Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Error when starting windows RunDLL CTMHDM.DLL

Started by WigglesGRN , Apr 29 2011 09:06 AM

  • This topic is locked This topic is locked

#1
WigglesGRN
Posted 29 April 2011 - 09:06 AM

WigglesGRN

    Member

  • Member
  • PipPip
  • 13 posts
After a clean of an infected PC (I had to re-install windows in the recovery state as when cleaning it lost a few files) when starting the PC's we have here we get a pop up with an RunDLL error saying it cant run C:\windows\system32\ctmhmd.dll

also avast gives URL blocked pop ups for 199.80.55.19 as Malicious URL Blocked, also we can not access windows update from the PC (running Windows XP Home sp3) and when trying to post to the fourms we got an error saying "request timed out" (im posting from a clean laptop)

Thanks for reading and help in advance

WigglesGRN


OTL Logs:


OTL logfile created on: 29/04/2011 15:26:45 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Gilli\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format:

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 2.90 Gb Free Space | 7.79% Space Free | Partition Type: NTFS

Computer Name: PAIRENTSPC | User Name: Gilli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/29 15:26:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gilli\My Documents\Downloads\OTL.exe
PRC - [2011/04/20 16:57:04 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/04/18 18:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/04/18 18:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/07 12:21:00 | 000,107,008 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
PRC - [2011/01/31 13:16:40 | 000,703,360 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
PRC - [2010/12/08 15:31:06 | 000,628,736 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/11/23 18:49:24 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010/11/16 15:48:32 | 000,152,576 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010/11/15 14:41:18 | 000,367,496 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
PRC - [2010/05/11 11:11:58 | 000,134,144 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2010/01/27 09:40:58 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2009/10/27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/04/08 10:34:06 | 001,662,976 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D8055\v2\Belkinwcui.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/02/23 11:13:10 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (SafeList) ==========

MOD - [2011/04/29 15:26:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gilli\My Documents\Downloads\OTL.exe
MOD - [2011/04/18 18:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/18 18:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/12/08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - [2011/04/18 18:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 18:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 18:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 18:16:06 | 000,102,488 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/04/18 18:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 18:13:02 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/04/18 18:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/07/30 15:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/07/30 15:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/07/30 15:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/07/30 15:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/12 02:40:28 | 000,019,200 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2010/04/12 02:17:36 | 000,324,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/04/04 16:08:08 | 000,713,344 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/12/19 17:00:56 | 000,011,648 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpnucmp.sys -- (HPNUCMP)
DRV - [2006/12/19 17:00:50 | 000,011,136 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpnuhst.sys -- (hpnuhst)
DRV - [2006/12/19 17:00:44 | 000,037,248 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpnuhub.sys -- (HPNUHUB)
DRV - [2006/01/19 22:10:50 | 000,363,008 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2005/10/03 13:18:08 | 000,189,908 | ---- | M] (Zoran Microelectronics Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CoachWdm.sys -- (CoachWdm)
DRV - [2005/02/24 07:20:22 | 002,311,680 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/11/05 04:29:30 | 000,121,728 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys -- (SiSGbeXP)
DRV - [2000/10/15 17:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://uk.msn.com/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/05/25 10:03:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/04 10:57:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/03/09 15:47:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/28 21:57:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/03/09 15:47:29 | 000,000,000 | ---D | M]

[2011/04/28 21:58:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gilli\Application Data\Mozilla\Extensions
[2011/04/28 21:57:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2010/02/16 21:02:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 17:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-CFC3-3CECC9AB2EDA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [F5D8055v2] C:\Program Files\Belkin\F5D8055\v2\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [{C0695248-403D-F9F5-D7F3-EAE9822F2566}] File not found
O4 - HKCU..\Run: [{EA078DD4-9E1E-380F-5DB8-938D97002912}] File not found
O4 - HKCU..\Run: [GHWAUC6NNZ] File not found
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKCU..\Run: [NtWqIVLZEWZU] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Ulafogaxeyuvasax] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\Gilli\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Local intranet)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....ek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1128332850703 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1148978116000 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} http://downloads.vir...er1/xp_mail.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Gilli\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gilli\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/30 10:15:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{483e6160-d218-11df-9b0e-002275408818}\Shell - "" = AutoRun
O33 - MountPoints2\{483e6160-d218-11df-9b0e-002275408818}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{483e6160-d218-11df-9b0e-002275408818}\Shell\AutoRun\command - "" = F:\KODAK_Software_Downloader.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/28 22:23:28 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Gilli\Desktop\TDSSKiller.exe
[2011/04/28 22:19:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilli\Desktop\hosts
[2011/04/28 22:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2011/04/28 22:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareGuard
[2011/04/28 22:01:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilli\My Documents\Downloads
[2011/04/28 21:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilli\Local Settings\Application Data\Mozilla
[2011/04/28 21:58:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilli\Application Data\Mozilla
[2011/04/28 21:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/04/28 21:56:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/28 21:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/04/28 21:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/04/28 21:47:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/28 21:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2011/04/28 20:53:36 | 000,000,000 | ---D | C] -- C:\MGTools
[2011/04/28 20:42:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/28 20:26:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/28 20:22:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/28 20:22:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/28 20:22:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/28 20:22:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/28 20:22:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/28 20:21:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/28 19:21:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/04/28 19:17:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gilli\Recent
[2011/04/28 19:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/04/28 19:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/28 17:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/04/28 17:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/04/28 17:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/27 21:44:49 | 000,307,288 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/04/27 21:44:49 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/04/27 21:44:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/04/27 21:44:47 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/04/27 21:44:46 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/27 21:44:46 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/04/27 21:44:45 | 000,102,488 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/04/27 21:44:45 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/04/27 21:44:44 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/04/27 21:44:31 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/04/27 21:44:30 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/04/27 21:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/04/27 21:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/27 21:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilli\Application Data\SUPERAntiSpyware.com
[2011/04/27 20:52:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/04/27 20:28:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/04/27 17:59:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/27 17:19:32 | 000,000,000 | ---D | C] -- C:\fe7425e4a7ef88f65276324cdaaabd
[2011/04/27 17:02:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/27 16:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilli\Application Data\Osonov
[2011/04/27 16:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilli\Application Data\Asbiiw
[2011/04/27 16:23:02 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/04/27 16:23:02 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/04/27 16:21:27 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/04/27 15:16:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilli\Application Data\Oxyc
[2011/04/27 15:16:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilli\Application Data\Efwya
[2011/04/27 15:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/27 15:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/04/27 15:13:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/27 15:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/27 15:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilli\Local Settings\Application Data\{38D68470-C99F-456A-B49C-FB15EF747F88}
[2011/04/06 11:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nokia PC Suite
[2011/04/06 11:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/29 15:36:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F2CD3050-988F-4A9B-B8A5-396F3AB4127C}.job
[2011/04/29 15:33:08 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/04/29 15:21:02 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A01C03DB-872A-4DA0-A521-43DC3FA62DC0}.job
[2011/04/29 15:19:07 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/29 15:17:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/28 22:18:54 | 000,151,515 | ---- | M] () -- C:\Documents and Settings\Gilli\Desktop\hosts.zip
[2011/04/28 22:03:25 | 205,674,200 | ---- | M] () -- C:\Documents and Settings\Gilli\Desktop\100_235_PS_AIO_02_Full_NonNet_enu_NB.exe
[2011/04/28 22:02:20 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Gilli\Desktop\SpywareGuard LiveUpdate.lnk
[2011/04/28 22:02:20 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Gilli\Start Menu\Programs\Startup\SpywareGuard.lnk
[2011/04/28 22:02:20 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\Gilli\Desktop\SpywareGuard.lnk
[2011/04/28 21:58:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/04/28 21:57:56 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Gilli\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/28 21:57:55 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/28 21:56:16 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Gilli\Desktop\SpywareBlaster.lnk
[2011/04/28 21:39:53 | 000,045,093 | ---- | M] () -- C:\Documents and Settings\Gilli\Desktop\HP Installation Error - XP.hta
[2011/04/28 21:26:15 | 000,164,678 | ---- | M] () -- C:\WINDOWS\hpoins21.dat
[2011/04/28 21:11:09 | 000,001,858 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.5.lnk
[2011/04/28 21:10:22 | 000,001,960 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2011/04/28 20:57:23 | 000,116,918 | ---- | M] () -- C:\MGlogs.zip
[2011/04/28 20:26:38 | 000,000,331 | RHS- | M] () -- C:\boot.ini
[2011/04/28 19:15:23 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/28 17:04:24 | 000,469,718 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/28 17:04:24 | 000,080,758 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/28 17:00:52 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/28 16:41:30 | 000,000,215 | ---- | M] () -- C:\Boot.bak
[2011/04/28 16:32:54 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Gilli\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/27 21:44:49 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/04/27 21:44:45 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/27 21:02:33 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/04/27 20:53:21 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/04/27 20:51:33 | 000,282,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/27 17:51:20 | 002,418,162 | ---- | M] () -- C:\MGtools.exe
[2011/04/27 17:28:55 | 000,015,404 | -HS- | M] () -- C:\Documents and Settings\Gilli\Local Settings\Application Data\61q6o46e8220c14y4uxr01jg5f00adhtyl0247wa
[2011/04/27 17:28:55 | 000,015,404 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\61q6o46e8220c14y4uxr01jg5f00adhtyl0247wa
[2011/04/27 17:19:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/27 17:09:29 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Efevuqejak.dat
[2011/04/27 16:25:17 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/04/27 16:19:56 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/04/27 16:19:56 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/04/27 16:19:43 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/04/27 16:17:36 | 000,023,444 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/04/27 15:05:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Oseyafidac.bin
[2011/04/27 15:03:25 | 000,122,880 | RHS- | M] () -- C:\WINDOWS\System32\ssmyst9.dll
[2011/04/27 15:03:25 | 000,122,880 | RHS- | M] () -- C:\WINDOWS\System32\pifmgr9.dll
[2011/04/27 15:03:24 | 000,122,880 | RHS- | M] () -- C:\WINDOWS\System32\dskquouin.dll
[2011/04/27 14:32:07 | 000,163,633 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2011/04/26 10:15:41 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/19 15:59:54 | 000,516,042 | ---- | M] () -- C:\Documents and Settings\Gilli\My Documents\Baby Farenden Jackson 30weeks + 5 Days Scan.JPG
[2011/04/19 15:58:00 | 000,614,424 | ---- | M] () -- C:\Documents and Settings\Gilli\My Documents\3D Baby Face.JPG
[2011/04/19 15:57:37 | 000,516,042 | ---- | M] () -- C:\Documents and Settings\Gilli\My Documents\30wks + 5days Scan.JPG
[2011/04/18 18:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/04/18 18:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/04/18 18:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/18 18:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/04/18 18:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/04/18 18:16:06 | 000,102,488 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/04/18 18:16:02 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/04/18 18:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/04/18 18:13:02 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/04/18 18:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/04/18 17:28:35 | 037,977,088 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2011/04/18 17:28:34 | 018,449,408 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2011/04/18 16:46:13 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/04/15 16:07:31 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Gilli\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011/04/08 15:39:25 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Gilli\My Documents\Wedding acceptence.pub
[2011/04/08 15:36:58 | 000,002,461 | ---- | M] () -- C:\Documents and Settings\Gilli\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Publisher 2003.lnk
[2011/04/06 11:18:21 | 000,001,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/28 22:18:54 | 000,151,515 | ---- | C] () -- C:\Documents and Settings\Gilli\Desktop\hosts.zip
[2011/04/28 22:02:20 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Gilli\Desktop\SpywareGuard LiveUpdate.lnk
[2011/04/28 22:02:20 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Gilli\Start Menu\Programs\Startup\SpywareGuard.lnk
[2011/04/28 22:02:20 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\Gilli\Desktop\SpywareGuard.lnk
[2011/04/28 21:58:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/28 21:57:55 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Gilli\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/28 21:57:55 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/28 21:57:55 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/28 21:56:16 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Gilli\Desktop\SpywareBlaster.lnk
[2011/04/28 21:39:53 | 000,045,093 | ---- | C] () -- C:\Documents and Settings\Gilli\Desktop\HP Installation Error - XP.hta
[2011/04/28 21:10:22 | 000,001,960 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2011/04/28 21:05:15 | 000,164,678 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2011/04/28 21:05:15 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2011/04/28 20:53:56 | 000,116,918 | ---- | C] () -- C:\MGlogs.zip
[2011/04/28 20:53:53 | 002,418,162 | ---- | C] () -- C:\MGtools.exe
[2011/04/28 20:26:38 | 000,000,215 | ---- | C] () -- C:\Boot.bak
[2011/04/28 20:26:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/28 20:22:26 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/28 20:22:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/28 20:22:26 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/28 20:22:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/28 20:22:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/28 19:15:23 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/28 18:50:11 | 205,674,200 | ---- | C] () -- C:\Documents and Settings\Gilli\Desktop\100_235_PS_AIO_02_Full_NonNet_enu_NB.exe
[2011/04/28 17:00:52 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/27 21:44:49 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/04/27 17:26:37 | 000,015,404 | -HS- | C] () -- C:\Documents and Settings\Gilli\Local Settings\Application Data\61q6o46e8220c14y4uxr01jg5f00adhtyl0247wa
[2011/04/27 17:26:37 | 000,015,404 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\61q6o46e8220c14y4uxr01jg5f00adhtyl0247wa
[2011/04/27 17:19:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/27 16:22:53 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/04/27 16:22:22 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/04/27 16:22:12 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/04/27 16:22:11 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/04/27 16:22:09 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/04/27 16:21:59 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/04/27 16:21:52 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/04/27 16:21:30 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/04/27 16:04:57 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/04/27 16:04:57 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/04/27 16:04:57 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/04/27 16:04:57 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/04/27 16:04:57 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/04/27 16:04:57 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/04/27 16:04:57 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/04/27 15:05:28 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Efevuqejak.dat
[2011/04/27 15:05:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Oseyafidac.bin
[2011/04/27 15:03:21 | 000,122,880 | RHS- | C] () -- C:\WINDOWS\System32\ssmyst9.dll
[2011/04/27 15:03:21 | 000,122,880 | RHS- | C] () -- C:\WINDOWS\System32\pifmgr9.dll
[2011/04/27 15:03:21 | 000,122,880 | RHS- | C] () -- C:\WINDOWS\System32\dskquouin.dll
[2011/04/19 15:59:54 | 000,516,042 | ---- | C] () -- C:\Documents and Settings\Gilli\My Documents\Baby Farenden Jackson 30weeks + 5 Days Scan.JPG
[2011/04/19 15:58:00 | 000,614,424 | ---- | C] () -- C:\Documents and Settings\Gilli\My Documents\3D Baby Face.JPG
[2011/04/19 15:57:37 | 000,516,042 | ---- | C] () -- C:\Documents and Settings\Gilli\My Documents\30wks + 5days Scan.JPG
[2011/04/07 16:31:20 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Gilli\My Documents\Wedding acceptence.pub
[2011/04/06 11:18:21 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2010/02/16 18:27:18 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/02/16 18:27:11 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\UpdateDriver.exe
[2010/02/16 18:27:11 | 000,005,116 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini
[2010/02/16 18:27:10 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\RT2870.bin
[2009/12/04 10:53:59 | 000,023,123 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2009/11/27 17:00:05 | 000,077,350 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2009/11/10 20:58:29 | 001,354,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/09/10 15:30:42 | 000,116,840 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009/07/10 18:05:34 | 000,000,399 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/26 10:47:22 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Gilli\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/18 10:40:42 | 000,000,052 | ---- | C] () -- C:\WINDOWS\hpqwrap.INI
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/16 13:20:08 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2005/10/12 14:03:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2005/10/07 13:07:44 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Gilli.ini
[2005/10/03 15:59:55 | 000,001,292 | ---- | C] () -- C:\Documents and Settings\Gilli\Local Settings\Application Data\FASTWiz.html
[2005/10/03 13:11:39 | 000,000,271 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2005/10/03 11:47:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/30 11:14:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/30 11:12:33 | 000,083,471 | R--- | C] () -- C:\WINDOWS\VGAsetup.ini
[2005/09/30 11:12:33 | 000,035,026 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005/09/30 11:12:29 | 000,049,152 | ---- | C] () -- C:\WINDOWS\InstFunc.exe
[2005/09/30 10:59:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2005/09/30 10:59:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2005/09/30 10:59:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2005/09/30 10:56:29 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/09/30 10:55:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/09/30 10:55:03 | 000,003,926 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2005/09/30 10:55:02 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005/09/30 10:54:21 | 000,282,128 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/09/30 10:20:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/09/30 10:12:01 | 000,023,444 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,469,718 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,080,758 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/10/21 22:29:26 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\Jpegpriv.dll
[2000/10/21 22:29:26 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\JpegCode.dll

========== LOP Check ==========

[2011/04/27 21:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/06 11:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/03/08 11:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/06/22 08:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2010/03/02 10:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2008/12/22 12:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/07/27 13:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2011/04/28 21:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/07 14:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{0310DF63-1877-4629-A86D-90A10BD5C548}
[2011/02/05 09:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{41054FB7-AE0F-4DCF-9073-74BC03EFC472}
[2010/10/25 16:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{49FC035F-4D1B-4459-B8B7-1EF5D11C6BAC}
[2011/03/19 16:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A2A58654-12AA-408A-B411-58A76959BE7F}
[2011/04/27 17:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilli\Application Data\Asbiiw
[2011/04/27 16:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilli\Application Data\Efwya
[2010/02/16 18:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilli\Application Data\Facebook
[2010/02/14 16:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilli\Application Data\MSNInstaller
[2010/03/02 10:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilli\Application Data\Nokia
[2011/04/28 18:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilli\Application Data\Osonov
[2011/04/28 20:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilli\Application Data\Oxyc
[2010/06/20 09:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilli\Application Data\PC Suite
[2010/10/07 16:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilli\Application Data\Skinux
[2010/07/21 15:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilli\Application Data\VIRGINMEDIATOOLBAR
[2010/02/16 19:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilli\Application Data\Windows Desktop Search
[2010/07/15 14:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilli\Application Data\Windows Search
[2011/04/29 15:33:08 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2006/05/29 02:33:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\Disc Defrag.job
[2011/04/29 15:21:02 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A01C03DB-872A-4DA0-A521-43DC3FA62DC0}.job
[2011/04/29 15:36:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F2CD3050-988F-4A9B-B8A5-396F3AB4127C}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Edited by WigglesGRN, 29 April 2011 - 09:07 AM.

  • 0

Advertisements

#2
Essexboy
Posted 29 April 2011 - 11:11 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there on completion of these runs can you let me know what problems remain

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-CFC3-3CECC9AB2EDA} - No CLSID value found.
    O4 - HKCU..\Run: [{C0695248-403D-F9F5-D7F3-EAE9822F2566}] File not found
    O4 - HKCU..\Run: [{EA078DD4-9E1E-380F-5DB8-938D97002912}] File not found
    O4 - HKCU..\Run: [GHWAUC6NNZ] File not found
    O4 - HKCU..\Run: [NtWqIVLZEWZU] File not found
    O4 - HKCU..\Run: [Ulafogaxeyuvasax] File not found
    [2011/04/27 16:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilli\Application Data\Osonov
    [2011/04/27 16:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilli\Application Data\Asbiiw
    [2011/04/27 15:16:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilli\Application Data\Oxyc
    [2011/04/27 15:16:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilli\Application Data\Efwya
    [2011/04/27 17:28:55 | 000,015,404 | -HS- | M] () -- C:\Documents and Settings\Gilli\Local Settings\Application Data\61q6o46e8220c14y4uxr01jg5f00adhtyl0247wa
    [2011/04/27 17:28:55 | 000,015,404 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\61q6o46e8220c14y4uxr01jg5f00adhtyl0247wa
    [2011/04/27 17:09:29 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Efevuqejak.dat
    [2011/04/27 15:05:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Oseyafidac.bin
    [2011/04/27 15:03:25 | 000,122,880 | RHS- | M] () -- C:\WINDOWS\System32\ssmyst9.dll
    [2011/04/27 15:03:25 | 000,122,880 | RHS- | M] () -- C:\WINDOWS\System32\pifmgr9.dll
    [2011/04/27 15:03:24 | 000,122,880 | RHS- | M] () -- C:\WINDOWS\System32\dskquouin.dll

    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\Gilli\Local Settings\Application Data\61q6o46e8220c14y4uxr01jg5f00adhtyl0247wa
    C:\Documents and Settings\All Users\Application Data\61q6o46e8220c14y4uxr01jg5f00adhtyl0247wa

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#3
WigglesGRN
Posted 29 April 2011 - 12:05 PM

WigglesGRN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Currently running the MBAM scan now although in the second OTL scan i did get the pop up from avast saying about the Malicious URL again twice, will check windows update after the MBAM scan runs and will post logs in due course

Again thanks for the help so far

WigglesGRN
  • 0

#4
WigglesGRN
Posted 29 April 2011 - 12:45 PM

WigglesGRN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
the pop up about the missing DLL file has seem to stopped (fingers crossed) but the windows update issue is still there (internet explorer can not display the webpage)

Thanks for the help so far

WigglesGRN


Ok here are the logs

OTL:


OTL logfile created on: 29/04/2011 18:53:24 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Gilli\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format:

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 3.67 Gb Free Space | 9.85% Space Free | Partition Type: NTFS
Drive E: | 3.73 Gb Total Space | 3.28 Gb Free Space | 88.14% Space Free | Partition Type: FAT32

Computer Name: PAIRENTSPC | User Name: Gilli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/29 18:44:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gilli\My Documents\Downloads\OTL.exe
PRC - [2011/04/20 16:57:04 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/04/18 18:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/04/18 18:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/04/18 18:25:09 | 000,121,000 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2011/03/07 12:21:00 | 000,107,008 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
PRC - [2011/01/31 13:16:40 | 000,703,360 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
PRC - [2010/12/08 15:31:06 | 000,628,736 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/11/24 15:26:00 | 001,233,856 | ---- | M] (Simply Super Software) -- C:\Program Files\Trojan Remover\Trjscan.exe
PRC - [2010/11/23 18:49:24 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010/11/16 15:48:32 | 000,152,576 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010/01/27 09:40:58 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2009/10/27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/04/08 10:34:06 | 001,662,976 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D8055\v2\Belkinwcui.exe
PRC - [2009/03/08 05:31:54 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msfeedssync.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/02/23 11:13:10 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (SafeList) ==========

MOD - [2011/04/29 18:44:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gilli\My Documents\Downloads\OTL.exe
MOD - [2011/04/18 18:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/18 18:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/18 18:25:09 | 000,121,000 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2010/12/08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - [2011/04/18 18:18:45 | 000,102,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2011/04/18 18:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 18:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 18:17:20 | 000,192,984 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2011/04/18 18:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 18:16:06 | 000,102,488 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/04/18 18:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 18:13:02 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/04/18 18:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/04/18 17:49:53 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2010/07/30 15:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/07/30 15:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/07/30 15:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/07/30 15:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/12 02:40:28 | 000,019,200 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2010/04/12 02:17:36 | 000,324,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/04/04 16:08:08 | 000,713,344 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/12/19 17:00:56 | 000,011,648 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpnucmp.sys -- (HPNUCMP)
DRV - [2006/12/19 17:00:50 | 000,011,136 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpnuhst.sys -- (hpnuhst)
DRV - [2006/12/19 17:00:44 | 000,037,248 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpnuhub.sys -- (HPNUHUB)
DRV - [2006/01/19 22:10:50 | 000,363,008 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2005/10/03 13:18:08 | 000,189,908 | ---- | M] (Zoran Microelectronics Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CoachWdm.sys -- (CoachWdm)
DRV - [2005/02/24 07:20:22 | 002,311,680 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/11/05 04:29:30 | 000,121,728 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys -- (SiSGbeXP)
DRV - [2000/10/15 17:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://uk.msn.com/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/05/25 10:03:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/04 10:57:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/03/09 15:47:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/04/27 21:44:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/28 21:57:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/03/09 15:47:29 | 000,000,000 | ---D | M]

[2011/04/28 21:58:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gilli\Application Data\Mozilla\Extensions
[2011/04/28 21:57:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/04/27 21:44:33 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/02/16 21:02:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 17:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/04/29 18:46:09 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [F5D8055v2] C:\Program Files\Belkin\F5D8055\v2\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\Gilli\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....ek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1128332850703 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1148978116000 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} http://downloads.vir...er1/xp_mail.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Gilli\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gilli\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/30 10:15:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/04/27 22:10:16 | 000,000,016 | -H-- | M] () - E:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{483e6160-d218-11df-9b0e-002275408818}\Shell - "" = AutoRun
O33 - MountPoints2\{483e6160-d218-11df-9b0e-002275408818}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{483e6160-d218-11df-9b0e-002275408818}\Shell\AutoRun\command - "" = F:\KODAK_Software_Downloader.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/29 18:46:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/29 18:26:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilli\My Documents\Simply Super Software
[2011/04/29 18:26:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trojan Remover
[2011/04/29 18:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2011/04/29 18:26:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilli\Application Data\Simply Super Software
[2011/04/29 18:26:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2011/04/29 18:17:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gilli\Recent
[2011/04/29 18:12:35 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/04/29 18:07:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hitman Pro 3.5
[2011/04/29 18:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/04/29 18:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/04/29 17:54:54 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2011/04/29 17:54:39 | 000,192,984 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2011/04/29 17:54:37 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2011/04/29 17:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Internet Security
[2011/04/28 22:19:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilli\Desktop\hosts
[2011/04/28 22:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2011/04/28 22:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareGuard
[2011/04/28 22:01:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilli\My Documents\Downloads
[2011/04/28 21:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilli\Local Settings\Application Data\Mozilla
[2011/04/28 21:58:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilli\Application Data\Mozilla
[2011/04/28 21:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/04/28 21:56:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/28 21:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/04/28 21:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/04/28 21:47:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/28 21:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2011/04/28 20:53:36 | 000,000,000 | ---D | C] -- C:\MGTools
[2011/04/28 20:42:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/28 20:26:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/28 20:22:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/28 20:21:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/28 19:21:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/04/28 19:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/04/28 19:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/28 17:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/04/28 17:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/04/28 17:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/27 21:44:49 | 000,307,288 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/04/27 21:44:49 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/04/27 21:44:47 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/04/27 21:44:46 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/27 21:44:46 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/04/27 21:44:45 | 000,102,488 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/04/27 21:44:45 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/04/27 21:44:44 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/04/27 21:44:31 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/04/27 21:44:30 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/04/27 21:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/04/27 21:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/27 21:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilli\Application Data\SUPERAntiSpyware.com
[2011/04/27 20:52:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/04/27 20:28:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/04/27 17:59:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/27 17:19:32 | 000,000,000 | ---D | C] -- C:\fe7425e4a7ef88f65276324cdaaabd
[2011/04/27 17:02:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/27 16:23:02 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/04/27 16:23:02 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/04/27 16:21:27 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/04/27 15:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/27 15:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/04/27 15:13:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/27 15:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/27 15:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilli\Local Settings\Application Data\{38D68470-C99F-456A-B49C-FB15EF747F88}
[2011/04/06 11:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nokia PC Suite
[2011/04/06 11:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/29 18:56:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F2CD3050-988F-4A9B-B8A5-396F3AB4127C}.job
[2011/04/29 18:54:09 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A01C03DB-872A-4DA0-A521-43DC3FA62DC0}.job
[2011/04/29 18:52:00 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/29 18:49:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/29 18:46:09 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/29 18:40:26 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/04/29 18:33:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/04/29 18:18:55 | 000,354,602 | ---- | M] () -- C:\Documents and Settings\Gilli\My Documents\cc_20110429_181837.reg
[2011/04/29 18:12:35 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/04/29 18:07:34 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/04/29 17:54:39 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/29 17:54:01 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2011/04/29 16:06:00 | 000,282,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/28 22:18:54 | 000,151,515 | ---- | M] () -- C:\Documents and Settings\Gilli\Desktop\hosts.zip
[2011/04/28 22:03:25 | 205,674,200 | ---- | M] () -- C:\Documents and Settings\Gilli\Desktop\100_235_PS_AIO_02_Full_NonNet_enu_NB.exe
[2011/04/28 22:02:20 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Gilli\Desktop\SpywareGuard LiveUpdate.lnk
[2011/04/28 22:02:20 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Gilli\Start Menu\Programs\Startup\SpywareGuard.lnk
[2011/04/28 22:02:20 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\Gilli\Desktop\SpywareGuard.lnk
[2011/04/28 21:58:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/04/28 21:57:56 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Gilli\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/28 21:57:55 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/28 21:56:16 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Gilli\Desktop\SpywareBlaster.lnk
[2011/04/28 21:39:53 | 000,045,093 | ---- | M] () -- C:\Documents and Settings\Gilli\Desktop\HP Installation Error - XP.hta
[2011/04/28 21:26:15 | 000,164,678 | ---- | M] () -- C:\WINDOWS\hpoins21.dat
[2011/04/28 21:11:09 | 000,001,858 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.5.lnk
[2011/04/28 21:10:22 | 000,001,960 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2011/04/28 20:57:23 | 000,116,918 | ---- | M] () -- C:\MGlogs.zip
[2011/04/28 20:26:38 | 000,000,331 | RHS- | M] () -- C:\boot.ini
[2011/04/28 19:15:23 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/28 17:04:24 | 000,469,718 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/28 17:04:24 | 000,080,758 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/28 17:00:52 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/28 16:41:30 | 000,000,215 | ---- | M] () -- C:\Boot.bak
[2011/04/28 16:32:54 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Gilli\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/27 21:02:33 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/04/27 20:53:21 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/04/27 17:51:20 | 002,418,162 | ---- | M] () -- C:\MGtools.exe
[2011/04/27 17:19:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/27 16:25:17 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/04/27 16:19:56 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/04/27 16:19:56 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/04/27 16:19:43 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/04/27 16:17:36 | 000,023,444 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/04/27 14:32:07 | 000,163,633 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2011/04/26 10:15:41 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/19 15:59:54 | 000,516,042 | ---- | M] () -- C:\Documents and Settings\Gilli\My Documents\Baby Farenden Jackson 30weeks + 5 Days Scan.JPG
[2011/04/19 15:58:00 | 000,614,424 | ---- | M] () -- C:\Documents and Settings\Gilli\My Documents\3D Baby Face.JPG
[2011/04/19 15:57:37 | 000,516,042 | ---- | M] () -- C:\Documents and Settings\Gilli\My Documents\30wks + 5days Scan.JPG
[2011/04/18 18:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/04/18 18:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/04/18 18:18:45 | 000,102,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2011/04/18 18:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/18 18:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/04/18 18:17:20 | 000,192,984 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2011/04/18 18:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/04/18 18:16:06 | 000,102,488 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/04/18 18:16:02 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/04/18 18:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/04/18 18:13:02 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/04/18 18:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/04/18 17:49:53 | 000,012,112 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2011/04/18 17:28:35 | 037,977,088 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2011/04/18 17:28:34 | 018,449,408 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2011/04/18 16:46:13 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/04/15 16:07:31 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Gilli\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011/04/08 15:39:25 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Gilli\My Documents\Wedding acceptence.pub
[2011/04/08 15:36:58 | 000,002,461 | ---- | M] () -- C:\Documents and Settings\Gilli\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Publisher 2003.lnk
[2011/04/06 11:18:21 | 000,001,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/29 18:26:11 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2011/04/29 18:26:11 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2011/04/29 18:26:11 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2011/04/29 18:26:10 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2011/04/29 18:18:41 | 000,354,602 | ---- | C] () -- C:\Documents and Settings\Gilli\My Documents\cc_20110429_181837.reg
[2011/04/29 18:07:35 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/04/29 18:07:34 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/04/29 17:54:01 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2011/04/28 22:18:54 | 000,151,515 | ---- | C] () -- C:\Documents and Settings\Gilli\Desktop\hosts.zip
[2011/04/28 22:02:20 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Gilli\Desktop\SpywareGuard LiveUpdate.lnk
[2011/04/28 22:02:20 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Gilli\Start Menu\Programs\Startup\SpywareGuard.lnk
[2011/04/28 22:02:20 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\Gilli\Desktop\SpywareGuard.lnk
[2011/04/28 21:58:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/28 21:57:55 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Gilli\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/28 21:57:55 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/28 21:57:55 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/28 21:56:16 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Gilli\Desktop\SpywareBlaster.lnk
[2011/04/28 21:39:53 | 000,045,093 | ---- | C] () -- C:\Documents and Settings\Gilli\Desktop\HP Installation Error - XP.hta
[2011/04/28 21:10:22 | 000,001,960 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2011/04/28 21:05:15 | 000,164,678 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2011/04/28 21:05:15 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2011/04/28 20:53:56 | 000,116,918 | ---- | C] () -- C:\MGlogs.zip
[2011/04/28 20:53:53 | 002,418,162 | ---- | C] () -- C:\MGtools.exe
[2011/04/28 20:26:38 | 000,000,215 | ---- | C] () -- C:\Boot.bak
[2011/04/28 20:26:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/28 19:15:23 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/28 18:50:11 | 205,674,200 | ---- | C] () -- C:\Documents and Settings\Gilli\Desktop\100_235_PS_AIO_02_Full_NonNet_enu_NB.exe
[2011/04/28 17:00:52 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/27 17:19:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/27 16:22:53 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/04/27 16:22:22 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/04/27 16:22:12 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/04/27 16:22:11 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/04/27 16:22:09 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/04/27 16:21:59 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/04/27 16:21:52 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/04/27 16:21:30 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/04/27 16:04:57 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/04/27 16:04:57 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/04/27 16:04:57 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/04/27 16:04:57 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/04/27 16:04:57 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/04/27 16:04:57 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/04/27 16:04:57 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/04/19 15:59:54 | 000,516,042 | ---- | C] () -- C:\Documents and Settings\Gilli\My Documents\Baby Farenden Jackson 30weeks + 5 Days Scan.JPG
[2011/04/19 15:58:00 | 000,614,424 | ---- | C] () -- C:\Documents and Settings\Gilli\My Documents\3D Baby Face.JPG
[2011/04/19 15:57:37 | 000,516,042 | ---- | C] () -- C:\Documents and Settings\Gilli\My Documents\30wks + 5days Scan.JPG
[2011/04/07 16:31:20 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Gilli\My Documents\Wedding acceptence.pub
[2011/04/06 11:18:21 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2010/02/16 18:27:18 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/02/16 18:27:11 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\UpdateDriver.exe
[2010/02/16 18:27:11 | 000,005,116 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini
[2010/02/16 18:27:10 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\RT2870.bin
[2009/12/04 10:53:59 | 000,023,123 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2009/11/27 17:00:05 | 000,077,350 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2009/11/10 20:58:29 | 001,354,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/09/10 15:30:42 | 000,116,840 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009/07/10 18:05:34 | 000,000,399 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/26 10:47:22 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Gilli\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/18 10:40:42 | 000,000,052 | ---- | C] () -- C:\WINDOWS\hpqwrap.INI
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/16 13:20:08 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2005/10/12 14:03:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2005/10/07 13:07:44 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Gilli.ini
[2005/10/03 15:59:55 | 000,001,292 | ---- | C] () -- C:\Documents and Settings\Gilli\Local Settings\Application Data\FASTWiz.html
[2005/10/03 13:11:39 | 000,000,271 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2005/10/03 11:47:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/30 11:14:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/30 11:12:33 | 000,083,471 | R--- | C] () -- C:\WINDOWS\VGAsetup.ini
[2005/09/30 11:12:33 | 000,035,026 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005/09/30 11:12:29 | 000,049,152 | ---- | C] () -- C:\WINDOWS\InstFunc.exe
[2005/09/30 10:59:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2005/09/30 10:59:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2005/09/30 10:59:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2005/09/30 10:56:29 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/09/30 10:55:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/09/30 10:55:03 | 000,003,926 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2005/09/30 10:55:02 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005/09/30 10:54:21 | 000,282,128 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/09/30 10:20:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/09/30 10:12:01 | 000,023,444 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,469,718 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,080,758 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/10/21 22:29:26 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\Jpegpriv.dll
[2000/10/21 22:29:26 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\JpegCode.dll

========== LOP Check ==========

[2011/04/27 21:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/29 18:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/04/06 11:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/03/08 11:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/06/22 08:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2010/03/02 10:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2008/12/22 12:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/07/27 13:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2011/04/29 18:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2011/04/28 21:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/07 14:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{0310DF63-1877-4629-A86D-90A10BD5C548}
[2011/02/05 09:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{41054FB7-AE0F-4DCF-9073-74BC03EFC472}
[2010/10/25 16:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{49FC035F-4D1B-4459-B8B7-1EF5D11C6BAC}
[2011/03/19 16:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A2A58654-12AA-408A-B411-58A76959BE7F}
[2010/02/16 18:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilli\Application Data\Facebook
[2010/02/14 16:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilli\Application Data\MSNInstaller
[2010/03/02 10:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilli\Application Data\Nokia
[2010/06/20 09:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilli\Application Data\PC Suite
[2011/04/29 18:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilli\Application Data\Simply Super Software
[2010/10/07 16:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilli\Application Data\Skinux
[2010/07/21 15:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilli\Application Data\VIRGINMEDIATOOLBAR
[2010/02/16 19:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilli\Application Data\Windows Desktop Search
[2010/07/15 14:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilli\Application Data\Windows Search
[2011/04/29 18:33:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2006/05/29 02:33:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\Disc Defrag.job
[2011/04/29 18:54:09 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A01C03DB-872A-4DA0-A521-43DC3FA62DC0}.job
[2011/04/29 18:56:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F2CD3050-988F-4A9B-B8A5-396F3AB4127C}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >



MBAM log:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6474

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29/04/2011 19:28:26
mbam-log-2011-04-29 (19-28-26).txt

Scan type: Quick scan
Objects scanned: 245014
Time elapsed: 23 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\GHWAUC6NNZ (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#5
Essexboy
Posted 29 April 2011 - 01:59 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that is all visible malware gone so lets look a tad deeper

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image
Click the "Scan" button to start scan


Posted Image
On completion of the scan click save log, save it to your desktop and post in your next reply


I see you have also ran Combofix - could I see the log please
  • 0

#6
WigglesGRN
Posted 29 April 2011 - 06:28 PM

WigglesGRN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
the combofix didnt run properly before so have re-run it:

here is the aswMBR log:

aswMBR version 0.9.5 Copyright© 2011 AVAST Software
Run date: 2011-04-30 00:19:14
-----------------------------
00:19:14.984 OS Version: Windows 5.1.2600 Service Pack 3
00:19:14.984 Number of processors: 1 586 0x2C02
00:19:14.984 ComputerName: PAIRENTSPC UserName: Gilli
00:19:22.406 Initialize success
00:19:27.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
00:19:27.406 Disk 0 Vendor: SAMSUNG_HD040GJ WY100-33 Size: 38164MB BusType: 3
00:19:27.406 Device \Driver\atapi -> DriverStartIo 8a11957b
00:19:29.406 Disk 0 MBR read successfully
00:19:29.406 Disk 0 MBR scan
00:19:29.406 Disk 0 TDL4@MBR code has been found
00:19:29.406 Disk 0 MBR hidden
00:19:29.406 Disk 0 MBR [TDL4] **ROOTKIT**
00:19:29.406 Disk 0 trace - called modules:
00:19:29.406 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a119730]<<
00:19:29.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a189ab8]
00:19:29.421 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000006c[0x8a1cd9e8]
00:19:29.421 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> [0x8a1b2d98]
00:19:29.421 \Driver\atapi[0x8a15e6b0] -> IRP_MJ_CREATE -> 0x8a119730
00:19:29.437 Scan finished successfully
00:20:01.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Gilli\Desktop\MBR.dat"
00:20:01.593 The log file has been saved successfully to "C:\Documents and Settings\Gilli\Desktop\aswMBR.txt"


Combo fix log:

ComboFix 11-04-29.02 - Gilli 30/04/2011 1:08.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1407.722 [GMT 1:00]
Running from: c:\documents and settings\Gilli\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-30 )))))))))))))))))))))))))))))))
.
.
2011-04-29 18:37 . 2011-04-29 18:37 -------- d-----w- c:\documents and settings\Jess\Application Data\Malwarebytes
2011-04-29 17:46 . 2011-04-29 17:46 -------- dc----w- C:\_OTL
2011-04-29 17:26 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-04-29 17:26 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-04-29 17:26 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-04-29 17:26 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-04-29 17:26 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-04-29 17:26 . 2011-04-29 17:26 -------- d-----w- c:\program files\Trojan Remover
2011-04-29 17:26 . 2011-04-29 17:26 -------- d-----w- c:\documents and settings\Gilli\Application Data\Simply Super Software
2011-04-29 17:26 . 2011-04-29 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2011-04-29 17:12 . 2011-04-29 17:12 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-04-29 17:07 . 2011-04-29 17:40 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-29 17:07 . 2011-04-29 17:07 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-04-29 17:07 . 2011-04-29 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-04-29 16:54 . 2011-04-18 17:18 102232 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-04-29 16:54 . 2011-04-18 17:17 192984 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-04-29 16:54 . 2011-04-18 16:49 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-04-28 21:32 . 2011-04-28 21:32 -------- d-----w- c:\documents and settings\Administrator.PAIRENTSPC.002\Local Settings\Application Data\Mozilla
2011-04-28 21:02 . 2011-04-28 21:03 -------- d-----w- c:\program files\SpywareGuard
2011-04-28 20:58 . 2011-04-28 20:58 -------- d-----w- c:\documents and settings\Gilli\Local Settings\Application Data\Mozilla
2011-04-28 20:56 . 2011-04-30 00:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-04-28 20:56 . 2011-04-30 00:02 -------- d-----w- c:\program files\SpywareBlaster
2011-04-28 20:08 . 2011-04-28 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2011-04-28 20:06 . 2007-11-02 02:28 729088 ----a-w- c:\windows\system32\hpowiax5.dll
2011-04-28 20:06 . 2007-11-02 02:28 303104 ----a-w- c:\windows\system32\hpovst12.dll
2011-04-28 20:06 . 2007-11-02 02:28 970752 ----a-w- c:\windows\system32\hpotiop5.dll
2011-04-28 20:06 . 2007-11-02 02:28 364544 ----a-w- c:\windows\system32\hppldcoi.dll
2011-04-28 20:06 . 2007-11-02 02:28 309760 ----a-w- c:\windows\system32\difxapi.dll
2011-04-28 19:57 . 2011-04-28 19:57 -------- d-----w- c:\documents and settings\Administrator.PAIRENTSPC.002\Local Settings\Application Data\ApplicationHistory
2011-04-28 19:53 . 2011-04-27 16:51 2418162 -c--a-w- C:\MGtools.exe
2011-04-28 19:53 . 2011-04-28 19:57 -------- dc----w- C:\MGTools
2011-04-28 18:15 . 2011-04-28 18:15 -------- d-----w- c:\program files\CCleaner
2011-04-28 16:28 . 2011-04-28 16:28 -------- d-sh--w- c:\documents and settings\Administrator.PAIRENTSPC.002\IECompatCache
2011-04-28 16:28 . 2011-04-28 16:28 -------- d-sh--w- c:\documents and settings\Administrator.PAIRENTSPC.002\PrivacIE
2011-04-28 16:24 . 2011-04-28 16:24 -------- d-sh--w- c:\documents and settings\Administrator.PAIRENTSPC.002\IETldCache
2011-04-28 16:00 . 2011-04-28 16:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-27 20:44 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-27 20:44 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-27 20:44 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-27 20:44 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-27 20:44 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-27 20:44 . 2011-04-18 17:16 102488 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-04-27 20:44 . 2011-04-18 17:16 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-04-27 20:44 . 2011-04-18 17:13 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-04-27 20:44 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr
2011-04-27 20:44 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-27 20:44 . 2011-04-27 20:44 -------- d-----w- c:\program files\AVAST Software
2011-04-27 20:44 . 2011-04-27 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-04-27 20:10 . 2011-04-27 20:10 -------- d-----w- c:\documents and settings\Gilli\Application Data\SUPERAntiSpyware.com
2011-04-27 19:43 . 2008-04-14 04:42 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll
2011-04-27 19:43 . 2008-04-13 21:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2011-04-27 16:59 . 2011-04-27 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-27 16:59 . 2011-04-27 16:59 -------- d-----w- c:\documents and settings\Administrator.PAIRENTSPC.002\Application Data\SUPERAntiSpyware.com
2011-04-27 16:37 . 2011-04-27 16:37 -------- d-----w- c:\documents and settings\Administrator.PAIRENTSPC.002\Application Data\Malwarebytes
2011-04-27 16:19 . 2011-04-27 16:19 -------- dc----w- C:\fe7425e4a7ef88f65276324cdaaabd
2011-04-27 15:22 . 2004-08-04 12:00 14848 -c--a-w- c:\windows\system32\dllcache\register.exe
2011-04-27 15:21 . 2008-04-14 04:39 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
2011-04-27 15:20 . 2001-08-17 21:36 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2011-04-27 15:18 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-04-27 15:18 . 2004-08-04 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-04-27 15:05 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-04-27 15:05 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-04-27 15:05 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-04-27 15:05 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-04-27 14:14 . 2011-04-28 16:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-04-27 14:05 . 2011-04-28 19:37 -------- d-----w- c:\documents and settings\Gilli\Local Settings\Application Data\{38D68470-C99F-456A-B49C-FB15EF747F88}
2011-04-14 02:39 . 2011-04-14 02:39 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-04-06 10:18 . 2011-04-06 10:18 -------- d-----w- c:\program files\Common Files\PCSuite
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 16:41 . 2011-04-28 20:57 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-01-31 703360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-20 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SiSPower"="SiSPower.dll" [2005-01-04 49152]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"F5D8055v2"="c:\program files\Belkin\F5D8055\v2\Belkinwcui.exe" [2009-04-08 1662976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2011-03-07 107008]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 77824]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2011-04-29 6449984]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-11-24 1233856]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Gilli\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
.
R1 MpKsl17dc63a5;MpKsl17dc63a5;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2243CBC7-C3C6-4332-A7D2-E9B51145E63A}\MpKsl17dc63a5.sys [x]
R1 MpKsl2c40522c;MpKsl2c40522c;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45A1B101-5CB8-4C99-A2F4-58CFE3B686E2}\MpKsl2c40522c.sys [x]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2011-04-18 121000]
R2 CoachWdm;Samsung Digimax 210SE Camera;c:\windows\system32\Drivers\CoachWdm.sys [2005-10-03 189908]
R3 HPNUCMP;HP NUSB Composite;c:\windows\system32\DRIVERS\hpnucmp.sys [2006-12-19 11648]
R3 RTLWUSB;Wireless Adapter;c:\windows\system32\DRIVERS\hpl8187.sys [x]
R3 SjyPkt;SjyPkt;c:\windows\System32\Drivers\SjyPkt.sys [x]
R3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\DRIVERS\ss.sys [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-04-18 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 aswFsBlk;aswFsBlk; [x]
S3 hpnuhst;HP NUSB Host;c:\windows\system32\DRIVERS\hpnuhst.sys [2006-12-19 11136]
S3 HPNUHUB;HP NUSB Hub;c:\windows\system32\DRIVERS\hpnuhub.sys [2006-12-19 37248]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-29 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
2006-05-29 c:\windows\Tasks\Disc Defrag.job
- c:\windows\system32\defrag.exe [2004-08-04 04:42]
.
2011-04-29 c:\windows\Tasks\User_Feed_Synchronization-{A01C03DB-872A-4DA0-A521-43DC3FA62DC0}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
.
2011-04-29 c:\windows\Tasks\User_Feed_Synchronization-{F2CD3050-988F-4A9B-B8A5-396F3AB4127C}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com\update
FF - ProfilePath - c:\documents and settings\Gilli\Application Data\Mozilla\Firefox\Profiles\v12a45mz.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.msn.com/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-30 01:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HD040GJ rev.WY100-33 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A11957B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1324)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(4052)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-04-30 01:27:36
ComboFix-quarantined-files.txt 2011-04-30 00:27
ComboFix2.txt 2011-04-30 00:01
.
Pre-Run: 3,856,601,088 bytes free
Post-Run: 3,866,509,312 bytes free
.
- - End Of File - - 8F5939998F320DADEFD8B57DC31A3800
  • 0

#7
WigglesGRN
Posted 29 April 2011 - 06:29 PM

WigglesGRN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I am also getting re-directs on pages ie going to http://www.kuluey.com/ and the like when i dont even open a search page

another update it seems i had the Rootkit.Win32.TDSS running too which none of the other scans picked up so i used http://support.kaspe...uses/rescuedisk via a usb flash drive to clean it and when it rebooted windows reinstalled a driver for my hard drive. Also i have tried the http://support.microsoft.com/kb/971058 to reset my windows update and it seems to have reset it to a working state, I will update ongoing

Edited by WigglesGRN, 29 April 2011 - 08:38 PM.

  • 0

#8
Essexboy
Posted 30 April 2011 - 04:18 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep ASWMbr showed TDL 4 - you could have used that to cure it (my next step)

What are your current problems ?
  • 0

#9
WigglesGRN
Posted 30 April 2011 - 05:55 AM

WigglesGRN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Multi post ... please nuke

Edited by WigglesGRN, 30 April 2011 - 05:59 AM.

  • 0

#10
WigglesGRN
Posted 30 April 2011 - 05:57 AM

WigglesGRN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ASWMbr did have a problem that could be "fixed" so i did that but i also ran the Rescue Disc and that found another root kit which was cleaned outside of the windows OS via the linux based rescue Disc. Currently I can not see any problems, no re-directs (touch wood) and no pop ups saying about invalid DLLS. Just finishing off the windows updates that were missed. Do you want an OTL Log to go over to check?

WigglesGRN
  • 0

Advertisements

#11
Essexboy
Posted 30 April 2011 - 06:03 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes please.. What was the rootkit found ? If it was related to the TDL then aswmbr would have fixed that as well
  • 0

#12
WigglesGRN
Posted 30 April 2011 - 06:13 AM

WigglesGRN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Rootkit.Win32.TDSS was the root kit found via the kaspersky rescue disc, after running ASWMbr is found and cleaned one but I rebooted and still could not access update etc so i decided to run the Kaspersky rescue disc on a hunch and the fact that it was 4am and I was getting frustrated with the system. I guess that paid off as it found the TDDS kit and cleaned it. Strange thing was that I could not use the TDSS killer app from Kaspersky it would crash at 80% so that is what made me think about doing a scan outside of windows.

Another curious thing, I could not post to this forum or indeed anything that required editing a file before, but now i can ... strange huh?

OTL Log:

OTL logfile created on: 30/04/2011 13:08:20 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Gilli\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format:

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 1.37 Gb Free Space | 3.68% Space Free | Partition Type: NTFS

Computer Name: PAIRENTSPC | User Name: Gilli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/29 18:44:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gilli\My Documents\Downloads\OTL.exe
PRC - [2011/04/20 16:57:04 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/04/18 18:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/04/18 18:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/04/18 18:25:09 | 000,121,000 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2011/03/07 12:21:00 | 000,107,008 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
PRC - [2011/01/31 13:16:40 | 000,703,360 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
PRC - [2010/12/08 15:31:06 | 000,628,736 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/11/23 18:49:24 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010/11/16 15:48:32 | 000,152,576 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010/11/15 14:41:18 | 000,367,496 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
PRC - [2010/05/11 11:11:58 | 000,134,144 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2010/01/27 09:40:58 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2009/10/27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/04/08 10:34:06 | 001,662,976 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D8055\v2\Belkinwcui.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/02/23 11:13:10 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (SafeList) ==========

MOD - [2011/04/29 18:44:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gilli\My Documents\Downloads\OTL.exe
MOD - [2011/04/18 18:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/18 18:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/18 18:25:09 | 000,121,000 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2010/12/08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - [2011/04/18 18:18:45 | 000,102,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2011/04/18 18:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 18:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 18:17:20 | 000,192,984 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2011/04/18 18:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 18:16:06 | 000,102,488 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/04/18 18:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 18:13:02 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/04/18 18:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/04/18 17:49:53 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2010/10/26 04:12:36 | 000,019,200 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2010/10/26 03:39:24 | 000,325,120 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2010/07/30 15:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/07/30 15:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/07/30 15:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/07/30 15:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/04/04 16:08:08 | 000,713,344 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/12/19 17:00:56 | 000,011,648 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpnucmp.sys -- (HPNUCMP)
DRV - [2006/12/19 17:00:50 | 000,011,136 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpnuhst.sys -- (hpnuhst)
DRV - [2006/12/19 17:00:44 | 000,037,248 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpnuhub.sys -- (HPNUHUB)
DRV - [2006/01/19 22:10:50 | 000,363,008 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2005/10/03 13:18:08 | 000,189,908 | ---- | M] (Zoran Microelectronics Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CoachWdm.sys -- (CoachWdm)
DRV - [2005/02/24 07:20:22 | 002,311,680 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/11/05 04:29:30 | 000,121,728 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys -- (SiSGbeXP)
DRV - [2000/10/15 17:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://uk.msn.com/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/05/25 10:03:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/04 10:57:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/03/09 15:47:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/04/27 21:44:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/28 21:57:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/03/09 15:47:29 | 000,000,000 | ---D | M]

[2011/04/28 21:58:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gilli\Application Data\Mozilla\Extensions
[2011/04/28 21:57:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/04/27 21:44:33 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/02/16 21:02:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 17:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [F5D8055v2] C:\Program Files\Belkin\F5D8055\v2\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\Gilli\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....ek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1128332850703 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1148978116000 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} http://downloads.vir...er1/xp_mail.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Gilli\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gilli\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/30 10:15:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/30 04:44:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011/04/30 04:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011/04/30 04:44:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011/04/30 04:42:12 | 000,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/04/30 03:52:05 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/04/30 03:52:05 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011/04/30 03:52:02 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/04/30 03:52:01 | 001,991,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011/04/30 03:51:59 | 011,080,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011/04/30 03:51:41 | 000,455,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/04/30 03:49:38 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/04/30 03:49:25 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/04/30 03:49:12 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2011/04/30 03:48:58 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011/04/30 03:48:58 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/04/30 03:48:50 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/04/30 03:47:52 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2011/04/30 03:47:27 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2011/04/30 03:44:55 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2011/04/30 03:44:55 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2011/04/30 03:44:50 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2011/04/30 03:44:17 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2011/04/30 03:40:59 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2011/04/30 03:40:58 | 002,192,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011/04/30 03:40:58 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011/04/30 03:40:57 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011/04/30 03:40:11 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2011/04/30 03:39:57 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2011/04/30 03:39:04 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011/04/30 03:39:01 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2011/04/30 03:12:30 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2011/04/30 02:02:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/30 01:04:45 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/04/30 00:33:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/30 00:33:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/30 00:33:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/30 00:33:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/29 18:46:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/29 18:26:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilli\My Documents\Simply Super Software
[2011/04/29 18:17:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gilli\Recent
[2011/04/29 18:12:35 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/04/29 18:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/04/29 18:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/04/29 17:54:54 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2011/04/29 17:54:39 | 000,192,984 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2011/04/29 17:54:37 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2011/04/29 17:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Internet Security
[2011/04/28 22:19:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilli\Desktop\hosts
[2011/04/28 22:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2011/04/28 22:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareGuard
[2011/04/28 22:01:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilli\My Documents\Downloads
[2011/04/28 21:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilli\Local Settings\Application Data\Mozilla
[2011/04/28 21:58:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilli\Application Data\Mozilla
[2011/04/28 21:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/04/28 21:56:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/28 21:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/04/28 21:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/04/28 21:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2011/04/28 21:06:36 | 000,970,752 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpotiop5.dll
[2011/04/28 21:06:36 | 000,729,088 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpowiax5.dll
[2011/04/28 21:06:36 | 000,364,544 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll
[2011/04/28 21:06:36 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2011/04/28 21:06:36 | 000,303,104 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpovst12.dll
[2011/04/28 20:53:36 | 000,000,000 | ---D | C] -- C:\MGTools
[2011/04/28 20:42:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/28 20:26:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/28 20:22:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/28 20:21:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/28 19:21:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/04/28 19:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/04/28 19:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/28 17:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/04/28 17:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/04/28 17:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/27 21:44:49 | 000,307,288 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/04/27 21:44:49 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/04/27 21:44:47 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/04/27 21:44:46 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/27 21:44:46 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/04/27 21:44:45 | 000,102,488 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/04/27 21:44:45 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/04/27 21:44:44 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/04/27 21:44:31 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/04/27 21:44:30 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/04/27 21:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/04/27 21:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/27 21:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilli\Application Data\SUPERAntiSpyware.com
[2011/04/27 20:52:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/04/27 20:43:08 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2011/04/27 20:43:08 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2011/04/27 20:28:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/04/27 17:59:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/27 17:19:32 | 000,000,000 | ---D | C] -- C:\fe7425e4a7ef88f65276324cdaaabd
[2011/04/27 17:02:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/27 16:23:43 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2011/04/27 16:23:42 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2011/04/27 16:23:42 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2011/04/27 16:23:42 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2011/04/27 16:23:41 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2011/04/27 16:23:41 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2011/04/27 16:23:40 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2011/04/27 16:23:40 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2011/04/27 16:23:37 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2011/04/27 16:23:36 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2011/04/27 16:23:36 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2011/04/27 16:23:29 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2011/04/27 16:23:28 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2011/04/27 16:23:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2011/04/27 16:23:25 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2011/04/27 16:23:25 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2011/04/27 16:23:25 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2011/04/27 16:23:24 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2011/04/27 16:23:24 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2011/04/27 16:23:24 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2011/04/27 16:23:24 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2011/04/27 16:23:23 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2011/04/27 16:23:20 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2011/04/27 16:23:17 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2011/04/27 16:23:17 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2011/04/27 16:23:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2011/04/27 16:23:15 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2011/04/27 16:23:15 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2011/04/27 16:23:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2011/04/27 16:23:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2011/04/27 16:23:14 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2011/04/27 16:23:14 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2011/04/27 16:23:14 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2011/04/27 16:23:14 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2011/04/27 16:23:14 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2011/04/27 16:23:14 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2011/04/27 16:23:14 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2011/04/27 16:23:14 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2011/04/27 16:23:14 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2011/04/27 16:23:13 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2011/04/27 16:23:13 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2011/04/27 16:23:13 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2011/04/27 16:23:13 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2011/04/27 16:23:10 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2011/04/27 16:23:05 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2011/04/27 16:23:05 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2011/04/27 16:23:02 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/04/27 16:23:02 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/04/27 16:23:01 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2011/04/27 16:22:59 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2011/04/27 16:22:59 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2011/04/27 16:22:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2011/04/27 16:22:56 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2011/04/27 16:22:56 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2011/04/27 16:22:54 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2011/04/27 16:22:54 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2011/04/27 16:22:54 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2011/04/27 16:22:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2011/04/27 16:22:53 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2011/04/27 16:22:53 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2011/04/27 16:22:53 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2011/04/27 16:22:53 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2011/04/27 16:22:52 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2011/04/27 16:22:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2011/04/27 16:22:51 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2011/04/27 16:22:51 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2011/04/27 16:22:47 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2011/04/27 16:22:41 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2011/04/27 16:22:35 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2011/04/27 16:22:35 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2011/04/27 16:22:26 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2011/04/27 16:22:26 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2011/04/27 16:22:25 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2011/04/27 16:22:22 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2011/04/27 16:22:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2011/04/27 16:22:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2011/04/27 16:22:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2011/04/27 16:22:20 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2011/04/27 16:22:20 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2011/04/27 16:22:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2011/04/27 16:22:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2011/04/27 16:22:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2011/04/27 16:22:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2011/04/27 16:22:19 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2011/04/27 16:22:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2011/04/27 16:22:19 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2011/04/27 16:22:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2011/04/27 16:22:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2011/04/27 16:22:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2011/04/27 16:22:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2011/04/27 16:22:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2011/04/27 16:22:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2011/04/27 16:22:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2011/04/27 16:22:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2011/04/27 16:22:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2011/04/27 16:22:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2011/04/27 16:22:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2011/04/27 16:22:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2011/04/27 16:22:17 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2011/04/27 16:22:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2011/04/27 16:22:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2011/04/27 16:22:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2011/04/27 16:22:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2011/04/27 16:22:16 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2011/04/27 16:22:16 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2011/04/27 16:22:15 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2011/04/27 16:22:12 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2011/04/27 16:22:12 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2011/04/27 16:22:12 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2011/04/27 16:22:12 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2011/04/27 16:22:12 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2011/04/27 16:22:11 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2011/04/27 16:22:11 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2011/04/27 16:22:11 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2011/04/27 16:22:11 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2011/04/27 16:22:11 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2011/04/27 16:22:11 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2011/04/27 16:22:10 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2011/04/27 16:22:10 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2011/04/27 16:22:10 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2011/04/27 16:22:10 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2011/04/27 16:22:10 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2011/04/27 16:22:09 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2011/04/27 16:22:09 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2011/04/27 16:22:09 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2011/04/27 16:22:09 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2011/04/27 16:22:09 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2011/04/27 16:22:09 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2011/04/27 16:22:09 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2011/04/27 16:22:03 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2011/04/27 16:21:56 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2011/04/27 16:21:52 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2011/04/27 16:21:50 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2011/04/27 16:21:50 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2011/04/27 16:21:48 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2011/04/27 16:21:48 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2011/04/27 16:21:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2011/04/27 16:21:46 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2011/04/27 16:21:45 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2011/04/27 16:21:44 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2011/04/27 16:21:44 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2011/04/27 16:21:44 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2011/04/27 16:21:44 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2011/04/27 16:21:36 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2011/04/27 16:21:34 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2011/04/27 16:21:34 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2011/04/27 16:21:31 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2011/04/27 16:21:31 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2011/04/27 16:21:31 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2011/04/27 16:21:30 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2011/04/27 16:21:30 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2011/04/27 16:21:30 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2011/04/27 16:21:29 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2011/04/27 16:21:29 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2011/04/27 16:21:29 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2011/04/27 16:21:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2011/04/27 16:21:29 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2011/04/27 16:21:28 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2011/04/27 16:21:27 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/04/27 16:21:26 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2011/04/27 16:21:26 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2011/04/27 16:21:04 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2011/04/27 16:20:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2011/04/27 16:18:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2011/04/27 16:05:11 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2011/04/27 16:05:11 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2011/04/27 16:05:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2011/04/27 16:05:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2011/04/27 15:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/27 15:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/04/27 15:13:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/27 15:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/27 15:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilli\Local Settings\Application Data\{38D68470-C99F-456A-B49C-FB15EF747F88}
[2011/04/06 11:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nokia PC Suite
[2011/04/06 11:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/30 13:11:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F2CD3050-988F-4A9B-B8A5-396F3AB4127C}.job
[2011/04/30 13:05:56 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Gilli\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011/04/30 12:58:46 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/30 12:52:17 | 000,509,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/30 12:52:17 | 000,089,006 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/30 12:33:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/04/30 11:08:33 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A01C03DB-872A-4DA0-A521-43DC3FA62DC0}.job
[2011/04/30 05:00:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/30 04:46:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/30 04:41:58 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/04/30 04:41:58 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/04/30 04:40:37 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/04/30 04:30:39 | 000,282,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/30 01:44:21 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/04/30 00:29:56 | 004,333,524 | R--- | M] () -- C:\Documents and Settings\Gilli\Desktop\ComboFix.exe
[2011/04/29 18:18:55 | 000,354,602 | ---- | M] () -- C:\Documents and Settings\Gilli\My Documents\cc_20110429_181837.reg
[2011/04/29 18:12:35 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/04/29 17:54:39 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/29 17:54:01 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2011/04/28 22:18:54 | 000,151,515 | ---- | M] () -- C:\Documents and Settings\Gilli\Desktop\hosts.zip
[2011/04/28 22:03:25 | 205,674,200 | ---- | M] () -- C:\Documents and Settings\Gilli\Desktop\100_235_PS_AIO_02_Full_NonNet_enu_NB.exe
[2011/04/28 22:02:20 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Gilli\Desktop\SpywareGuard LiveUpdate.lnk
[2011/04/28 22:02:20 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Gilli\Start Menu\Programs\Startup\SpywareGuard.lnk
[2011/04/28 22:02:20 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\Gilli\Desktop\SpywareGuard.lnk
[2011/04/28 21:58:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/04/28 21:57:56 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Gilli\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/28 21:57:55 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/28 21:56:16 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Gilli\Desktop\SpywareBlaster.lnk
[2011/04/28 21:39:53 | 000,045,093 | ---- | M] () -- C:\Documents and Settings\Gilli\Desktop\HP Installation Error - XP.hta
[2011/04/28 21:26:15 | 000,164,678 | ---- | M] () -- C:\WINDOWS\hpoins21.dat
[2011/04/28 21:11:09 | 000,001,858 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.5.lnk
[2011/04/28 21:10:22 | 000,001,960 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2011/04/28 20:57:23 | 000,116,918 | ---- | M] () -- C:\MGlogs.zip
[2011/04/28 20:26:38 | 000,000,331 | RHS- | M] () -- C:\boot.ini
[2011/04/28 19:15:23 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/28 17:00:52 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/28 16:41:30 | 000,000,215 | ---- | M] () -- C:\Boot.bak
[2011/04/28 16:32:54 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Gilli\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/27 21:02:33 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/04/27 17:51:20 | 002,418,162 | ---- | M] () -- C:\MGtools.exe
[2011/04/27 17:19:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/27 16:25:17 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/04/27 16:19:43 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/04/27 16:17:36 | 000,023,444 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/04/27 14:32:07 | 000,163,633 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2011/04/26 10:15:41 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/19 15:59:54 | 000,516,042 | ---- | M] () -- C:\Documents and Settings\Gilli\My Documents\Baby Farenden Jackson 30weeks + 5 Days Scan.JPG
[2011/04/19 15:58:00 | 000,614,424 | ---- | M] () -- C:\Documents and Settings\Gilli\My Documents\3D Baby Face.JPG
[2011/04/19 15:57:37 | 000,516,042 | ---- | M] () -- C:\Documents and Settings\Gilli\My Documents\30wks + 5days Scan.JPG
[2011/04/18 18:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/04/18 18:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/04/18 18:18:45 | 000,102,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2011/04/18 18:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/18 18:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/04/18 18:17:20 | 000,192,984 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2011/04/18 18:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/04/18 18:16:06 | 000,102,488 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/04/18 18:16:02 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/04/18 18:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/04/18 18:13:02 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/04/18 18:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/04/18 17:49:53 | 000,012,112 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2011/04/18 17:28:35 | 037,977,088 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2011/04/18 17:28:34 | 018,449,408 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2011/04/18 16:46:13 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/04/08 15:39:25 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Gilli\My Documents\Wedding acceptence.pub
[2011/04/08 15:36:58 | 000,002,461 | ---- | M] () -- C:\Documents and Settings\Gilli\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Publisher 2003.lnk
[2011/04/06 11:18:21 | 000,001,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/30 04:38:40 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/04/30 03:20:32 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/04/30 00:33:33 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/30 00:33:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/30 00:33:33 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/30 00:33:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/30 00:33:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/30 00:30:10 | 004,333,524 | R--- | C] () -- C:\Documents and Settings\Gilli\Desktop\ComboFix.exe
[2011/04/29 18:18:41 | 000,354,602 | ---- | C] () -- C:\Documents and Settings\Gilli\My Documents\cc_20110429_181837.reg
[2011/04/29 18:07:35 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/04/29 17:54:01 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2011/04/28 22:18:54 | 000,151,515 | ---- | C] () -- C:\Documents and Settings\Gilli\Desktop\hosts.zip
[2011/04/28 22:02:20 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Gilli\Desktop\SpywareGuard LiveUpdate.lnk
[2011/04/28 22:02:20 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Gilli\Start Menu\Programs\Startup\SpywareGuard.lnk
[2011/04/28 22:02:20 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\Gilli\Desktop\SpywareGuard.lnk
[2011/04/28 21:58:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/28 21:57:55 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Gilli\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/28 21:57:55 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/28 21:57:55 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/28 21:56:16 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Gilli\Desktop\SpywareBlaster.lnk
[2011/04/28 21:39:53 | 000,045,093 | ---- | C] () -- C:\Documents and Settings\Gilli\Desktop\HP Installation Error - XP.hta
[2011/04/28 21:10:22 | 000,001,960 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2011/04/28 21:05:15 | 000,164,678 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2011/04/28 21:05:15 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2011/04/28 20:53:56 | 000,116,918 | ---- | C] () -- C:\MGlogs.zip
[2011/04/28 20:53:53 | 002,418,162 | ---- | C] () -- C:\MGtools.exe
[2011/04/28 20:26:38 | 000,000,215 | ---- | C] () -- C:\Boot.bak
[2011/04/28 20:26:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/28 19:15:23 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/28 18:50:11 | 205,674,200 | ---- | C] () -- C:\Documents and Settings\Gilli\Desktop\100_235_PS_AIO_02_Full_NonNet_enu_NB.exe
[2011/04/28 17:00:52 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/27 17:19:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/27 16:22:53 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/04/27 16:22:22 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/04/27 16:22:12 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/04/27 16:22:11 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/04/27 16:22:09 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/04/27 16:21:59 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/04/27 16:21:52 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/04/27 16:21:30 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/04/27 16:04:57 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/04/27 16:04:57 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/04/27 16:04:57 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/04/27 16:04:57 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/04/27 16:04:57 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/04/27 16:04:57 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/04/27 16:04:57 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/04/19 15:59:54 | 000,516,042 | ---- | C] () -- C:\Documents and Settings\Gilli\My Documents\Baby Farenden Jackson 30weeks + 5 Days Scan.JPG
[2011/04/19 15:58:00 | 000,614,424 | ---- | C] () -- C:\Documents and Settings\Gilli\My Documents\3D Baby Face.JPG
[2011/04/19 15:57:37 | 000,516,042 | ---- | C] () -- C:\Documents and Settings\Gilli\My Documents\30wks + 5days Scan.JPG
[2011/04/07 16:31:20 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Gilli\My Documents\Wedding acceptence.pub
[2011/04/06 11:18:21 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2010/02/16 18:27:18 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/02/16 18:27:11 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\UpdateDriver.exe
[2010/02/16 18:27:11 | 000,005,116 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini
[2010/02/16 18:27:10 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\RT2870.bin
[2009/12/04 10:53:59 | 000,023,123 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2009/11/27 17:00:05 | 000,077,350 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2009/11/10 20:58:29 | 001,354,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/09/10 15:30:42 | 000,116,840 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009/07/10 18:05:34 | 000,000,399 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/26 10:47:22 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Gilli\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/18 10:40:42 | 000,000,052 | ---- | C] () -- C:\WINDOWS\hpqwrap.INI
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/16 13:20:08 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2005/10/12 14:03:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2005/10/07 13:07:44 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Gilli.ini
[2005/10/03 15:59:55 | 000,001,292 | ---- | C] () -- C:\Documents and Settings\Gilli\Local Settings\Application Data\FASTWiz.html
[2005/10/03 13:11:39 | 000,000,271 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2005/10/03 11:47:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/30 11:14:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/30 11:12:33 | 000,083,471 | R--- | C] () -- C:\WINDOWS\VGAsetup.ini
[2005/09/30 11:12:33 | 000,035,026 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005/09/30 11:12:29 | 000,049,152 | ---- | C] () -- C:\WINDOWS\InstFunc.exe
[2005/09/30 10:59:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2005/09/30 10:59:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2005/09/30 10:59:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2005/09/30 10:56:29 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/09/30 10:55:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/09/30 10:55:03 | 000,003,926 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2005/09/30 10:55:02 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005/09/30 10:54:21 | 000,282,128 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/09/30 10:20:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/09/30 10:12:01 | 000,023,444 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,509,828 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,089,006 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/10/21 22:29:26 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\Jpegpriv.dll
[2000/10/21 22:29:26 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\JpegCode.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Edited by WigglesGRN, 30 April 2011 - 06:17 AM.

  • 0

#13
Essexboy
Posted 30 April 2011 - 06:23 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Funnily enough I have just been discussing this variant with GMER and he has released a new version that should work.

The log looks good - any further problems before I remove my tools and tidy you up ?
  • 0

#14
WigglesGRN
Posted 30 April 2011 - 06:25 AM

WigglesGRN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Nope no problems that i can see :) Thank you for your help
  • 0

#15
Essexboy
Posted 30 April 2011 - 06:35 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :unsure:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :yes:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check

Posted Image


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP