available Physical Memory | 38.00% Memory free
924.00 Mb Paging File | 645.00 Mb Available in Paging File | 70.00% Paging File free
Paging file location(s): c:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.73 Gb Total Space | 7.88 Gb Free Space | 50.10% Space Free | Partition Type: NTFS
Drive D: | 6.00 Gb Total Space | 5.94 Gb Free Space | 98.95% Space Free | Partition Type: NTFS

Computer Name: GATEWAY | User Name: Patty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/09 18:45:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patty\Desktop\OTL.exe
PRC - [2010/11/08 18:35:55 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/11/09 18:45:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patty\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

========== Driver Services (SafeList) ==========

DRV - [2010/11/08 18:35:55 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/08 18:35:55 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/11/08 18:35:54 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/08/18 12:51:26 | 000,237,632 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/02/28 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2006/02/28 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 12:28:16 | 000,794,654 | ---- | M] (U.S. Robotics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USR1801.SYS -- (USR1801)
DRV - [2001/08/17 11:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010/11/11 16:20:47 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Patty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Patty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/30 18:49:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/11 16:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Desktop\tdsskiller
[2010/11/11 16:20:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/10 01:28:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/10 01:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/09 18:45:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patty\Desktop\OTL.exe
[2010/11/08 19:19:43 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/11/08 19:19:42 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/11/08 19:19:39 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/11/08 19:19:37 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/11/08 19:19:34 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/11/08 19:19:34 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/11/08 19:19:33 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/11/08 19:04:31 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/11/08 19:04:27 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/11/08 02:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Application Data\Malwarebytes
[2010/11/08 02:36:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/08 02:36:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/08 02:36:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/08 02:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/07 22:21:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/11/07 22:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Application Data\SUPERAntiSpyware.com
[2010/11/07 22:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/11/07 22:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/11/06 13:02:23 | 000,237,632 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/11/06 13:02:23 | 000,159,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/11/06 13:01:17 | 000,087,400 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys
[2010/11/06 13:01:17 | 000,031,960 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys
[2010/11/06 13:01:15 | 000,123,712 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys
[2010/11/06 13:01:03 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/11/06 12:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/11/06 12:59:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/06 12:53:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/06 12:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/11/06 03:58:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/11/05 23:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Local Settings\Application Data\PackageAware
[2010/11/04 19:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Local Settings\Application Data\cache
[2010/11/04 11:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Local Settings\Application Data\FullTiltPoker
[2010/11/04 11:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\Full Tilt Poker
[2010/11/03 22:30:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/11/03 14:31:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/11/03 10:44:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/11/03 10:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/11/03 09:03:10 | 000,000,000 | ---D | C] -- C:\396e74ebe575747634f9
[2010/11/03 02:31:56 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/11/03 02:31:56 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/11/03 02:27:05 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/11/02 21:46:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/11/02 20:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Application Data\MSN6
[2010/11/02 20:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2010/11/02 19:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/11/02 19:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Local Settings\Application Data\Temp
[2010/11/02 19:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/11/02 19:41:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Local Settings\Application Data\Google
[2010/11/02 19:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/11/02 19:40:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/02 18:10:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/11/02 18:10:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/11/02 18:10:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/11/02 17:59:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/11/02 16:42:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Patty\IECompatCache
[2010/11/02 16:42:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Patty\PrivacIE
[2010/11/02 01:26:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Patty\IETldCache
[2010/11/02 01:10:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/11/02 01:08:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/11/02 01:07:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/11/02 01:07:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/11/01 23:36:14 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/11/01 23:05:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2010/11/01 22:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/11/01 22:42:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/11/01 22:42:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/11/01 22:25:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/11/01 22:23:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/11/01 14:26:21 | 000,000,000 | ---D | C] -- C:\My Drivers
[2010/11/01 14:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/11/01 13:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\My Documents\My Drivers
[2010/11/01 13:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Local Settings\Application Data\Innovative Solutions
[2010/11/01 13:04:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/29 00:03:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Local Settings\Application Data\Identities
[2010/10/28 21:09:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

========== Files - Modified Within 30 Days ==========

[2010/11/11 16:49:39 | 000,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/11 16:48:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/11 16:48:49 | 402,235,392 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/11 16:43:16 | 001,215,581 | ---- | M] () -- C:\Documents and Settings\Patty\Desktop\tdsskiller.zip
[2010/11/11 16:20:47 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/11/11 10:36:03 | 000,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/10 23:45:06 | 000,035,609 | ---- | M] () -- C:\Documents and Settings\Patty\My Documents\computer 2.rtf
[2010/11/10 23:44:18 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010/11/10 23:32:44 | 000,001,549 | ---- | M] () -- C:\Documents and Settings\Patty\My Documents\computer.rtf
[2010/11/10 00:36:56 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/11/09 20:04:45 | 000,122,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/09 18:45:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patty\Desktop\OTL.exe
[2010/11/08 19:19:44 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/08 19:19:35 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/08 02:36:40 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/07 22:21:31 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/07 22:17:53 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 22:17:53 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/06 13:42:58 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Patty\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
[2010/11/04 11:25:52 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2010/11/04 11:13:03 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Patty\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/11/03 15:43:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/03 14:35:40 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/11/03 10:21:42 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Patty\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/03 02:35:06 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/11/03 02:22:23 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/11/03 02:22:23 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/11/03 02:21:57 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/03 02:15:48 | 000,022,748 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/02 22:56:01 | 000,263,469 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/11/02 22:33:55 | 000,001,632 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/11/02 17:58:26 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/01 23:58:57 | 000,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak

========== Files Created - No Company Name ==========

[2010/11/11 16:43:03 | 001,215,581 | ---- | C] () -- C:\Documents and Settings\Patty\Desktop\tdsskiller.zip
[2010/11/10 23:45:06 | 000,035,609 | ---- | C] () -- C:\Documents and Settings\Patty\My Documents\computer 2.rtf
[2010/11/10 23:44:15 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/11/10 23:32:44 | 000,001,549 | ---- | C] () -- C:\Documents and Settings\Patty\My Documents\computer.rtf
[2010/11/09 15:24:04 | 402,235,392 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/08 19:19:44 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/08 02:36:40 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/07 22:21:31 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/06 13:42:58 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Patty\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
[2010/11/04 11:25:52 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2010/11/03 03:50:09 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/11/03 03:50:09 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/11/03 03:50:08 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/11/03 03:50:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/11/03 03:50:04 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/11/03 03:50:03 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/11/03 03:50:03 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010/11/03 03:50:01 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/11/03 03:50:01 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/11/03 03:50:00 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/11/03 03:50:00 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/11/03 03:50:00 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/11/03 03:50:00 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/11/03 03:49:59 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/11/03 03:49:59 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/11/03 03:49:59 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/11/03 03:49:58 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2010/11/03 03:49:40 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/11/03 03:49:39 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/11/03 03:49:38 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/11/03 03:49:38 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/11/03 03:49:37 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/11/03 03:49:37 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/11/03 03:49:37 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/11/03 03:49:37 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/11/03 03:49:37 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/11/03 03:49:37 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/11/03 03:49:36 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/11/03 03:49:06 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/11/03 03:49:06 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/11/03 03:49:06 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/11/03 03:48:26 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/11/03 03:48:26 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/11/03 03:48:26 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/11/03 03:48:26 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/11/03 03:48:25 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/11/03 03:48:25 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/11/03 03:48:17 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/11/03 03:48:17 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/11/03 03:48:17 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/11/03 03:48:17 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/11/03 03:47:12 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/11/03 03:47:07 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/11/03 03:46:48 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/11/03 03:46:44 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2010/11/03 03:46:31 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/11/03 03:46:31 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2010/11/03 03:46:31 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2010/11/03 03:46:31 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2010/11/03 03:46:31 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2010/11/03 03:46:30 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2010/11/03 03:46:30 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2010/11/03 03:46:30 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2010/11/03 03:46:30 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2010/11/03 03:46:30 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2010/11/03 03:46:30 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2010/11/03 03:46:30 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2010/11/03 03:46:30 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2010/11/03 03:46:30 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2010/11/03 03:46:30 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2010/11/03 03:46:30 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2010/11/03 03:46:11 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/11/03 03:46:03 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/11/03 03:46:03 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/11/03 03:44:58 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/11/03 03:44:58 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/11/03 03:44:58 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/11/03 03:44:42 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/11/03 03:42:43 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/11/03 03:42:11 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/11/03 03:42:11 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/11/03 03:42:11 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/11/03 03:42:11 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/11/03 03:42:06 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2010/11/03 03:42:05 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/11/03 03:42:05 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/11/03 03:42:05 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/11/03 03:42:04 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/11/03 03:42:04 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/11/03 03:41:51 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/11/03 03:16:33 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2010/11/03 02:31:30 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/11/03 02:29:46 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/11/03 02:29:17 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/11/03 02:29:15 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/11/03 02:29:11 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/11/03 02:28:50 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/11/03 02:28:35 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/11/03 02:27:14 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/11/03 02:01:05 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/11/03 02:01:05 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/11/03 02:01:05 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/11/03 02:01:05 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/11/03 02:01:04 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/11/03 02:01:04 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/11/03 02:01:04 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/11/01 23:58:58 | 000,013,668 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2010/11/01 23:27:58 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/11/01 09:57:00 | 000,001,744 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/30 00:31:35 | 000,001,632 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2005/01/30 19:17:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/30 18:45:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2010/11/02 19:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/08 00:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

#4
Pat_54

Posted 11 November 2010 - 04:14 PM

Member

Topic Starter
Member
212 posts

2010/11/11 16:45:15.0810 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/11 16:45:15.0810 ================================================================================
2010/11/11 16:45:15.0810 SystemInfo:
2010/11/11 16:45:15.0810
2010/11/11 16:45:15.0810 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/11 16:45:15.0810 Product type: Workstation
2010/11/11 16:45:15.0810 ComputerName: GATEWAY
2010/11/11 16:45:15.0810 UserName: Patty
2010/11/11 16:45:15.0810 Windows directory: C:\WINDOWS
2010/11/11 16:45:15.0810 System windows directory: C:\WINDOWS
2010/11/11 16:45:15.0810 Processor architecture: Intel x86
2010/11/11 16:45:15.0810 Number of processors: 1
2010/11/11 16:45:15.0810 Page size: 0x1000
2010/11/11 16:45:15.0810 Boot type: Normal boot
2010/11/11 16:45:15.0810 ================================================================================
2010/11/11 16:45:16.0631 Initialize success
2010/11/11 16:45:23.0791 ================================================================================
2010/11/11 16:45:23.0791 Scan started
2010/11/11 16:45:23.0791 Mode: Manual;
2010/11/11 16:45:23.0791 ================================================================================
2010/11/11 16:45:24.0752 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/11/11 16:45:25.0533 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/11 16:45:25.0834 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/11 16:45:26.0405 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/11 16:45:26.0715 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/11 16:45:27.0006 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/11 16:45:29.0139 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/11/11 16:45:29.0429 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/11/11 16:45:29.0750 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/11/11 16:45:30.0130 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/11/11 16:45:30.0421 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/11/11 16:45:30.0761 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/11 16:45:31.0071 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/11 16:45:31.0582 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/11 16:45:31.0903 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/11 16:45:32.0243 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/11 16:45:32.0564 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/11 16:45:33.0064 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/11 16:45:33.0345 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/11 16:45:33.0645 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/11 16:45:35.0368 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/11 16:45:35.0778 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/11 16:45:36.0239 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
2010/11/11 16:45:36.0479 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/11 16:45:36.0760 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/11 16:45:37.0160 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2010/11/11 16:45:37.0461 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2010/11/11 16:45:37.0711 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
2010/11/11 16:45:38.0041 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2010/11/11 16:45:38.0552 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/11 16:45:38.0863 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys
2010/11/11 16:45:39.0243 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/11 16:45:39.0554 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/11 16:45:39.0864 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/11 16:45:40.0225 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/11 16:45:40.0505 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/11 16:45:40.0856 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/11 16:45:41.0286 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/11 16:45:41.0557 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/11/11 16:45:41.0807 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/11 16:45:42.0227 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/11 16:45:42.0768 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/11 16:45:43.0569 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/11 16:45:43.0830 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/11 16:45:44.0451 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/11 16:45:44.0741 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/11 16:45:45.0011 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/11 16:45:45.0262 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/11 16:45:45.0542 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/11 16:45:45.0893 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/11 16:45:46.0203 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/11 16:45:46.0494 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/11 16:45:46.0804 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/11 16:45:47.0165 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/11 16:45:47.0445 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/11 16:45:48.0076 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/11 16:45:48.0336 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/11 16:45:48.0567 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/11 16:45:48.0827 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/11 16:45:49.0167 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/11 16:45:49.0698 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/11 16:45:50.0059 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/11 16:45:50.0569 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/11 16:45:50.0850 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/11 16:45:51.0090 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/11 16:45:51.0401 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/11 16:45:51.0671 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/11 16:45:51.0951 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/11 16:45:52.0312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/11 16:45:52.0582 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/11 16:45:52.0853 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/11 16:45:53.0153 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/11 16:45:53.0474 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/11 16:45:53.0744 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/11 16:45:54.0034 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/11 16:45:54.0485 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2010/11/11 16:45:54.0745 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/11 16:45:55.0166 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/11 16:45:55.0537 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/11 16:45:56.0218 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/11 16:45:56.0798 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/11 16:45:57.0089 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/11 16:45:57.0379 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2010/11/11 16:45:57.0680 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2010/11/11 16:45:57.0980 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2010/11/11 16:45:58.0291 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/11/11 16:45:58.0601 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/11 16:45:58.0861 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/11 16:45:59.0162 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/11 16:45:59.0462 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/11 16:46:00.0303 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/11 16:46:00.0664 PCTCore (8f93fb300deac55c553c2255f1d0342d) C:\WINDOWS\system32\drivers\PCTCore.sys
2010/11/11 16:46:02.0727 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/11 16:46:03.0027 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/11 16:46:03.0298 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/11 16:46:04.0760 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/11 16:46:05.0060 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/11 16:46:05.0371 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/11 16:46:05.0671 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/11 16:46:05.0992 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/11 16:46:06.0282 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/11 16:46:06.0593 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/11 16:46:06.0943 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/11 16:46:07.0263 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/11 16:46:07.0684 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/11/11 16:46:07.0854 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/11/11 16:46:08.0005 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/11/11 16:46:08.0195 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2010/11/11 16:46:08.0575 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/11 16:46:08.0916 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/11 16:46:09.0246 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/11 16:46:09.0537 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/11 16:46:10.0318 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/11 16:46:10.0638 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/11 16:46:11.0019 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/11 16:46:11.0450 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/11 16:46:11.0740 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/11 16:46:12.0942 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/11 16:46:13.0362 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/11 16:46:13.0703 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2010/11/11 16:46:13.0963 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/11 16:46:14.0284 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/11 16:46:14.0554 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/11 16:46:15.0245 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2010/11/11 16:46:15.0515 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/11 16:46:16.0116 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/11 16:46:16.0597 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/11 16:46:16.0877 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/11 16:46:17.0198 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/11 16:46:17.0588 USR1801 (a80feb3e2b5bd47d12080439771fdab1) C:\WINDOWS\system32\DRIVERS\USR1801.SYS
2010/11/11 16:46:18.0019 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/11 16:46:18.0520 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/11 16:46:18.0920 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/11 16:46:19.0421 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/11 16:46:19.0972 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/11/11 16:46:19.0992 ================================================================================
2010/11/11 16:46:19.0992 Scan finished
2010/11/11 16:46:19.0992 ================================================================================
2010/11/11 16:46:20.0072 Detected object count: 1
2010/11/11 16:47:07.0130 \HardDisk1 - will be cured after reboot
2010/11/11 16:47:07.0130 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
2010/11/11 16:47:16.0072 Deinitialize success

OTL logfile created on: 11/11/2010 4:58:09 PM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Patty\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

384.00 Mb Total Physical Memory | 144.00 Mb Available Physical Memory | 38.00% Memory free
924.00 Mb Paging File | 645.00 Mb Available in Paging File | 70.00% Paging File free
Paging file location(s): c:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.73 Gb Total Space | 7.88 Gb Free Space | 50.10% Space Free | Partition Type: NTFS
Drive D: | 6.00 Gb Total Space | 5.94 Gb Free Space | 98.95% Space Free | Partition Type: NTFS

Computer Name: GATEWAY | User Name: Patty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/09 18:45:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patty\Desktop\OTL.exe
PRC - [2010/11/08 18:35:55 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/11/09 18:45:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patty\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

========== Driver Services (SafeList) ==========

DRV - [2010/11/08 18:35:55 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/08 18:35:55 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/11/08 18:35:54 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/08/18 12:51:26 | 000,237,632 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/02/28 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2006/02/28 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 12:28:16 | 000,794,654 | ---- | M] (U.S. Robotics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USR1801.SYS -- (USR1801)
DRV - [2001/08/17 11:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010/11/11 16:20:47 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Patty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Patty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/30 18:49:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/11 16:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Desktop\tdsskiller
[2010/11/11 16:20:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/10 01:28:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/10 01:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/09 18:45:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patty\Desktop\OTL.exe
[2010/11/08 19:19:43 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/11/08 19:19:42 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/11/08 19:19:39 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/11/08 19:19:37 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/11/08 19:19:34 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/11/08 19:19:34 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/11/08 19:19:33 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/11/08 19:04:31 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/11/08 19:04:27 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/11/08 02:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Application Data\Malwarebytes
[2010/11/08 02:36:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/08 02:36:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/08 02:36:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/08 02:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/07 22:21:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/11/07 22:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Application Data\SUPERAntiSpyware.com
[2010/11/07 22:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/11/07 22:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/11/06 13:02:23 | 000,237,632 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/11/06 13:02:23 | 000,159,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/11/06 13:01:17 | 000,087,400 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys
[2010/11/06 13:01:17 | 000,031,960 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys
[2010/11/06 13:01:15 | 000,123,712 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys
[2010/11/06 13:01:03 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/11/06 12:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/11/06 12:59:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/06 12:53:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/06 12:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/11/06 03:58:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/11/05 23:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Local Settings\Application Data\PackageAware
[2010/11/04 19:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Local Settings\Application Data\cache
[2010/11/04 11:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Local Settings\Application Data\FullTiltPoker
[2010/11/04 11:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\Full Tilt Poker
[2010/11/03 22:30:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/11/03 14:31:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/11/03 10:44:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/11/03 10:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/11/03 09:03:10 | 000,000,000 | ---D | C] -- C:\396e74ebe575747634f9
[2010/11/03 02:31:56 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/11/03 02:31:56 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/11/03 02:27:05 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/11/02 21:46:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/11/02 20:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Application Data\MSN6
[2010/11/02 20:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2010/11/02 19:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/11/02 19:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Local Settings\Application Data\Temp
[2010/11/02 19:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/11/02 19:41:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Local Settings\Application Data\Google
[2010/11/02 19:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/11/02 19:40:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/02 18:10:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/11/02 18:10:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/11/02 18:10:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/11/02 17:59:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/11/02 16:42:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Patty\IECompatCache
[2010/11/02 16:42:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Patty\PrivacIE
[2010/11/02 01:26:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Patty\IETldCache
[2010/11/02 01:10:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/11/02 01:08:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/11/02 01:07:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/11/02 01:07:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/11/01 23:36:14 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/11/01 23:05:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2010/11/01 22:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/11/01 22:42:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/11/01 22:42:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/11/01 22:25:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/11/01 22:23:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/11/01 14:26:21 | 000,000,000 | ---D | C] -- C:\My Drivers
[2010/11/01 14:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/11/01 13:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\My Documents\My Drivers
[2010/11/01 13:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Local Settings\Application Data\Innovative Solutions
[2010/11/01 13:04:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/29 00:03:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patty\Local Settings\Application Data\Identities
[2010/10/28 21:09:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

========== Files - Modified Within 30 Days ==========

[2010/11/11 16:49:39 | 000,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/11 16:48:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/11 16:48:49 | 402,235,392 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/11 16:43:16 | 001,215,581 | ---- | M] () -- C:\Documents and Settings\Patty\Desktop\tdsskiller.zip
[2010/11/11 16:20:47 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/11/11 10:36:03 | 000,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/10 23:45:06 | 000,035,609 | ---- | M] () -- C:\Documents and Settings\Patty\My Documents\computer 2.rtf
[2010/11/10 23:44:18 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010/11/10 23:32:44 | 000,001,549 | ---- | M] () -- C:\Documents and Settings\Patty\My Documents\computer.rtf
[2010/11/10 00:36:56 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/11/09 20:04:45 | 000,122,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/09 18:45:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patty\Desktop\OTL.exe
[2010/11/08 19:19:44 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/08 19:19:35 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/08 02:36:40 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/07 22:21:31 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/07 22:17:53 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 22:17:53 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/06 13:42:58 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Patty\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
[2010/11/04 11:25:52 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2010/11/04 11:13:03 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Patty\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/11/03 15:43:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/03 14:35:40 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/11/03 10:21:42 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Patty\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/03 02:35:06 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/11/03 02:22:23 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/11/03 02:22:23 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/11/03 02:21:57 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/03 02:15:48 | 000,022,748 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/02 22:56:01 | 000,263,469 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/11/02 22:33:55 | 000,001,632 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/11/02 17:58:26 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/01 23:58:57 | 000,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak

========== Files Created - No Company Name ==========

[2010/11/11 16:43:03 | 001,215,581 | ---- | C] () -- C:\Documents and Settings\Patty\Desktop\tdsskiller.zip
[2010/11/10 23:45:06 | 000,035,609 | ---- | C] () -- C:\Documents and Settings\Patty\My Documents\computer 2.rtf
[2010/11/10 23:44:15 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/11/10 23:32:44 | 000,001,549 | ---- | C] () -- C:\Documents and Settings\Patty\My Documents\computer.rtf
[2010/11/09 15:24:04 | 402,235,392 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/08 19:19:44 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/08 02:36:40 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/07 22:21:31 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/06 13:42:58 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Patty\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
[2010/11/04 11:25:52 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2010/11/03 03:50:09 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/11/03 03:50:09 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/11/03 03:50:08 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/11/03 03:50:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/11/03 03:50:04 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/11/03 03:50:03 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/11/03 03:50:03 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010/11/03 03:50:01 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/11/03 03:50:01 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/11/03 03:50:00 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/11/03 03:50:00 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/11/03 03:50:00 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/11/03 03:50:00 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/11/03 03:49:59 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/11/03 03:49:59 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/11/03 03:49:59 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/11/03 03:49:58 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2010/11/03 03:49:40 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/11/03 03:49:39 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/11/03 03:49:38 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/11/03 03:49:38 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/11/03 03:49:37 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/11/03 03:49:37 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/11/03 03:49:37 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/11/03 03:49:37 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/11/03 03:49:37 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/11/03 03:49:37 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/11/03 03:49:36 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/11/03 03:49:06 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/11/03 03:49:06 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/11/03 03:49:06 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/11/03 03:48:26 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/11/03 03:48:26 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/11/03 03:48:26 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/11/03 03:48:26 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/11/03 03:48:25 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/11/03 03:48:25 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/11/03 03:48:17 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/11/03 03:48:17 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/11/03 03:48:17 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/11/03 03:48:17 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/11/03 03:47:12 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/11/03 03:47:07 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/11/03 03:46:48 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/11/03 03:46:44 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2010/11/03 03:46:31 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/11/03 03:46:31 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2010/11/03 03:46:31 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2010/11/03 03:46:31 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2010/11/03 03:46:31 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2010/11/03 03:46:30 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2010/11/03 03:46:30 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2010/11/03 03:46:30 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2010/11/03 03:46:30 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2010/11/03 03:46:30 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2010/11/03 03:46:30 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2010/11/03 03:46:30 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2010/11/03 03:46:30 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2010/11/03 03:46:30 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2010/11/03 03:46:30 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2010/11/03 03:46:30 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2010/11/03 03:46:11 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/11/03 03:46:03 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/11/03 03:46:03 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/11/03 03:44:58 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/11/03 03:44:58 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/11/03 03:44:58 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/11/03 03:44:42 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/11/03 03:42:43 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/11/03 03:42:11 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/11/03 03:42:11 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/11/03 03:42:11 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/11/03 03:42:11 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/11/03 03:42:06 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2010/11/03 03:42:05 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/11/03 03:42:05 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/11/03 03:42:05 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/11/03 03:42:04 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/11/03 03:42:04 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/11/03 03:41:51 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/11/03 03:16:33 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2010/11/03 02:31:30 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/11/03 02:29:46 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/11/03 02:29:17 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/11/03 02:29:15 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/11/03 02:29:11 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/11/03 02:28:50 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/11/03 02:28:35 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/11/03 02:27:14 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/11/03 02:01:05 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/11/03 02:01:05 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/11/03 02:01:05 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/11/03 02:01:05 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/11/03 02:01:04 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/11/03 02:01:04 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/11/03 02:01:04 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/11/01 23:58:58 | 000,013,668 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2010/11/01 23:27:58 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/11/01 09:57:00 | 000,001,744 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/30 00:31:35 | 000,001,632 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2005/01/30 19:17:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/30 18:45:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2010/11/02 19:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/08 00:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

#5
Essexboy

Posted 11 November 2010 - 04:58 PM

GeekU Moderator

Retired Staff
69,964 posts

OK main one dead lets get the rest

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#6
Pat_54

Posted 11 November 2010 - 09:43 PM

Member

Topic Starter
Member
212 posts

Here's the copy from the combofix

ComboFix 10-11-11.01 - Patty 11/11/2010 22:13:03.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.384.227 [GMT -5:00]
Running from: c:\documents and settings\Patty\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IAS

((((((((((((((((((((((((( Files Created from 2010-10-12 to 2010-11-12 )))))))))))))))))))))))))))))))
.

2010-11-11 21:20 . 2010-11-11 21:20 -------- d-----w- C:\_OTL
2010-11-10 07:48 . 2010-11-10 07:48 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-11-10 05:23 . 2010-11-10 05:23 -------- d--h--w- c:\documents and settings\NetworkService\Default User
2010-11-09 08:46 . 2010-11-09 08:48 -------- d-----w- c:\documents and settings\Administrator
2010-11-09 00:19 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-09 00:19 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-09 00:19 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-09 00:19 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-09 00:19 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-09 00:19 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-09 00:19 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-09 00:04 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-09 00:04 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-08 07:36 . 2010-11-08 07:36 -------- d-----w- c:\documents and settings\Patty\Application Data\Malwarebytes
2010-11-08 07:36 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-08 07:36 . 2010-11-08 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-08 07:36 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-08 07:36 . 2010-11-08 07:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-08 03:21 . 2010-11-08 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-11-08 03:21 . 2010-11-09 08:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-11-08 03:21 . 2010-11-08 03:21 -------- d-----w- c:\documents and settings\Patty\Application Data\SUPERAntiSpyware.com
2010-11-08 03:20 . 2010-11-08 03:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-11-06 18:02 . 2010-09-30 12:58 159936 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-11-06 18:02 . 2010-08-18 17:51 237632 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-11-06 18:01 . 2010-09-03 16:28 87400 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-11-06 18:01 . 2010-08-10 21:58 31960 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-11-06 18:01 . 2010-10-05 15:11 123712 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-11-06 18:01 . 2010-08-27 13:26 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-11-06 17:59 . 2010-11-06 18:01 -------- d-----w- c:\program files\Common Files\PC Tools
2010-11-06 17:59 . 2010-11-08 05:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-11-06 17:43 . 2010-11-06 17:43 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-11-06 08:58 . 2010-11-06 18:23 -------- d-----w- c:\windows\system32\NtmsData
2010-11-06 04:06 . 2010-11-06 04:06 -------- d-----w- c:\documents and settings\Patty\Local Settings\Application Data\PackageAware
2010-11-05 00:33 . 2010-11-05 00:33 -------- d-----w- c:\documents and settings\Patty\Local Settings\Application Data\cache
2010-11-04 16:26 . 2010-11-05 01:37 -------- d-----w- c:\documents and settings\Patty\Local Settings\Application Data\FullTiltPoker
2010-11-04 16:24 . 2010-11-07 03:47 -------- d-----w- c:\program files\Full Tilt Poker
2010-11-04 03:30 . 2010-11-04 04:13 -------- dc----w- c:\windows\system32\DRVSTORE
2010-11-03 20:29 . 2010-09-18 16:23 974848 -c----w- c:\windows\system32\dllcache\mfc42u.dll
2010-11-03 20:29 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-11-03 20:29 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-03 20:28 . 2010-08-27 05:57 99840 -c----w- c:\windows\system32\dllcache\srvsvc.dll
2010-11-03 20:28 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-11-03 20:28 . 2010-07-16 12:05 1288192 -c----w- c:\windows\system32\dllcache\ole32.dll
2010-11-03 20:28 . 2010-08-17 13:17 58880 -c----w- c:\windows\system32\dllcache\spoolsv.exe
2010-11-03 20:28 . 2010-06-18 17:45 293376 -c----w- c:\windows\system32\dllcache\winsrv.dll
2010-11-03 20:28 . 2010-04-16 15:36 406016 -c----w- c:\windows\system32\dllcache\usp10.dll
2010-11-03 20:25 . 2009-10-21 05:38 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2010-11-03 20:25 . 2009-10-21 05:38 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2010-11-03 20:25 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2010-11-03 20:23 . 2008-05-09 10:53 90112 -c----w- c:\windows\system32\dllcache\wshext.dll
2010-11-03 20:23 . 2008-05-09 10:53 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll
2010-11-03 20:23 . 2008-05-09 10:53 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll
2010-11-03 20:23 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe
2010-11-03 20:23 . 2008-05-07 09:07 135168 -c----w- c:\windows\system32\dllcache\cscript.exe
2010-11-03 15:14 . 2010-11-03 15:14 -------- d-----w- c:\program files\MSXML 6.0
2010-11-03 15:08 . 2010-09-10 05:58 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-11-03 15:08 . 2010-09-10 05:58 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-11-03 15:08 . 2010-09-10 05:58 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-11-03 15:08 . 2010-09-10 05:58 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-11-03 15:08 . 2010-09-10 05:58 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-03 15:08 . 2010-09-10 05:58 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-11-03 15:08 . 2010-09-10 05:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-03 14:03 . 2010-11-03 14:03 -------- d-----w- C:\396e74ebe575747634f9
2010-11-03 09:02 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-11-03 09:01 . 2008-06-24 16:43 74240 -c----w- c:\windows\system32\dllcache\mscms.dll
2010-11-03 09:01 . 2009-06-25 08:25 56832 -c----w- c:\windows\system32\dllcache\secur32.dll
2010-11-03 09:01 . 2009-03-21 14:06 989696 -c----w- c:\windows\system32\dllcache\kernel32.dll
2010-11-03 09:01 . 2009-06-12 12:31 80896 -c----w- c:\windows\system32\dllcache\tlntsess.exe
2010-11-03 09:01 . 2009-06-12 12:31 76288 -c----w- c:\windows\system32\dllcache\telnet.exe
2010-11-03 09:01 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2010-11-03 09:01 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-03 09:00 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-11-03 09:00 . 2009-10-12 13:38 149504 -c----w- c:\windows\system32\dllcache\rastls.dll
2010-11-03 09:00 . 2009-10-12 13:38 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2010-11-03 09:00 . 2009-07-17 16:22 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2010-11-03 09:00 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-03 09:00 . 2008-07-07 20:26 253952 -c----w- c:\windows\system32\dllcache\es.dll
2010-11-03 09:00 . 2009-12-14 07:08 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll
2010-11-03 09:00 . 2009-12-08 09:23 474112 -c----w- c:\windows\system32\dllcache\shlwapi.dll
2010-11-03 08:59 . 2009-06-10 06:14 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll
2010-11-03 08:59 . 2010-02-12 04:33 100864 -c----w- c:\windows\system32\dllcache\6to4svc.dll
2010-11-03 08:59 . 2010-06-30 12:31 149504 -c----w- c:\windows\system32\dllcache\schannel.dll
2010-11-03 08:45 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-11-03 08:45 . 2009-07-31 15:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-11-03 08:43 . 2008-04-14 00:11 81920 ------w- c:\windows\system32\ieencode.dll
2010-11-03 08:42 . 2008-04-14 00:12 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-11-03 08:41 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-11-03 08:41 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-11-03 08:25 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-11-03 08:25 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-11-03 08:25 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-11-03 08:25 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-11-03 08:25 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-11-03 08:24 . 2010-04-28 02:25 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-11-03 08:24 . 2010-04-27 13:05 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-11-03 08:24 . 2010-04-27 13:05 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-11-03 08:24 . 2010-04-27 13:59 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-11-03 08:24 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-11-03 08:24 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-11-03 08:24 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-11-03 08:24 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-11-03 08:24 . 2009-05-07 15:32 345600 -c----w- c:\windows\system32\dllcache\localspl.dll
2010-11-03 08:23 . 2008-06-12 14:23 956928 -c----w- c:\windows\system32\dllcache\msdtctm.dll
2010-11-03 08:23 . 2008-06-12 14:23 91648 -c----w- c:\windows\system32\dllcache\mtxoci.dll
2010-11-03 08:23 . 2008-06-12 14:23 66560 -c----w- c:\windows\system32\dllcache\mtxclu.dll
2010-11-03 08:23 . 2008-06-12 14:23 58880 -c----w- c:\windows\system32\dllcache\msdtclog.dll
2010-11-03 08:23 . 2008-06-12 14:23 428032 -c----w- c:\windows\system32\dllcache\msdtcprx.dll
2010-11-03 08:23 . 2008-06-12 14:23 161792 -c----w- c:\windows\system32\dllcache\msdtcuiu.dll
2010-11-03 08:22 . 2009-09-04 21:03 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2010-11-03 08:22 . 2009-11-27 17:11 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2010-11-03 08:22 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-11-03 08:22 . 2009-12-24 06:59 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2010-11-03 08:21 . 2010-08-31 13:42 1852800 -c----w- c:\windows\system32\dllcache\win32k.sys
2010-11-03 08:20 . 2010-07-27 06:30 8462336 -c----w- c:\windows\system32\dllcache\shell32.dll
2010-11-03 08:19 . 2009-10-13 10:30 270336 -c----w- c:\windows\system32\dllcache\oakley.dll
2010-11-03 08:19 . 2009-11-27 16:07 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2010-11-03 08:19 . 2009-11-27 16:07 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll
2010-11-03 08:19 . 2009-11-27 16:07 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2010-11-03 08:19 . 2009-11-27 16:07 11264 -c----w- c:\windows\system32\dllcache\msrle32.dll
2010-11-03 08:19 . 2010-02-11 12:02 226880 -c----w- c:\windows\system32\dllcache\tcpip6.sys
2010-11-03 08:19 . 2008-08-14 10:04 138496 -c----w- c:\windows\system32\dllcache\afd.sys
2010-11-03 08:19 . 2008-06-20 17:46 245248 -c----w- c:\windows\system32\dllcache\mswsock.dll
2010-11-03 08:19 . 2008-06-20 17:46 147968 -c----w- c:\windows\system32\dllcache\dnsapi.dll
2010-11-03 08:19 . 2008-06-20 11:51 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys
2010-11-03 08:18 . 2010-06-09 07:43 692736 -c----w- c:\windows\system32\dllcache\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 16:23 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-02-28 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-02-28 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2006-02-28 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2006-02-28 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2006-02-28 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2006-02-28 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2006-02-28 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2006-02-28 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-11-08 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-11-08 23:35 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdAuxService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/6/2010 1:02 PM 237632]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/8/2010 7:19 PM 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 4:17 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 4:17 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/8/2010 7:19 PM 17744]
R3 USR1801;U.S. Robotics Faxmodem Driver 1801;c:\windows\system32\drivers\USR1801.SYS [1/30/2005 6:47 PM 794654]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 4:17 PM 12872]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe --> c:\program files\PC Tools Security\pctsAuxs.exe [?]
.
.
------- Supplementary Scan -------
.
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ISTray - c:\program files\PC Tools Security\pctsGui.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-11 22:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2964)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-11-11 22:33:52 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-12 03:33

Pre-Run: 8,400,068,608 bytes free
Post-Run: 8,320,036,864 bytes free

- - End Of File - - 200720608D240A6108547F0FD3F05CBD

#7
Essexboy

Posted 12 November 2010 - 03:18 AM

GeekU Moderator

Retired Staff
69,964 posts

OK looks like we did not need combofix.. How is your computer running now ?

#8
Pat_54

Posted 12 November 2010 - 10:54 AM

Member

Topic Starter
Member
212 posts

Hi again
Things seem to be okay. No more redirecting me to other sites when opening IE and computer runs faster although still have a little problem maybe I can explain I have never had this happen in all the time I've had computers. After restarting computer, when the windows xp progress bar is going I hear a click which sounds like monitor shutting off screen flashing quickly but then shows same windows xp with progress bar then I here a click again and screen flashes again and goes blank for a just a second then the welcome screen appears and all seems okay. I have changed to three different monitors but they all act the same. I did a clean install of windows xp a while back but it didn't change anything. Can you tell me what might be happening. Also I would like to know if there are any free programs that would locate your drivers and/or update drivers and fix registry. Also can I do a backup of this system on cd and would it do any good with the amount of adware malware and trojans that were on here. Wouldn't I still have to clean system of all infections before installing the backup?

#9
Essexboy

Posted 12 November 2010 - 03:03 PM

GeekU Moderator

Retired Staff
69,964 posts

That does sound like a video driver problem - what is the make and model of the video card ?

Also I would like to know if there are any free programs that would locate your drivers and/or update drivers and fix registry.

None that I am aware of - although I work on the basis - if it ain't broke don't fix it. As for registry cleaners I would not recommend any as they can do more harm than good

Also can I do a backup of this system on cd and would it do any good with the amount of adware malware and trojans that were on here.

There is a free imaging and backup programme available here and now would be the ideal time to image it - an image totally overwrites all data - so if your system was infected it would overwrite it all

Looking at that I am a happy bunny

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.

SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disc check
[attachment=45985:Boot defrag.jpg]

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

SpywareBlaster to help prevent spyware from installing in the first place.
Malwarebytes. Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe

#10
Pat_54

Posted 13 November 2010 - 04:40 AM

Member

Topic Starter
Member
212 posts

Hi again
I did everything you told me to and computer is running pretty good. I tried downloading updated driver for video card but no luck made things worse had to reinstall old driver. Computer is old but has a STB 16mb AGP. Went to manufacturer and I haven't had any luck. Don't no where else to look. I really need to tell you Thank You so very much for all your help. You people really know your stuff when it comes to computers. It's nice to know that there is still free help and it's good help.

#11
Essexboy

Posted 13 November 2010 - 05:58 AM

GeekU Moderator

Retired Staff
69,964 posts

I did find a driver archive here that may help

#12
Pat_54

Posted 16 November 2010 - 10:19 PM

Member

Topic Starter
Member
212 posts

Hi

I know it's been a couple of days but had lots of things come up. But just wanted to say thank you so very much, followed everything you said to do and computer is working like a charm. Had a little trouble with the driver for the video card but got what I needed and no more glitch with screen. Thanks again you guys do one heck of a job in here. Take care and hope your holidays are special. Pat

#13
Essexboy

Posted 17 November 2010 - 01:26 PM

GeekU Moderator

Retired Staff
69,964 posts

No problem - glad you are happy

#14
Essexboy

Posted 17 November 2010 - 01:26 PM

GeekU Moderator

Retired Staff
69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.