Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

google redirects and more

Started by dumbum , Jul 11 2011 11:22 PM

  • This topic is locked This topic is locked

#1
dumbum
Posted 11 July 2011 - 11:22 PM

dumbum

    Member

  • Member
  • PipPip
  • 72 posts
Hi ..I`m getting the google redirects and the more is virus blocking (warning harmful to your computer) ? I dont know tho b/c when I hit the back button I get the page I`m searching for..this happens for both problems
I`m using XP with Avast and spybot and superanti spyware..I have followed the removal guides here and all scans find nothing..I have also run these scans while in safe mode and nothing is found..avast boot scan also has not cured it. As in your tutorial here is the OTL notepad info..also another box opened "extra.txe-notepad" is also here...I was using Microsoft Security when first infected and changed over to Avast, that took care of the security virus..I think? but the redirect stayed... thanks


OTL logfile created on: 7/12/2011 1:04:51 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.84% Memory free
3.81 Gb Paging File | 3.12 Gb Available in Paging File | 81.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.80 Gb Total Space | 210.51 Gb Free Space | 92.00% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 1.20 Gb Free Space | 29.41% Space Free | Partition Type: FAT32

Computer Name: YOUR-BDE1DFDEAA | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/12 01:00:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\OTL.exe
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/30 09:50:31 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/04/03 22:06:35 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/09 21:44:40 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe
PRC - [2005/03/08 04:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAEA.EXE
PRC - [2004/11/03 17:03:00 | 000,125,528 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1301882656\EE\AOLHostManager.exe
PRC - [2004/11/03 17:03:00 | 000,110,680 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1301882656\EE\AOLServiceHost.exe
PRC - [2004/10/20 10:40:04 | 000,010,328 | ---- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/10/18 20:42:18 | 000,079,448 | ---- | M] () -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
PRC - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/03/02 23:24:50 | 005,576,704 | ---- | M] (Chicony) -- C:\WINDOWS\CNYHKey.exe


========== Modules (SafeList) ==========

MOD - [2011/07/12 01:00:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\OTL.exe
MOD - [2011/07/04 07:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/03 22:06:35 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2004/10/20 10:40:04 | 000,010,328 | ---- | M] (America Online) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/04/25 22:00:46 | 000,195,424 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2011/04/03 22:04:52 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2011/02/24 18:21:10 | 006,340,200 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2006/02/23 13:58:26 | 000,167,808 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2005/09/23 10:26:40 | 001,094,751 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/07/29 13:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 13:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/09 18:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/07 20:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/11/10 20:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/11/10 20:27:34 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 16:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...ys=DTP&M=GT4010

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.msn.com/?lang=en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2011/06/29 20:46:47 | 000,002,791 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 93.174.89.10 www.google.com.au
O1 - Hosts: 178.17.165.3 www.google.com.au
O1 - Hosts: 93.174.89.10 www.google.be
O1 - Hosts: 178.17.165.3 www.google.be
O1 - Hosts: 93.174.89.10 www.google.com.br
O1 - Hosts: 178.17.165.3 www.google.com.br
O1 - Hosts: 93.174.89.10 www.google.ca
O1 - Hosts: 178.17.165.3 www.google.ca
O1 - Hosts: 93.174.89.10 www.google.ch
O1 - Hosts: 178.17.165.3 www.google.ch
O1 - Hosts: 93.174.89.10 www.google.de
O1 - Hosts: 178.17.165.3 www.google.de
O1 - Hosts: 93.174.89.10 www.google.dk
O1 - Hosts: 178.17.165.3 www.google.dk
O1 - Hosts: 93.174.89.10 www.google.fr
O1 - Hosts: 178.17.165.3 www.google.fr
O1 - Hosts: 93.174.89.10 www.google.ie
O1 - Hosts: 178.17.165.3 www.google.ie
O1 - Hosts: 93.174.89.10 www.google.it
O1 - Hosts: 178.17.165.3 www.google.it
O1 - Hosts: 93.174.89.10 www.google.co.jp
O1 - Hosts: 178.17.165.3 www.google.co.jp
O1 - Hosts: 93.174.89.10 www.google.nl
O1 - Hosts: 178.17.165.3 www.google.nl
O1 - Hosts: 28 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1312.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1312.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe ()
O4 - HKLM..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1301882656\EE\AOLHostManager.exe (America Online, Inc.)
O4 - HKLM..\Run: [ledpointer] C:\WINDOWS\CNYHKey.exe (Chicony)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [showwnd] C:\WINDOWS\ShowWnd.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://us.dl1.yimg.c...nst_current.cab (YInstStarter Class)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1301889089265 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} https://carelink.min...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 21:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 19:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/12 01:00:43 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\OTL.exe
[2011/07/11 23:04:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Recent
[2011/07/10 18:34:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\tdsskiller
[2011/07/09 17:48:26 | 000,398,760 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\cpnprt2.cid
[2011/07/09 17:48:26 | 000,398,760 | ---- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/07/09 17:48:23 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2011/07/09 17:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
[2011/07/07 09:43:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/05 01:39:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/07/05 01:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/07/05 01:38:11 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/05 01:38:10 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/05 01:38:08 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/05 01:38:07 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/05 01:38:07 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/05 01:38:05 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/05 01:38:05 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/05 01:38:05 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/05 01:37:27 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/05 01:37:26 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 22:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Local Settings\Application Data\Help
[2011/07/04 22:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\Help
[2011/07/04 22:22:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Start Menu\Programs\CleanUp!
[2011/07/04 22:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2011/07/04 21:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/07/04 21:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/07/04 21:58:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/07/03 22:56:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\Immunet
[2011/07/03 22:56:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Immunet
[2011/07/02 05:13:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\QuickScan
[2011/07/01 08:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\SUPERAntiSpyware.com
[2011/07/01 08:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/01 08:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/07/01 08:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/01 08:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Scanner
[2011/07/01 08:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/06/19 12:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\ieSpell
[2011/06/18 20:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/06/18 20:17:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/12 01:00:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\OTL.exe
[2011/07/11 22:45:11 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EC00EFAA-ED35-45C8-91FF-491785EA2167}.job
[2011/07/11 09:41:02 | 000,030,277 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/07/10 19:02:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/10 18:41:36 | 2112,344,064 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/09 22:25:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/07/09 22:02:51 | 001,327,397 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\tdsskiller.zip
[2011/07/09 17:48:26 | 000,398,760 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\cpnprt2.cid
[2011/07/09 17:48:26 | 000,398,760 | ---- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/07/08 15:25:20 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\My Documents\Untitled Document.wps
[2011/07/08 15:25:20 | 000,000,836 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\wklnhst.dat
[2011/07/07 22:50:43 | 000,174,672 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/07 09:49:21 | 007,077,888 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\ntuser.bak
[2011/07/05 01:40:46 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/07/05 01:38:12 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/05 01:38:06 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/05 01:18:12 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/07/04 21:59:31 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/04 21:59:31 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\Spybot - Search & Destroy.lnk
[2011/07/04 13:30:02 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/04 07:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 07:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 07:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/03 11:59:04 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/07/03 11:59:04 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/07/02 05:15:39 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Local Settings\Application Data\housecall.guid.cache
[2011/07/01 08:57:07 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/30 00:13:03 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/29 22:27:35 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/06/29 21:10:39 | 001,030,075 | ---- | M] () -- C:\WINDOWS\System32\AAWService__2011_06_29_21_10_39_00010cfb.dmp
[2011/06/29 21:10:32 | 001,028,887 | ---- | M] () -- C:\WINDOWS\System32\AAWService__2011_06_29_21_10_30_0000ed8c.dmp
[2011/06/29 21:10:07 | 000,996,371 | ---- | M] () -- C:\WINDOWS\System32\AAWService__2011_06_29_21_10_05_00006409.dmp
[2011/06/29 20:46:47 | 000,002,791 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110706-182332.backup
[2011/06/29 20:46:47 | 000,002,791 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110711-230700.backup
[2011/06/29 20:46:47 | 000,002,791 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110709-195805.backup
[2011/06/29 20:46:47 | 000,002,791 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110709-195555.backup
[2011/06/29 20:46:47 | 000,002,791 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110706-182528.backup
[2011/06/29 20:46:47 | 000,002,791 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110706-182421.backup
[2011/06/29 20:46:47 | 000,002,791 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/27 11:14:43 | 001,153,024 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\My Documents\shower 3.wps
[2011/06/26 14:49:07 | 000,734,720 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\My Documents\baby shower 2.wps
[2011/06/23 15:01:50 | 000,512,000 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\My Documents\baby shower.wps
[2011/06/18 20:18:09 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/15 23:10:00 | 000,441,670 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/15 23:10:00 | 000,071,480 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/10 18:39:18 | 2112,344,064 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/09 22:02:41 | 001,327,397 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\tdsskiller.zip
[2011/07/08 21:01:45 | 000,041,746 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\My Documents\obama_20eco_car.jpg
[2011/07/08 15:25:20 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\My Documents\Untitled Document.wps
[2011/07/05 01:38:12 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/04 21:59:31 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/04 21:59:31 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\Spybot - Search & Destroy.lnk
[2011/07/02 05:15:39 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Local Settings\Application Data\housecall.guid.cache
[2011/07/01 08:57:07 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/29 21:10:39 | 001,030,075 | ---- | C] () -- C:\WINDOWS\System32\AAWService__2011_06_29_21_10_39_00010cfb.dmp
[2011/06/29 21:10:30 | 001,028,887 | ---- | C] () -- C:\WINDOWS\System32\AAWService__2011_06_29_21_10_30_0000ed8c.dmp
[2011/06/29 21:10:05 | 000,996,371 | ---- | C] () -- C:\WINDOWS\System32\AAWService__2011_06_29_21_10_05_00006409.dmp
[2011/06/27 10:58:32 | 001,153,024 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\My Documents\shower 3.wps
[2011/06/26 12:33:49 | 000,734,720 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\My Documents\baby shower 2.wps
[2011/06/25 16:51:38 | 007,077,888 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\ntuser.bak
[2011/06/23 14:46:02 | 000,512,000 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\My Documents\baby shower.wps
[2011/06/18 20:18:09 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/18 20:18:09 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/04/21 06:43:40 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/21 06:43:40 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/15 20:17:38 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011/04/15 20:17:38 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/04/15 20:17:38 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011/04/15 20:17:38 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/04/15 20:17:38 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011/04/15 20:17:38 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011/04/15 20:17:38 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011/04/15 20:17:38 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011/04/15 20:17:38 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011/04/15 20:17:38 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011/04/15 20:17:38 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011/04/15 20:17:38 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011/04/15 20:17:38 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011/04/15 20:17:38 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011/04/15 20:17:38 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011/04/15 20:17:38 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011/04/13 21:37:16 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\infcpy.dll
[2011/04/06 09:24:15 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\wklnhst.dat
[2011/04/03 22:06:57 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2011/04/03 22:04:07 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/03 22:03:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/04/03 22:02:31 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2011/04/03 21:58:02 | 000,550,912 | ---- | C] () -- C:\WINDOWS\mHotkey.exe
[2011/04/03 21:58:02 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2011/04/03 21:58:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\CNYUSB.dll
[2011/04/03 21:58:02 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe
[2011/04/03 21:58:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2011/04/03 21:58:02 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2011/04/03 21:58:02 | 000,005,120 | ---- | C] () -- C:\WINDOWS\HKCYDLL.dll
[2011/04/03 21:58:02 | 000,000,360 | ---- | C] () -- C:\WINDOWS\CNYHKey.ini
[2011/04/03 20:40:56 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2010/09/11 14:56:05 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2010/09/11 14:56:03 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/09/11 14:56:03 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/09/11 14:56:02 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/09/11 14:56:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/09/11 14:56:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2010/09/11 14:56:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2010/09/11 14:56:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010/09/11 14:55:56 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2010/09/11 14:55:56 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2010/09/11 14:55:55 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2010/09/11 14:54:00 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2005/08/06 01:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/01/12 13:38:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/12 12:51:23 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2005/01/09 21:17:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/01/09 21:07:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/01/09 19:49:16 | 000,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/09 19:49:16 | 000,000,521 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/01/09 19:48:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/01/09 19:48:21 | 000,441,670 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/01/09 19:48:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/01/09 19:48:21 | 000,071,480 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/09 19:48:21 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/01/09 19:48:20 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/09 19:48:18 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/01/09 19:48:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/01/09 19:48:07 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/01/09 19:48:07 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/01/09 19:48:01 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/01/09 19:47:52 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/01/09 13:00:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/09 12:59:39 | 000,174,672 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011/04/04 06:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\ElevatedDiagnostics
[2011/06/19 12:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\ieSpell
[2011/07/03 22:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\Immunet
[2011/07/02 05:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\QuickScan
[2011/04/03 22:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\SampleView
[2011/04/06 09:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\Template
[2011/07/05 01:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/25 22:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Medtronic
[2011/04/03 22:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2011/04/03 22:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/07/09 22:25:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/07/11 22:45:11 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EC00EFAA-ED35-45C8-91FF-491785EA2167}.job

========== Purity Check ==========



< End of report >OTL Extras logfile created on: 7/12/2011 1:04:51 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.84% Memory free
3.81 Gb Paging File | 3.12 Gb Available in Paging File | 81.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.80 Gb Total Space | 210.51 Gb Free Space | 92.00% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 1.20 Gb Free Space | 29.41% Space Free | Partition Type: FAT32

Computer Name: YOUR-BDE1DFDEAA | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\1301882656\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1301882656\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- ()
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- (AOL Spyware Protection)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{095C4517-3E7A-4C70-A981-7146CFAD4D39}" = Dual Mode Digital Camera 3.0M
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 26
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{6054F774-FEF0-46C6-9311-EC97FC576FC5}" = USB Wireless Keyboard Driver
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C661DEF-3F08-468D-B5CE-B37E4771B5D2}" = MSN Toolbar
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6EE99EA-420C-4FA6-8A7C-FDB60D278855}" = VS10RuntimeWin32
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Spyware Protection" = AOL Spyware Protection
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"gtw_logo" = gtw_logo
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"Port Magic" = Pure Networks Port Magic
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"ViewpointMediaPlayer" = Viewpoint Media Player
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Anti-Spy" = Yahoo! Anti-Spy
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/29/2011 9:12:40 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Application Error | ID = 1001
Description = Fault bucket -1805260676.

Error - 6/29/2011 10:15:11 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module msvcr90.dll, version 9.0.30729.6161, fault address 0x000375b4.

Error - 6/29/2011 10:15:25 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Application Error | ID = 1001
Description = Fault bucket -1805260676.

Error - 7/4/2011 1:10:29 AM | Computer Name = YOUR-BDE1DFDEAA | Source = Application Error | ID = 1000
Description = Faulting application realplay.exe, version 6.0.9.584, faulting module
unknown, version 0.0.0.0, fault address 0x01957a77.

Error - 7/4/2011 1:10:36 AM | Computer Name = YOUR-BDE1DFDEAA | Source = Application Error | ID = 1001
Description = Fault bucket 349897920.

Error - 7/8/2011 2:21:41 AM | Computer Name = YOUR-BDE1DFDEAA | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 10.1.0.534, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/8/2011 2:22:29 AM | Computer Name = YOUR-BDE1DFDEAA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/8/2011 2:22:32 AM | Computer Name = YOUR-BDE1DFDEAA | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 7/9/2011 8:03:59 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.55.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/9/2011 8:04:03 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Application Hang | ID = 1001
Description = Fault bucket -1784725119.

[ System Events ]
Error - 7/10/2011 6:34:57 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 7/10/2011 6:34:57 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 7/10/2011 6:34:57 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD AmdK8 aswRdr aswSnx aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV
SASKUTIL
Tcpip

Error - 7/10/2011 6:37:34 PM | Computer Name = YOUR-BDE1DFDEAA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/10/2011 6:39:57 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/10/2011 7:02:57 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/11/2011 9:14:58 AM | Computer Name = YOUR-BDE1DFDEAA | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.102 on
the Network Card with network address 0040CAAE90EC.

Error - 7/11/2011 12:31:07 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 7/11/2011 4:06:34 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.102 on
the Network Card with network address 0040CAAE90EC.

Error - 7/11/2011 9:27:00 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.102 on
the Network Card with network address 0040CAAE90EC.


< End of report >
  • 0

Advertisements

#2
dumbum
Posted 11 July 2011 - 11:38 PM

dumbum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Hi ..I`m getting the google redirects and the more is virus blocking (warning harmful to your computer) ? I dont know tho b/c when I hit the back button I get the page I`m searching for..this happens for both problems
I`m using XP with Avast and spybot and superanti spyware..I have followed the removal guides here and all scans find nothing..I have also run these scans while in safe mode and nothing is found..avast boot scan also has not cured it. As in your tutorial here is the OTL notepad info..also another box opened "extra.txe-notepad" is also here...I was using Microsoft Security when first infected and changed over to Avast, that took care of the security virus..I think? but the redirect stayed... thanks


OTL logfile created on: 7/12/2011 1:04:51 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.84% Memory free
3.81 Gb Paging File | 3.12 Gb Available in Paging File | 81.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.80 Gb Total Space | 210.51 Gb Free Space | 92.00% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 1.20 Gb Free Space | 29.41% Space Free | Partition Type: FAT32

Computer Name: YOUR-BDE1DFDEAA | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/12 01:00:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\OTL.exe
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/30 09:50:31 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/04/03 22:06:35 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/09 21:44:40 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe
PRC - [2005/03/08 04:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAEA.EXE
PRC - [2004/11/03 17:03:00 | 000,125,528 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1301882656\EE\AOLHostManager.exe
PRC - [2004/11/03 17:03:00 | 000,110,680 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1301882656\EE\AOLServiceHost.exe
PRC - [2004/10/20 10:40:04 | 000,010,328 | ---- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/10/18 20:42:18 | 000,079,448 | ---- | M] () -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
PRC - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/03/02 23:24:50 | 005,576,704 | ---- | M] (Chicony) -- C:\WINDOWS\CNYHKey.exe


========== Modules (SafeList) ==========

MOD - [2011/07/12 01:00:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\OTL.exe
MOD - [2011/07/04 07:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/03 22:06:35 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2004/10/20 10:40:04 | 000,010,328 | ---- | M] (America Online) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/04/25 22:00:46 | 000,195,424 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2011/04/03 22:04:52 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2011/02/24 18:21:10 | 006,340,200 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2006/02/23 13:58:26 | 000,167,808 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2005/09/23 10:26:40 | 001,094,751 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/07/29 13:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 13:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/09 18:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/07 20:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/11/10 20:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/11/10 20:27:34 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 16:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...ys=DTP&M=GT4010

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.msn.com/?lang=en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2011/06/29 20:46:47 | 000,002,791 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 93.174.89.10 www.google.com.au
O1 - Hosts: 178.17.165.3 www.google.com.au
O1 - Hosts: 93.174.89.10 www.google.be
O1 - Hosts: 178.17.165.3 www.google.be
O1 - Hosts: 93.174.89.10 www.google.com.br
O1 - Hosts: 178.17.165.3 www.google.com.br
O1 - Hosts: 93.174.89.10 www.google.ca
O1 - Hosts: 178.17.165.3 www.google.ca
O1 - Hosts: 93.174.89.10 www.google.ch
O1 - Hosts: 178.17.165.3 www.google.ch
O1 - Hosts: 93.174.89.10 www.google.de
O1 - Hosts: 178.17.165.3 www.google.de
O1 - Hosts: 93.174.89.10 www.google.dk
O1 - Hosts: 178.17.165.3 www.google.dk
O1 - Hosts: 93.174.89.10 www.google.fr
O1 - Hosts: 178.17.165.3 www.google.fr
O1 - Hosts: 93.174.89.10 www.google.ie
O1 - Hosts: 178.17.165.3 www.google.ie
O1 - Hosts: 93.174.89.10 www.google.it
O1 - Hosts: 178.17.165.3 www.google.it
O1 - Hosts: 93.174.89.10 www.google.co.jp
O1 - Hosts: 178.17.165.3 www.google.co.jp
O1 - Hosts: 93.174.89.10 www.google.nl
O1 - Hosts: 178.17.165.3 www.google.nl
O1 - Hosts: 28 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1312.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1312.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe ()
O4 - HKLM..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1301882656\EE\AOLHostManager.exe (America Online, Inc.)
O4 - HKLM..\Run: [ledpointer] C:\WINDOWS\CNYHKey.exe (Chicony)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [showwnd] C:\WINDOWS\ShowWnd.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://us.dl1.yimg.c...nst_current.cab (YInstStarter Class)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1301889089265 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} https://carelink.min...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 21:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 19:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/12 01:00:43 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\OTL.exe
[2011/07/11 23:04:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Recent
[2011/07/10 18:34:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\tdsskiller
[2011/07/09 17:48:26 | 000,398,760 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\cpnprt2.cid
[2011/07/09 17:48:26 | 000,398,760 | ---- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/07/09 17:48:23 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2011/07/09 17:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
[2011/07/07 09:43:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/05 01:39:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/07/05 01:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/07/05 01:38:11 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/05 01:38:10 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/05 01:38:08 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/05 01:38:07 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/05 01:38:07 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/05 01:38:05 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/05 01:38:05 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/05 01:38:05 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/05 01:37:27 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/05 01:37:26 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 22:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Local Settings\Application Data\Help
[2011/07/04 22:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\Help
[2011/07/04 22:22:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Start Menu\Programs\CleanUp!
[2011/07/04 22:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2011/07/04 21:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/07/04 21:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/07/04 21:58:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/07/03 22:56:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\Immunet
[2011/07/03 22:56:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Immunet
[2011/07/02 05:13:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\QuickScan
[2011/07/01 08:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\SUPERAntiSpyware.com
[2011/07/01 08:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/01 08:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/07/01 08:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/01 08:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Scanner
[2011/07/01 08:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/06/19 12:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\ieSpell
[2011/06/18 20:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/06/18 20:17:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/12 01:00:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\OTL.exe
[2011/07/11 22:45:11 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EC00EFAA-ED35-45C8-91FF-491785EA2167}.job
[2011/07/11 09:41:02 | 000,030,277 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/07/10 19:02:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/10 18:41:36 | 2112,344,064 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/09 22:25:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/07/09 22:02:51 | 001,327,397 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\tdsskiller.zip
[2011/07/09 17:48:26 | 000,398,760 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\cpnprt2.cid
[2011/07/09 17:48:26 | 000,398,760 | ---- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/07/08 15:25:20 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\My Documents\Untitled Document.wps
[2011/07/08 15:25:20 | 000,000,836 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\wklnhst.dat
[2011/07/07 22:50:43 | 000,174,672 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/07 09:49:21 | 007,077,888 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\ntuser.bak
[2011/07/05 01:40:46 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/07/05 01:38:12 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/05 01:38:06 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/05 01:18:12 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/07/04 21:59:31 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/04 21:59:31 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\Spybot - Search & Destroy.lnk
[2011/07/04 13:30:02 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/04 07:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 07:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 07:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/03 11:59:04 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/07/03 11:59:04 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/07/02 05:15:39 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Local Settings\Application Data\housecall.guid.cache
[2011/07/01 08:57:07 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/30 00:13:03 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/29 22:27:35 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/06/29 21:10:39 | 001,030,075 | ---- | M] () -- C:\WINDOWS\System32\AAWService__2011_06_29_21_10_39_00010cfb.dmp
[2011/06/29 21:10:32 | 001,028,887 | ---- | M] () -- C:\WINDOWS\System32\AAWService__2011_06_29_21_10_30_0000ed8c.dmp
[2011/06/29 21:10:07 | 000,996,371 | ---- | M] () -- C:\WINDOWS\System32\AAWService__2011_06_29_21_10_05_00006409.dmp
[2011/06/29 20:46:47 | 000,002,791 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110706-182332.backup
[2011/06/29 20:46:47 | 000,002,791 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110711-230700.backup
[2011/06/29 20:46:47 | 000,002,791 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110709-195805.backup
[2011/06/29 20:46:47 | 000,002,791 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110709-195555.backup
[2011/06/29 20:46:47 | 000,002,791 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110706-182528.backup
[2011/06/29 20:46:47 | 000,002,791 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110706-182421.backup
[2011/06/29 20:46:47 | 000,002,791 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/27 11:14:43 | 001,153,024 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\My Documents\shower 3.wps
[2011/06/26 14:49:07 | 000,734,720 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\My Documents\baby shower 2.wps
[2011/06/23 15:01:50 | 000,512,000 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\My Documents\baby shower.wps
[2011/06/18 20:18:09 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/15 23:10:00 | 000,441,670 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/15 23:10:00 | 000,071,480 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/10 18:39:18 | 2112,344,064 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/09 22:02:41 | 001,327,397 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\tdsskiller.zip
[2011/07/08 21:01:45 | 000,041,746 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\My Documents\obama_20eco_car.jpg
[2011/07/08 15:25:20 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\My Documents\Untitled Document.wps
[2011/07/05 01:38:12 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/04 21:59:31 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/04 21:59:31 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\Spybot - Search & Destroy.lnk
[2011/07/02 05:15:39 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Local Settings\Application Data\housecall.guid.cache
[2011/07/01 08:57:07 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/29 21:10:39 | 001,030,075 | ---- | C] () -- C:\WINDOWS\System32\AAWService__2011_06_29_21_10_39_00010cfb.dmp
[2011/06/29 21:10:30 | 001,028,887 | ---- | C] () -- C:\WINDOWS\System32\AAWService__2011_06_29_21_10_30_0000ed8c.dmp
[2011/06/29 21:10:05 | 000,996,371 | ---- | C] () -- C:\WINDOWS\System32\AAWService__2011_06_29_21_10_05_00006409.dmp
[2011/06/27 10:58:32 | 001,153,024 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\My Documents\shower 3.wps
[2011/06/26 12:33:49 | 000,734,720 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\My Documents\baby shower 2.wps
[2011/06/25 16:51:38 | 007,077,888 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\ntuser.bak
[2011/06/23 14:46:02 | 000,512,000 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\My Documents\baby shower.wps
[2011/06/18 20:18:09 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/18 20:18:09 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/04/21 06:43:40 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/21 06:43:40 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/15 20:17:38 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011/04/15 20:17:38 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/04/15 20:17:38 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011/04/15 20:17:38 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/04/15 20:17:38 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011/04/15 20:17:38 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011/04/15 20:17:38 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011/04/15 20:17:38 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011/04/15 20:17:38 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011/04/15 20:17:38 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011/04/15 20:17:38 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011/04/15 20:17:38 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011/04/15 20:17:38 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011/04/15 20:17:38 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011/04/15 20:17:38 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011/04/15 20:17:38 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011/04/13 21:37:16 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\infcpy.dll
[2011/04/06 09:24:15 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\wklnhst.dat
[2011/04/03 22:06:57 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2011/04/03 22:04:07 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/03 22:03:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/04/03 22:02:31 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2011/04/03 21:58:02 | 000,550,912 | ---- | C] () -- C:\WINDOWS\mHotkey.exe
[2011/04/03 21:58:02 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2011/04/03 21:58:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\CNYUSB.dll
[2011/04/03 21:58:02 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe
[2011/04/03 21:58:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2011/04/03 21:58:02 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2011/04/03 21:58:02 | 000,005,120 | ---- | C] () -- C:\WINDOWS\HKCYDLL.dll
[2011/04/03 21:58:02 | 000,000,360 | ---- | C] () -- C:\WINDOWS\CNYHKey.ini
[2011/04/03 20:40:56 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2010/09/11 14:56:05 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2010/09/11 14:56:03 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/09/11 14:56:03 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/09/11 14:56:02 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/09/11 14:56:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/09/11 14:56:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2010/09/11 14:56:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2010/09/11 14:56:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010/09/11 14:55:56 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2010/09/11 14:55:56 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2010/09/11 14:55:55 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2010/09/11 14:54:00 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2005/08/06 01:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/01/12 13:38:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/12 12:51:23 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2005/01/09 21:17:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/01/09 21:07:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/01/09 19:49:16 | 000,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/09 19:49:16 | 000,000,521 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/01/09 19:48:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/01/09 19:48:21 | 000,441,670 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/01/09 19:48:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/01/09 19:48:21 | 000,071,480 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/09 19:48:21 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/01/09 19:48:20 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/09 19:48:18 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/01/09 19:48:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/01/09 19:48:07 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/01/09 19:48:07 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/01/09 19:48:01 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/01/09 19:47:52 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/01/09 13:00:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/09 12:59:39 | 000,174,672 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011/04/04 06:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\ElevatedDiagnostics
[2011/06/19 12:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\ieSpell
[2011/07/03 22:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\Immunet
[2011/07/02 05:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\QuickScan
[2011/04/03 22:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\SampleView
[2011/04/06 09:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\Template
[2011/07/05 01:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/25 22:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Medtronic
[2011/04/03 22:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2011/04/03 22:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/07/09 22:25:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/07/11 22:45:11 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EC00EFAA-ED35-45C8-91FF-491785EA2167}.job

========== Purity Check ==========



< End of report >OTL Extras logfile created on: 7/12/2011 1:04:51 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.84% Memory free
3.81 Gb Paging File | 3.12 Gb Available in Paging File | 81.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.80 Gb Total Space | 210.51 Gb Free Space | 92.00% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 1.20 Gb Free Space | 29.41% Space Free | Partition Type: FAT32

Computer Name: YOUR-BDE1DFDEAA | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\1301882656\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1301882656\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- ()
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- (AOL Spyware Protection)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{095C4517-3E7A-4C70-A981-7146CFAD4D39}" = Dual Mode Digital Camera 3.0M
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 26
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{6054F774-FEF0-46C6-9311-EC97FC576FC5}" = USB Wireless Keyboard Driver
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C661DEF-3F08-468D-B5CE-B37E4771B5D2}" = MSN Toolbar
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6EE99EA-420C-4FA6-8A7C-FDB60D278855}" = VS10RuntimeWin32
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Spyware Protection" = AOL Spyware Protection
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"gtw_logo" = gtw_logo
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"Port Magic" = Pure Networks Port Magic
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"ViewpointMediaPlayer" = Viewpoint Media Player
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Anti-Spy" = Yahoo! Anti-Spy
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/29/2011 9:12:40 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Application Error | ID = 1001
Description = Fault bucket -1805260676.

Error - 6/29/2011 10:15:11 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module msvcr90.dll, version 9.0.30729.6161, fault address 0x000375b4.

Error - 6/29/2011 10:15:25 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Application Error | ID = 1001
Description = Fault bucket -1805260676.

Error - 7/4/2011 1:10:29 AM | Computer Name = YOUR-BDE1DFDEAA | Source = Application Error | ID = 1000
Description = Faulting application realplay.exe, version 6.0.9.584, faulting module
unknown, version 0.0.0.0, fault address 0x01957a77.

Error - 7/4/2011 1:10:36 AM | Computer Name = YOUR-BDE1DFDEAA | Source = Application Error | ID = 1001
Description = Fault bucket 349897920.

Error - 7/8/2011 2:21:41 AM | Computer Name = YOUR-BDE1DFDEAA | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 10.1.0.534, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/8/2011 2:22:29 AM | Computer Name = YOUR-BDE1DFDEAA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/8/2011 2:22:32 AM | Computer Name = YOUR-BDE1DFDEAA | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 7/9/2011 8:03:59 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.55.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/9/2011 8:04:03 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Application Hang | ID = 1001
Description = Fault bucket -1784725119.

[ System Events ]
Error - 7/10/2011 6:34:57 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 7/10/2011 6:34:57 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 7/10/2011 6:34:57 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD AmdK8 aswRdr aswSnx aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV
SASKUTIL
Tcpip

Error - 7/10/2011 6:37:34 PM | Computer Name = YOUR-BDE1DFDEAA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/10/2011 6:39:57 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/10/2011 7:02:57 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/11/2011 9:14:58 AM | Computer Name = YOUR-BDE1DFDEAA | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.102 on
the Network Card with network address 0040CAAE90EC.

Error - 7/11/2011 12:31:07 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 7/11/2011 4:06:34 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.102 on
the Network Card with network address 0040CAAE90EC.

Error - 7/11/2011 9:27:00 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.102 on
the Network Card with network address 0040CAAE90EC.


< End of report >
  • 0

#3
ali.B
Posted 12 July 2011 - 01:34 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
[2011/04/03 22:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2


Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Things I would like to see in your reply:
  • OTL log
  • aswMBR l

  • 0

#4
dumbum
Posted 12 July 2011 - 04:10 AM

dumbum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Thanks for the quik reply..here is the info

OTL logfile created on: 7/12/2011 5:24:08 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 63.91% Memory free
3.81 Gb Paging File | 3.20 Gb Available in Paging File | 83.93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.80 Gb Total Space | 210.57 Gb Free Space | 92.03% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 1.20 Gb Free Space | 29.40% Space Free | Partition Type: FAT32

Computer Name: YOUR-BDE1DFDEAA | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/12 01:00:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\OTL.exe
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/30 09:50:31 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/04/03 22:06:35 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2010/06/16 17:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/09 21:44:40 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe
PRC - [2005/03/08 04:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAEA.EXE
PRC - [2004/11/03 17:03:00 | 000,125,528 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1301882656\EE\AOLHostManager.exe
PRC - [2004/11/03 17:03:00 | 000,110,680 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1301882656\EE\AOLServiceHost.exe
PRC - [2004/10/20 10:40:04 | 000,010,328 | ---- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/10/18 20:42:18 | 000,079,448 | ---- | M] () -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
PRC - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/03/02 23:24:50 | 005,576,704 | ---- | M] (Chicony) -- C:\WINDOWS\CNYHKey.exe


========== Modules (SafeList) ==========

MOD - [2011/07/12 01:00:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\OTL.exe
MOD - [2011/07/04 07:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/03 22:06:35 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2004/10/20 10:40:04 | 000,010,328 | ---- | M] (America Online) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/04/25 22:00:46 | 000,195,424 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2011/04/03 22:04:52 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2011/02/24 18:21:10 | 006,340,200 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2006/02/23 13:58:26 | 000,167,808 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2005/09/23 10:26:40 | 001,094,751 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/07/29 13:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 13:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/09 18:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/07 20:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/11/10 20:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/11/10 20:27:34 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 16:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...ys=DTP&M=GT4010

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.msn.com/?lang=en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2011/06/29 20:46:47 | 000,002,791 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 93.174.89.10 www.google.com.au
O1 - Hosts: 178.17.165.3 www.google.com.au
O1 - Hosts: 93.174.89.10 www.google.be
O1 - Hosts: 178.17.165.3 www.google.be
O1 - Hosts: 93.174.89.10 www.google.com.br
O1 - Hosts: 178.17.165.3 www.google.com.br
O1 - Hosts: 93.174.89.10 www.google.ca
O1 - Hosts: 178.17.165.3 www.google.ca
O1 - Hosts: 93.174.89.10 www.google.ch
O1 - Hosts: 178.17.165.3 www.google.ch
O1 - Hosts: 93.174.89.10 www.google.de
O1 - Hosts: 178.17.165.3 www.google.de
O1 - Hosts: 93.174.89.10 www.google.dk
O1 - Hosts: 178.17.165.3 www.google.dk
O1 - Hosts: 93.174.89.10 www.google.fr
O1 - Hosts: 178.17.165.3 www.google.fr
O1 - Hosts: 93.174.89.10 www.google.ie
O1 - Hosts: 178.17.165.3 www.google.ie
O1 - Hosts: 93.174.89.10 www.google.it
O1 - Hosts: 178.17.165.3 www.google.it
O1 - Hosts: 93.174.89.10 www.google.co.jp
O1 - Hosts: 178.17.165.3 www.google.co.jp
O1 - Hosts: 93.174.89.10 www.google.nl
O1 - Hosts: 178.17.165.3 www.google.nl
O1 - Hosts: 28 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1312.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1312.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe ()
O4 - HKLM..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1301882656\EE\AOLHostManager.exe (America Online, Inc.)
O4 - HKLM..\Run: [ledpointer] C:\WINDOWS\CNYHKey.exe (Chicony)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [showwnd] C:\WINDOWS\ShowWnd.exe ()
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://us.dl1.yimg.c...nst_current.cab (YInstStarter Class)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1301889089265 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} https://carelink.min...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 21:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 19:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/12 05:25:31 | 001,925,512 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\aswMBR.exe
[2011/07/12 02:06:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\OpenDNS Updater
[2011/07/12 02:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\OpenDNS Updater
[2011/07/12 01:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\GooredFix Backups
[2011/07/12 01:31:17 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\GooredFix.exe
[2011/07/12 01:00:43 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\OTL.exe
[2011/07/11 23:04:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Recent
[2011/07/10 18:34:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\tdsskiller
[2011/07/09 17:48:26 | 000,398,760 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\cpnprt2.cid
[2011/07/09 17:48:26 | 000,398,760 | ---- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/07/09 17:48:23 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2011/07/09 17:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
[2011/07/07 09:43:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/05 01:39:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/07/05 01:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/07/05 01:38:11 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/05 01:38:10 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/05 01:38:08 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/05 01:38:07 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/05 01:38:07 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/05 01:38:05 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/05 01:38:05 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/05 01:38:05 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/05 01:37:27 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/05 01:37:26 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 22:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Local Settings\Application Data\Help
[2011/07/04 22:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\Help
[2011/07/04 22:22:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Start Menu\Programs\CleanUp!
[2011/07/04 22:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2011/07/04 21:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/07/04 21:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/07/04 21:58:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/07/03 22:56:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\Immunet
[2011/07/03 22:56:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Immunet
[2011/07/02 05:13:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\QuickScan
[2011/07/01 08:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\SUPERAntiSpyware.com
[2011/07/01 08:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/01 08:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/07/01 08:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/01 08:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Scanner
[2011/07/01 08:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/06/19 12:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\ieSpell
[2011/06/18 20:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/06/18 20:17:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/12 05:25:31 | 001,925,512 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\aswMBR.exe
[2011/07/12 05:20:03 | 000,030,277 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/07/12 05:19:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/12 05:19:40 | 2112,344,064 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/12 05:05:24 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EC00EFAA-ED35-45C8-91FF-491785EA2167}.job
[2011/07/12 02:05:16 | 000,225,336 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\OpenDNS-Updater-2.2.1.exe
[2011/07/12 01:31:17 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\GooredFix.exe
[2011/07/12 01:00:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\OTL.exe
[2011/07/09 22:25:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/07/09 22:02:51 | 001,327,397 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\tdsskiller.zip
[2011/07/09 17:48:26 | 000,398,760 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\cpnprt2.cid
[2011/07/09 17:48:26 | 000,398,760 | ---- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/07/08 15:25:20 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\My Documents\Untitled Document.wps
[2011/07/08 15:25:20 | 000,000,836 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\wklnhst.dat
[2011/07/07 22:50:43 | 000,174,672 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/07 09:49:21 | 007,077,888 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\ntuser.bak
[2011/07/05 01:40:46 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/07/05 01:38:12 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/05 01:38:06 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/05 01:18:12 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/07/04 21:59:31 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/04 21:59:31 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\Spybot - Search & Destroy.lnk
[2011/07/04 13:30:02 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/04 07:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 07:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 07:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/03 11:59:04 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/07/03 11:59:04 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/07/02 05:15:39 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Local Settings\Application Data\housecall.guid.cache
[2011/07/01 08:57:07 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/30 00:13:03 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/29 22:27:35 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/06/29 21:10:39 | 001,030,075 | ---- | M] () -- C:\WINDOWS\System32\AAWService__2011_06_29_21_10_39_00010cfb.dmp
[2011/06/29 21:10:32 | 001,028,887 | ---- | M] () -- C:\WINDOWS\System32\AAWService__2011_06_29_21_10_30_0000ed8c.dmp
[2011/06/29 21:10:07 | 000,996,371 | ---- | M] () -- C:\WINDOWS\System32\AAWService__2011_06_29_21_10_05_00006409.dmp
[2011/06/29 20:46:47 | 000,002,791 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110706-182332.backup
[2011/06/29 20:46:47 | 000,002,791 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110711-230700.backup
[2011/06/29 20:46:47 | 000,002,791 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110709-195805.backup
[2011/06/29 20:46:47 | 000,002,791 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110709-195555.backup
[2011/06/29 20:46:47 | 000,002,791 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110706-182528.backup
[2011/06/29 20:46:47 | 000,002,791 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110706-182421.backup
[2011/06/29 20:46:47 | 000,002,791 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/27 11:14:43 | 001,153,024 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\My Documents\shower 3.wps
[2011/06/26 14:49:07 | 000,734,720 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\My Documents\baby shower 2.wps
[2011/06/23 15:01:50 | 000,512,000 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\My Documents\baby shower.wps
[2011/06/18 20:18:09 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/15 23:10:00 | 000,441,670 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/15 23:10:00 | 000,071,480 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/12 02:06:37 | 000,001,659 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Start Menu\Programs\OpenDNS Updater.lnk
[2011/07/12 02:05:16 | 000,225,336 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\OpenDNS-Updater-2.2.1.exe
[2011/07/10 18:39:18 | 2112,344,064 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/09 22:02:41 | 001,327,397 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\tdsskiller.zip
[2011/07/08 21:01:45 | 000,041,746 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\My Documents\obama_20eco_car.jpg
[2011/07/08 15:25:20 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\My Documents\Untitled Document.wps
[2011/07/05 01:38:12 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/04 21:59:31 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/04 21:59:31 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\Spybot - Search & Destroy.lnk
[2011/07/02 05:15:39 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Local Settings\Application Data\housecall.guid.cache
[2011/07/01 08:57:07 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/29 21:10:39 | 001,030,075 | ---- | C] () -- C:\WINDOWS\System32\AAWService__2011_06_29_21_10_39_00010cfb.dmp
[2011/06/29 21:10:30 | 001,028,887 | ---- | C] () -- C:\WINDOWS\System32\AAWService__2011_06_29_21_10_30_0000ed8c.dmp
[2011/06/29 21:10:05 | 000,996,371 | ---- | C] () -- C:\WINDOWS\System32\AAWService__2011_06_29_21_10_05_00006409.dmp
[2011/06/27 10:58:32 | 001,153,024 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\My Documents\shower 3.wps
[2011/06/26 12:33:49 | 000,734,720 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\My Documents\baby shower 2.wps
[2011/06/25 16:51:38 | 007,077,888 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\ntuser.bak
[2011/06/23 14:46:02 | 000,512,000 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\My Documents\baby shower.wps
[2011/06/18 20:18:09 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/18 20:18:09 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/04/21 06:43:40 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/21 06:43:40 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/15 20:17:38 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011/04/15 20:17:38 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/04/15 20:17:38 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011/04/15 20:17:38 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/04/15 20:17:38 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011/04/15 20:17:38 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011/04/15 20:17:38 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011/04/15 20:17:38 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011/04/15 20:17:38 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011/04/15 20:17:38 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011/04/15 20:17:38 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011/04/15 20:17:38 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011/04/15 20:17:38 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011/04/15 20:17:38 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011/04/15 20:17:38 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011/04/15 20:17:38 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011/04/13 21:37:16 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\infcpy.dll
[2011/04/06 09:24:15 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\wklnhst.dat
[2011/04/03 22:06:57 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2011/04/03 22:04:07 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/03 22:03:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/04/03 22:02:31 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2011/04/03 21:58:02 | 000,550,912 | ---- | C] () -- C:\WINDOWS\mHotkey.exe
[2011/04/03 21:58:02 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2011/04/03 21:58:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\CNYUSB.dll
[2011/04/03 21:58:02 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe
[2011/04/03 21:58:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2011/04/03 21:58:02 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2011/04/03 21:58:02 | 000,005,120 | ---- | C] () -- C:\WINDOWS\HKCYDLL.dll
[2011/04/03 21:58:02 | 000,000,360 | ---- | C] () -- C:\WINDOWS\CNYHKey.ini
[2011/04/03 20:40:56 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2010/09/11 14:56:05 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2010/09/11 14:56:03 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/09/11 14:56:03 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/09/11 14:56:02 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/09/11 14:56:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/09/11 14:56:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2010/09/11 14:56:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2010/09/11 14:56:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010/09/11 14:55:56 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2010/09/11 14:55:56 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2010/09/11 14:55:55 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2010/09/11 14:54:00 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2005/08/06 01:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/01/12 13:38:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/12 12:51:23 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2005/01/09 21:17:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/01/09 21:07:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/01/09 19:49:16 | 000,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/09 19:49:16 | 000,000,521 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/01/09 19:48:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/01/09 19:48:21 | 000,441,670 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/01/09 19:48:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/01/09 19:48:21 | 000,071,480 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/09 19:48:21 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/01/09 19:48:20 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/09 19:48:18 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/01/09 19:48:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/01/09 19:48:07 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/01/09 19:48:07 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/01/09 19:48:01 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/01/09 19:47:52 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/01/09 13:00:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/09 12:59:39 | 000,174,672 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011/04/04 06:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\ElevatedDiagnostics
[2011/06/19 12:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\ieSpell
[2011/07/03 22:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\Immunet
[2011/07/12 02:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\OpenDNS Updater
[2011/07/02 05:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\QuickScan
[2011/04/03 22:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\SampleView
[2011/04/06 09:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Application Data\Template
[2011/07/05 01:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/25 22:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Medtronic
[2011/04/03 22:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2011/04/03 22:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/07/09 22:25:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/07/12 05:05:24 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EC00EFAA-ED35-45C8-91FF-491785EA2167}.job

========== Purity Check ==========



< End of report >OTL Extras logfile created on: 7/12/2011 5:24:08 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 63.91% Memory free
3.81 Gb Paging File | 3.20 Gb Available in Paging File | 83.93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.80 Gb Total Space | 210.57 Gb Free Space | 92.03% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 1.20 Gb Free Space | 29.40% Space Free | Partition Type: FAT32

Computer Name: YOUR-BDE1DFDEAA | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\1301882656\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1301882656\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- ()
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- (AOL Spyware Protection)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{095C4517-3E7A-4C70-A981-7146CFAD4D39}" = Dual Mode Digital Camera 3.0M
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 26
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{6054F774-FEF0-46C6-9311-EC97FC576FC5}" = USB Wireless Keyboard Driver
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C661DEF-3F08-468D-B5CE-B37E4771B5D2}" = MSN Toolbar
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6EE99EA-420C-4FA6-8A7C-FDB60D278855}" = VS10RuntimeWin32
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Spyware Protection" = AOL Spyware Protection
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"gtw_logo" = gtw_logo
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenDNS Updater" = OpenDNS Updater 2.2.1
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"Port Magic" = Pure Networks Port Magic
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"ViewpointMediaPlayer" = Viewpoint Media Player
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Anti-Spy" = Yahoo! Anti-Spy
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/29/2011 9:12:40 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Application Error | ID = 1001
Description = Fault bucket -1805260676.

Error - 6/29/2011 10:15:11 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module msvcr90.dll, version 9.0.30729.6161, fault address 0x000375b4.

Error - 6/29/2011 10:15:25 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Application Error | ID = 1001
Description = Fault bucket -1805260676.

Error - 7/4/2011 1:10:29 AM | Computer Name = YOUR-BDE1DFDEAA | Source = Application Error | ID = 1000
Description = Faulting application realplay.exe, version 6.0.9.584, faulting module
unknown, version 0.0.0.0, fault address 0x01957a77.

Error - 7/4/2011 1:10:36 AM | Computer Name = YOUR-BDE1DFDEAA | Source = Application Error | ID = 1001
Description = Fault bucket 349897920.

Error - 7/8/2011 2:21:41 AM | Computer Name = YOUR-BDE1DFDEAA | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 10.1.0.534, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/8/2011 2:22:29 AM | Computer Name = YOUR-BDE1DFDEAA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/8/2011 2:22:32 AM | Computer Name = YOUR-BDE1DFDEAA | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 7/9/2011 8:03:59 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.55.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/9/2011 8:04:03 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Application Hang | ID = 1001
Description = Fault bucket -1784725119.

[ System Events ]
Error - 7/10/2011 6:34:57 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 7/10/2011 6:34:57 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 7/10/2011 6:34:57 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD AmdK8 aswRdr aswSnx aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV
SASKUTIL
Tcpip

Error - 7/10/2011 6:37:34 PM | Computer Name = YOUR-BDE1DFDEAA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/10/2011 6:39:57 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/10/2011 7:02:57 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/11/2011 9:14:58 AM | Computer Name = YOUR-BDE1DFDEAA | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.102 on
the Network Card with network address 0040CAAE90EC.

Error - 7/11/2011 12:31:07 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 7/11/2011 4:06:34 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.102 on
the Network Card with network address 0040CAAE90EC.

Error - 7/11/2011 9:27:00 PM | Computer Name = YOUR-BDE1DFDEAA | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.102 on
the Network Card with network address 0040CAAE90EC.


< End of report >

aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-12 05:25:54
-----------------------------
05:25:54.500 OS Version: Windows 5.1.2600 Service Pack 3
05:25:54.500 Number of processors: 2 586 0x2302
05:25:54.500 ComputerName: YOUR-BDE1DFDEAA UserName: Owner
05:25:56.218 Initialize success
05:25:56.359 AVAST engine defs: 11071200
05:27:48.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
05:27:48.546 Disk 0 Vendor: WDC_WD2500AAJB-00J3A0 01.03E01 Size: 238475MB BusType: 3
05:27:50.562 Disk 0 MBR read successfully
05:27:50.562 Disk 0 MBR scan
05:27:50.562 Disk 0 unknown MBR code
05:27:52.578 Disk 0 scanning sectors +488376000
05:27:52.609 Disk 0 scanning C:\WINDOWS\system32\drivers
05:28:07.359 Service scanning
05:28:08.250 Disk 0 trace - called modules:
05:28:08.265 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
05:28:08.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a30fab8]
05:28:08.281 3 CLASSPNP.SYS[ba168fd7] -> nt!IofCallDriver -> \Device\00000094[0x8a315f18]
05:28:08.281 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a314d98]
05:28:10.062 AVAST engine scan C:\WINDOWS
05:53:53.234 AVAST engine scan C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA
05:55:55.125 AVAST engine scan C:\Documents and Settings\All Users
05:56:19.796 Scan finished successfully
06:07:43.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\MBR.dat"
06:07:43.734 The log file has been saved successfully to "C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\aswMBR.txt"
  • 0

#5
ali.B
Posted 12 July 2011 - 02:13 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image


  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 2

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Things I would like to see in your reply:
  • TDSSKiller log
  • Combofix log

  • 0

#6
dumbum
Posted 12 July 2011 - 04:03 PM

dumbum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Hi... combo fix had me send some files to the recycle..when I went there to include them here the files were gone? I didn`t see how to suspend spybot or superantimalware so I just exited them both..hope that was right

2011/07/12 17:27:51.0343 3768 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/12 17:27:51.0718 3768 ================================================================================
2011/07/12 17:27:51.0718 3768 SystemInfo:
2011/07/12 17:27:51.0718 3768
2011/07/12 17:27:51.0718 3768 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/12 17:27:51.0718 3768 Product type: Workstation
2011/07/12 17:27:51.0718 3768 ComputerName: YOUR-BDE1DFDEAA
2011/07/12 17:27:51.0718 3768 UserName: Owner
2011/07/12 17:27:51.0718 3768 Windows directory: C:\WINDOWS
2011/07/12 17:27:51.0718 3768 System windows directory: C:\WINDOWS
2011/07/12 17:27:51.0718 3768 Processor architecture: Intel x86
2011/07/12 17:27:51.0718 3768 Number of processors: 2
2011/07/12 17:27:51.0718 3768 Page size: 0x1000
2011/07/12 17:27:51.0718 3768 Boot type: Normal boot
2011/07/12 17:27:51.0718 3768 ================================================================================
2011/07/12 17:27:52.0968 3768 Initialize success
2011/07/12 17:27:56.0421 3984 ================================================================================
2011/07/12 17:27:56.0421 3984 Scan started
2011/07/12 17:27:56.0421 3984 Mode: Manual;
2011/07/12 17:27:56.0421 3984 ================================================================================
2011/07/12 17:27:57.0218 3984 Aavmker4 (dfcdd5936cad0138775d5a105d4c7716) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/07/12 17:27:57.0265 3984 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/07/12 17:27:57.0312 3984 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/12 17:27:57.0343 3984 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/12 17:27:57.0359 3984 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/07/12 17:27:57.0406 3984 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/12 17:27:57.0484 3984 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/12 17:27:57.0562 3984 AgereSoftModem (b7d2103eb2ecb765b2b7106bad089ab1) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/07/12 17:27:57.0609 3984 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/07/12 17:27:57.0640 3984 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/07/12 17:27:57.0656 3984 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/07/12 17:27:57.0687 3984 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/07/12 17:27:57.0703 3984 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/07/12 17:27:57.0843 3984 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/07/12 17:27:57.0921 3984 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/07/12 17:27:58.0000 3984 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/07/12 17:27:58.0062 3984 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/07/12 17:27:58.0109 3984 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/07/12 17:27:58.0125 3984 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/07/12 17:27:58.0203 3984 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/07/12 17:27:58.0234 3984 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/07/12 17:27:58.0250 3984 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/07/12 17:27:58.0281 3984 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/07/12 17:27:58.0343 3984 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/07/12 17:27:58.0406 3984 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/07/12 17:27:58.0468 3984 aswMon2 (7857e0b4c817f69ff463eea2c63e56f9) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/07/12 17:27:58.0500 3984 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/07/12 17:27:58.0546 3984 aswSnx (17230708a2028cd995656df455f2e303) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/07/12 17:27:58.0593 3984 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\WINDOWS\system32\drivers\aswSP.sys
2011/07/12 17:27:58.0640 3984 aswTdi (984cfce2168286c2511695c2f9621475) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/07/12 17:27:58.0671 3984 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/12 17:27:58.0718 3984 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/12 17:27:58.0781 3984 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/12 17:27:58.0828 3984 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/12 17:27:58.0875 3984 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/12 17:27:58.0906 3984 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/07/12 17:27:58.0937 3984 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/12 17:27:58.0968 3984 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/12 17:27:59.0000 3984 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/07/12 17:27:59.0015 3984 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/12 17:27:59.0046 3984 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/12 17:27:59.0093 3984 Cdr4_xp (2552670e5fbcfdb540eeb426af39704d) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/07/12 17:27:59.0125 3984 Cdralw2k (b761b10d6a541be69ea448a8429d30b0) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/07/12 17:27:59.0140 3984 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/12 17:27:59.0218 3984 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/07/12 17:27:59.0265 3984 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/07/12 17:27:59.0296 3984 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/07/12 17:27:59.0312 3984 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/07/12 17:27:59.0375 3984 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/12 17:27:59.0437 3984 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/12 17:27:59.0484 3984 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/12 17:27:59.0515 3984 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/12 17:27:59.0593 3984 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/12 17:27:59.0625 3984 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/07/12 17:27:59.0640 3984 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/12 17:27:59.0734 3984 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/12 17:27:59.0765 3984 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/12 17:27:59.0796 3984 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/12 17:27:59.0843 3984 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/12 17:27:59.0890 3984 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/12 17:27:59.0937 3984 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/12 17:27:59.0953 3984 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/12 17:28:00.0015 3984 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/12 17:28:00.0093 3984 hcwPP2 (79344e9bc240185334b955310113a112) C:\WINDOWS\system32\DRIVERS\hcwPP2.sys
2011/07/12 17:28:00.0140 3984 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
2011/07/12 17:28:00.0203 3984 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/12 17:28:00.0234 3984 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/12 17:28:00.0281 3984 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/07/12 17:28:00.0343 3984 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/12 17:28:00.0375 3984 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/07/12 17:28:00.0406 3984 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/07/12 17:28:00.0421 3984 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/12 17:28:00.0468 3984 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/12 17:28:00.0500 3984 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/07/12 17:28:00.0703 3984 IntcAzAudAddService (55920481a44fa7bdde5fc1b9e02c7c2a) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/07/12 17:28:00.0843 3984 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/12 17:28:00.0906 3984 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/12 17:28:00.0937 3984 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/12 17:28:00.0968 3984 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/12 17:28:01.0000 3984 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/12 17:28:01.0062 3984 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/12 17:28:01.0093 3984 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/12 17:28:01.0125 3984 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/12 17:28:01.0234 3984 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/12 17:28:01.0312 3984 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/12 17:28:01.0343 3984 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/12 17:28:01.0390 3984 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/12 17:28:01.0562 3984 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/07/12 17:28:01.0578 3984 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/12 17:28:01.0625 3984 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/12 17:28:01.0703 3984 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/07/12 17:28:01.0781 3984 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/12 17:28:01.0843 3984 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/12 17:28:01.0875 3984 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/12 17:28:02.0078 3984 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/07/12 17:28:02.0109 3984 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/12 17:28:02.0171 3984 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/12 17:28:02.0234 3984 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/12 17:28:02.0265 3984 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/12 17:28:02.0296 3984 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/12 17:28:02.0343 3984 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/12 17:28:02.0390 3984 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/12 17:28:02.0437 3984 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/12 17:28:02.0468 3984 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/12 17:28:02.0500 3984 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
2011/07/12 17:28:02.0531 3984 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/12 17:28:02.0578 3984 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/12 17:28:02.0625 3984 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/12 17:28:02.0671 3984 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/12 17:28:02.0687 3984 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/12 17:28:02.0718 3984 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/12 17:28:02.0781 3984 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/12 17:28:02.0812 3984 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/12 17:28:02.0843 3984 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/12 17:28:02.0906 3984 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/07/12 17:28:02.0937 3984 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/12 17:28:02.0968 3984 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/12 17:28:03.0062 3984 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/12 17:28:03.0187 3984 nv (84c65aa58ae1ede93716439267a23d40) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/07/12 17:28:03.0531 3984 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/07/12 17:28:03.0593 3984 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/07/12 17:28:03.0625 3984 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/12 17:28:03.0640 3984 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/12 17:28:03.0687 3984 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/07/12 17:28:03.0703 3984 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/07/12 17:28:03.0734 3984 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/12 17:28:03.0750 3984 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/12 17:28:03.0781 3984 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/12 17:28:03.0796 3984 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/12 17:28:03.0828 3984 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/12 17:28:03.0843 3984 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/12 17:28:03.0906 3984 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/07/12 17:28:03.0921 3984 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/07/12 17:28:03.0937 3984 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/12 17:28:03.0953 3984 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/07/12 17:28:03.0968 3984 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/12 17:28:03.0984 3984 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/12 17:28:04.0000 3984 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/12 17:28:04.0015 3984 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/07/12 17:28:04.0031 3984 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/07/12 17:28:04.0046 3984 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/07/12 17:28:04.0062 3984 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/07/12 17:28:04.0328 3984 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/07/12 17:28:04.0359 3984 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/12 17:28:04.0390 3984 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/12 17:28:04.0421 3984 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/12 17:28:04.0453 3984 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/12 17:28:04.0484 3984 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/12 17:28:04.0515 3984 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/12 17:28:04.0562 3984 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/12 17:28:04.0625 3984 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/12 17:28:04.0671 3984 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/12 17:28:04.0812 3984 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/07/12 17:28:04.0843 3984 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/07/12 17:28:04.0906 3984 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/12 17:28:04.0953 3984 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/12 17:28:04.0968 3984 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/12 17:28:05.0046 3984 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/12 17:28:05.0140 3984 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/07/12 17:28:05.0187 3984 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/12 17:28:05.0218 3984 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/07/12 17:28:05.0265 3984 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/12 17:28:05.0296 3984 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/12 17:28:05.0359 3984 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/12 17:28:05.0390 3984 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/12 17:28:05.0437 3984 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/12 17:28:05.0453 3984 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/12 17:28:05.0500 3984 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/07/12 17:28:05.0515 3984 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/07/12 17:28:05.0562 3984 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/07/12 17:28:05.0578 3984 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/07/12 17:28:05.0609 3984 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/12 17:28:05.0687 3984 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/12 17:28:05.0734 3984 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/12 17:28:05.0765 3984 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/12 17:28:05.0796 3984 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/12 17:28:05.0875 3984 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/07/12 17:28:05.0937 3984 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/12 17:28:05.0953 3984 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/07/12 17:28:06.0000 3984 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/12 17:28:06.0062 3984 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/12 17:28:06.0093 3984 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/12 17:28:06.0125 3984 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/12 17:28:06.0156 3984 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/07/12 17:28:06.0203 3984 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/12 17:28:06.0296 3984 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/12 17:28:06.0421 3984 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/12 17:28:06.0593 3984 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/12 17:28:06.0734 3984 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/12 17:28:06.0765 3984 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/07/12 17:28:06.0781 3984 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/07/12 17:28:06.0828 3984 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/12 17:28:06.0890 3984 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/12 17:28:06.0953 3984 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/07/12 17:28:07.0031 3984 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/12 17:28:07.0093 3984 WinDriver6 (032793a8e6288c4c60ff30542eeab22b) C:\WINDOWS\system32\drivers\windrvr6.sys
2011/07/12 17:28:07.0203 3984 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/12 17:28:07.0250 3984 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/12 17:28:07.0296 3984 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/12 17:28:07.0343 3984 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0
2011/07/12 17:28:07.0359 3984 Boot (0x1200) (7210188ed260e1eda664d76002b66254) \Device\Harddisk0\DR0\Partition0
2011/07/12 17:28:07.0375 3984 Boot (0x1200) (de2ee4be13fdfb22ec9e200f1f850d07) \Device\Harddisk0\DR0\Partition1
2011/07/12 17:28:07.0390 3984 ================================================================================
2011/07/12 17:28:07.0390 3984 Scan finished
2011/07/12 17:28:07.0390 3984 ================================================================================
2011/07/12 17:28:07.0406 1256 Detected object count: 0
2011/07/12 17:28:07.0406 1256 Actual detected object count: 0


ComboFix 11-07-12.09 - Owner 07/12/2011 17:43:43.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1200 [GMT -4:00]
Running from: c:\documents and settings\Owner.YOUR-BDE1DFDEAA\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner.YOUR-BDE1DFDEAA\WINDOWS
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\Update.bat
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-06-12 to 2011-07-12 )))))))))))))))))))))))))))))))
.
.
2011-07-05 05:39 . 2011-07-05 05:39 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-07-05 05:38 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-05 05:38 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-05 05:38 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-05 05:38 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-05 05:38 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-05 05:38 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-05 05:38 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-05 05:38 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-05 05:37 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-05 05:37 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-05 02:50 . 2011-07-05 02:50 -------- d-----w- c:\documents and settings\Owner.YOUR-BDE1DFDEAA\Local Settings\Application Data\Help
2011-07-05 02:22 . 2011-07-05 02:50 -------- d-----w- c:\program files\CleanUp!
2011-07-05 01:58 . 2011-07-12 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-07-05 01:58 . 2011-07-05 02:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-04 02:56 . 2011-07-05 16:13 -------- d-----w- c:\documents and settings\All Users\Immunet
2011-07-04 02:56 . 2011-07-04 02:56 -------- d-----w- c:\documents and settings\Owner.YOUR-BDE1DFDEAA\Application Data\Immunet
2011-07-02 09:13 . 2011-07-02 09:14 -------- d-----w- c:\documents and settings\Owner.YOUR-BDE1DFDEAA\Application Data\QuickScan
2011-07-01 12:57 . 2011-07-01 12:57 -------- d-----w- c:\documents and settings\Owner.YOUR-BDE1DFDEAA\Application Data\SUPERAntiSpyware.com
2011-07-01 12:57 . 2011-07-01 12:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-07-01 12:57 . 2011-07-01 12:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-01 12:27 . 2011-07-01 12:27 -------- d-----w- c:\program files\Common Files\Scanner
2011-07-01 12:27 . 2011-07-01 12:27 -------- d-----w- c:\program files\Yahoo!
2011-06-30 01:08 . 2011-06-30 01:08 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-30 00:30 . 2011-06-30 00:30 -------- d-----w- c:\documents and settings\Administrator\PrivacIE
2011-06-30 00:28 . 2011-06-30 00:28 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2011-06-19 16:12 . 2011-06-19 16:12 -------- d-----w- c:\documents and settings\Owner.YOUR-BDE1DFDEAA\Application Data\ieSpell
2011-06-19 02:07 . 2011-06-19 02:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-19 00:17 . 2011-06-19 00:18 -------- d-----w- c:\program files\Common Files\Adobe
2011-06-19 00:17 . 2011-06-19 00:17 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-06-16 00:11 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-30 02:27 . 2011-04-05 02:03 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-08 01:03 . 2011-06-08 01:03 1409 ----a-w- c:\windows\QTFont.for
2011-05-04 08:52 . 2011-04-27 12:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 06:25 . 2011-04-26 01:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2005-01-10 01:09 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2005-01-09 23:48 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2005-01-09 23:48 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 02:00 . 2011-04-26 02:00 195424 ----a-w- c:\windows\system32\drivers\windrvr6.sys
2011-04-25 16:11 . 2005-01-09 23:48 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2005-01-09 23:48 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2005-01-09 23:48 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2005-01-09 23:48 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2005-01-09 23:48 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"CHotkey"="mHotkey.exe" [2004-12-09 550912]
"ledpointer"="CNYHKey.exe" [2004-03-03 5576704]
"showwnd"="showwnd.exe" [2003-09-19 36864]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"nwiz"="nwiz.exe" [2005-09-18 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"HostManager"="c:\program files\Common Files\AOL\1301882656\EE\AOLHostManager.exe" [2004-11-03 125528]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-19 79448]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"RTHDCPL"="RTHDCPL.EXE" [2011-02-17 20029032]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-04-04 98304]
"EPSON Stylus CX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 98304]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1301882656\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/5/2011 1:38 AM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/5/2011 1:38 AM 309848]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/5/2011 1:38 AM 19544]
S1 MpKsl6f779b7c;MpKsl6f779b7c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C4971698-16B6-4491-AC15-A874E621839A}\MpKsl6f779b7c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C4971698-16B6-4491-AC15-A874E621839A}\MpKsl6f779b7c.sys [?]
S1 MpKslce5d6ce8;MpKslce5d6ce8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7AEC9F7A-41C8-4362-B42B-9657742BAD63}\MpKslce5d6ce8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7AEC9F7A-41C8-4362-B42B-9657742BAD63}\MpKslce5d6ce8.sys [?]
S1 MpKsle9f5855b;MpKsle9f5855b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{787F632C-9A93-456B-B0A7-DF1DFB2A0083}\MpKsle9f5855b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{787F632C-9A93-456B-B0A7-DF1DFB2A0083}\MpKsle9f5855b.sys [?]
S1 MpKslf70ac845;MpKslf70ac845;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B204FD26-800D-430E-AED4-51CC671B2DD9}\MpKslf70ac845.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B204FD26-800D-430E-AED4-51CC671B2DD9}\MpKslf70ac845.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/4/2011 10:11 AM 1691480]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 08611771
*NewlyCreated* - ASWMBR
*Deregistered* - 08611771
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-12 c:\windows\Tasks\User_Feed_Synchronization-{EC00EFAA-ED35-45C8-91FF-491785EA2167}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8077063E-AE18-456C-A678-F80BFB18D963}: NameServer = 208.67.222.222,208.67.220.220
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-12 17:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(816)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-07-12 17:56:28
ComboFix-quarantined-files.txt 2011-07-12 21:56
.
Pre-Run: 225,978,073,088 bytes free
Post-Run: 226,006,437,888 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 5F5F4EC6166C32E8F7F3F6F59C0A3795
  • 0

#7
ali.B
Posted 12 July 2011 - 04:17 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Driver::
08611771


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next

Download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#8
dumbum
Posted 13 July 2011 - 12:07 PM

dumbum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Hope i`m doing this correctlt

ComboFix 11-07-12.09 - Owner 07/13/2011 12:33:59.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1153 [GMT -4:00]
Running from: c:\documents and settings\Owner.YOUR-BDE1DFDEAA\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner.YOUR-BDE1DFDEAA\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_08611771
.
.
((((((((((((((((((((((((( Files Created from 2011-06-13 to 2011-07-13 )))))))))))))))))))))))))))))))
.
.
2011-07-13 16:46 . 2011-07-13 16:46 -------- d-----w- c:\windows\LastGood
2011-07-12 06:06 . 2011-07-12 06:06 -------- d-----w- c:\documents and settings\Owner.YOUR-BDE1DFDEAA\Application Data\OpenDNS Updater
2011-07-12 06:06 . 2011-07-12 06:06 -------- d-----w- c:\program files\OpenDNS Updater
2011-07-09 21:48 . 2011-07-09 21:48 398760 ----a-r- c:\windows\cpnprt2.cid
2011-07-09 21:48 . 2011-07-09 21:48 398760 ------w- c:\windows\system32\cpnprt2.cid
2011-07-09 21:48 . 2011-07-09 21:48 -------- d-----w- c:\program files\Coupons
2011-07-08 09:29 . 2011-07-08 09:29 -------- d--h--w- c:\windows\msdownld.tmp
2011-07-05 05:39 . 2011-07-05 05:39 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-07-05 05:38 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-05 05:38 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-05 05:38 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-05 05:38 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-05 05:38 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-05 05:38 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-05 05:38 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-05 05:38 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-05 05:37 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-05 05:37 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-05 02:50 . 2011-07-05 02:50 -------- d-----w- c:\documents and settings\Owner.YOUR-BDE1DFDEAA\Local Settings\Application Data\Help
2011-07-05 02:22 . 2011-07-05 02:50 -------- d-----w- c:\program files\CleanUp!
2011-07-05 01:58 . 2011-07-12 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-07-05 01:58 . 2011-07-05 02:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-04 02:56 . 2011-07-05 16:13 -------- d-----w- c:\documents and settings\All Users\Immunet
2011-07-04 02:56 . 2011-07-04 02:56 -------- d-----w- c:\documents and settings\Owner.YOUR-BDE1DFDEAA\Application Data\Immunet
2011-07-02 09:13 . 2011-07-02 09:14 -------- d-----w- c:\documents and settings\Owner.YOUR-BDE1DFDEAA\Application Data\QuickScan
2011-07-01 12:57 . 2011-07-01 12:57 -------- d-----w- c:\documents and settings\Owner.YOUR-BDE1DFDEAA\Application Data\SUPERAntiSpyware.com
2011-07-01 12:57 . 2011-07-01 12:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-07-01 12:57 . 2011-07-01 12:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-01 12:27 . 2011-07-01 12:27 -------- d-----w- c:\program files\Common Files\Scanner
2011-07-01 12:27 . 2011-07-01 12:27 -------- d-----w- c:\program files\Yahoo!
2011-06-30 01:08 . 2011-06-30 01:08 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-30 00:30 . 2011-06-30 00:30 -------- d-----w- c:\documents and settings\Administrator\PrivacIE
2011-06-30 00:28 . 2011-06-30 00:28 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2011-06-19 16:12 . 2011-06-19 16:12 -------- d-----w- c:\documents and settings\Owner.YOUR-BDE1DFDEAA\Application Data\ieSpell
2011-06-19 02:07 . 2011-06-19 02:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-19 00:17 . 2011-06-19 00:18 -------- d-----w- c:\program files\Common Files\Adobe
2011-06-19 00:17 . 2011-06-19 00:17 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-06-16 00:11 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-30 02:27 . 2011-04-05 02:03 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-08 01:03 . 2011-06-08 01:03 1409 ----a-w- c:\windows\QTFont.for
2011-05-04 08:52 . 2011-04-27 12:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 06:25 . 2011-04-26 01:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2005-01-10 01:09 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2005-01-09 23:48 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2005-01-09 23:48 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 02:00 . 2011-04-26 02:00 195424 ----a-w- c:\windows\system32\drivers\windrvr6.sys
2011-04-25 16:11 . 2005-01-09 23:48 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2005-01-09 23:48 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2005-01-09 23:48 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2005-01-09 23:48 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2005-01-09 23:48 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"CHotkey"="mHotkey.exe" [2004-12-09 550912]
"ledpointer"="CNYHKey.exe" [2004-03-03 5576704]
"showwnd"="showwnd.exe" [2003-09-19 36864]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"nwiz"="nwiz.exe" [2005-09-18 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"HostManager"="c:\program files\Common Files\AOL\1301882656\EE\AOLHostManager.exe" [2004-11-03 125528]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-19 79448]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"RTHDCPL"="RTHDCPL.EXE" [2011-02-17 20029032]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-04-04 98304]
"EPSON Stylus CX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 98304]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1301882656\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/5/2011 1:38 AM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/5/2011 1:38 AM 309848]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/5/2011 1:38 AM 19544]
S1 MpKsl6f779b7c;MpKsl6f779b7c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C4971698-16B6-4491-AC15-A874E621839A}\MpKsl6f779b7c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C4971698-16B6-4491-AC15-A874E621839A}\MpKsl6f779b7c.sys [?]
S1 MpKslce5d6ce8;MpKslce5d6ce8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7AEC9F7A-41C8-4362-B42B-9657742BAD63}\MpKslce5d6ce8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7AEC9F7A-41C8-4362-B42B-9657742BAD63}\MpKslce5d6ce8.sys [?]
S1 MpKsle9f5855b;MpKsle9f5855b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{787F632C-9A93-456B-B0A7-DF1DFB2A0083}\MpKsle9f5855b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{787F632C-9A93-456B-B0A7-DF1DFB2A0083}\MpKsle9f5855b.sys [?]
S1 MpKslf70ac845;MpKslf70ac845;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B204FD26-800D-430E-AED4-51CC671B2DD9}\MpKslf70ac845.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B204FD26-800D-430E-AED4-51CC671B2DD9}\MpKslf70ac845.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/4/2011 10:11 AM 1691480]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-13 c:\windows\Tasks\User_Feed_Synchronization-{EC00EFAA-ED35-45C8-91FF-491785EA2167}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8077063E-AE18-456C-A678-F80BFB18D963}: NameServer = 208.67.222.222,208.67.220.220
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-13 12:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(780)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1780)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\windows\eHome\ehRecvr.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\mHotkey.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\CNYHKey.exe
c:\windows\system32\RUNDLL32.EXE
c:\progra~1\COMMON~1\AOL\130188~1\EE\AOLHOS~1.EXE
c:\progra~1\COMMON~1\AOL\130188~1\EE\AOLServiceHost.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-07-13 12:49:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-13 16:49
ComboFix2.txt 2011-07-12 21:56
.
Pre-Run: 225,895,403,520 bytes free
Post-Run: 225,916,616,704 bytes free
.
- - End Of File - - 1FF3F3A05AB5FE2900FFB4E3F430D75E

ComboFix 11-07-12.09 - Owner 07/13/2011 12:33:59.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1153 [GMT -4:00]
Running from: c:\documents and settings\Owner.YOUR-BDE1DFDEAA\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner.YOUR-BDE1DFDEAA\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_08611771
.
.
((((((((((((((((((((((((( Files Created from 2011-06-13 to 2011-07-13 )))))))))))))))))))))))))))))))
.
.
2011-07-13 16:46 . 2011-07-13 16:46 -------- d-----w- c:\windows\LastGood
2011-07-12 06:06 . 2011-07-12 06:06 -------- d-----w- c:\documents and settings\Owner.YOUR-BDE1DFDEAA\Application Data\OpenDNS Updater
2011-07-12 06:06 . 2011-07-12 06:06 -------- d-----w- c:\program files\OpenDNS Updater
2011-07-09 21:48 . 2011-07-09 21:48 398760 ----a-r- c:\windows\cpnprt2.cid
2011-07-09 21:48 . 2011-07-09 21:48 398760 ------w- c:\windows\system32\cpnprt2.cid
2011-07-09 21:48 . 2011-07-09 21:48 -------- d-----w- c:\program files\Coupons
2011-07-08 09:29 . 2011-07-08 09:29 -------- d--h--w- c:\windows\msdownld.tmp
2011-07-05 05:39 . 2011-07-05 05:39 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-07-05 05:38 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-05 05:38 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-05 05:38 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-05 05:38 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-05 05:38 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-05 05:38 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-05 05:38 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-05 05:38 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-05 05:37 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-05 05:37 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-05 02:50 . 2011-07-05 02:50 -------- d-----w- c:\documents and settings\Owner.YOUR-BDE1DFDEAA\Local Settings\Application Data\Help
2011-07-05 02:22 . 2011-07-05 02:50 -------- d-----w- c:\program files\CleanUp!
2011-07-05 01:58 . 2011-07-12 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-07-05 01:58 . 2011-07-05 02:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-04 02:56 . 2011-07-05 16:13 -------- d-----w- c:\documents and settings\All Users\Immunet
2011-07-04 02:56 . 2011-07-04 02:56 -------- d-----w- c:\documents and settings\Owner.YOUR-BDE1DFDEAA\Application Data\Immunet
2011-07-02 09:13 . 2011-07-02 09:14 -------- d-----w- c:\documents and settings\Owner.YOUR-BDE1DFDEAA\Application Data\QuickScan
2011-07-01 12:57 . 2011-07-01 12:57 -------- d-----w- c:\documents and settings\Owner.YOUR-BDE1DFDEAA\Application Data\SUPERAntiSpyware.com
2011-07-01 12:57 . 2011-07-01 12:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-07-01 12:57 . 2011-07-01 12:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-01 12:27 . 2011-07-01 12:27 -------- d-----w- c:\program files\Common Files\Scanner
2011-07-01 12:27 . 2011-07-01 12:27 -------- d-----w- c:\program files\Yahoo!
2011-06-30 01:08 . 2011-06-30 01:08 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-30 00:30 . 2011-06-30 00:30 -------- d-----w- c:\documents and settings\Administrator\PrivacIE
2011-06-30 00:28 . 2011-06-30 00:28 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2011-06-19 16:12 . 2011-06-19 16:12 -------- d-----w- c:\documents and settings\Owner.YOUR-BDE1DFDEAA\Application Data\ieSpell
2011-06-19 02:07 . 2011-06-19 02:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-19 00:17 . 2011-06-19 00:18 -------- d-----w- c:\program files\Common Files\Adobe
2011-06-19 00:17 . 2011-06-19 00:17 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-06-16 00:11 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-30 02:27 . 2011-04-05 02:03 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-08 01:03 . 2011-06-08 01:03 1409 ----a-w- c:\windows\QTFont.for
2011-05-04 08:52 . 2011-04-27 12:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 06:25 . 2011-04-26 01:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2005-01-10 01:09 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2005-01-09 23:48 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2005-01-09 23:48 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 02:00 . 2011-04-26 02:00 195424 ----a-w- c:\windows\system32\drivers\windrvr6.sys
2011-04-25 16:11 . 2005-01-09 23:48 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2005-01-09 23:48 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2005-01-09 23:48 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2005-01-09 23:48 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2005-01-09 23:48 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"CHotkey"="mHotkey.exe" [2004-12-09 550912]
"ledpointer"="CNYHKey.exe" [2004-03-03 5576704]
"showwnd"="showwnd.exe" [2003-09-19 36864]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"nwiz"="nwiz.exe" [2005-09-18 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"HostManager"="c:\program files\Common Files\AOL\1301882656\EE\AOLHostManager.exe" [2004-11-03 125528]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-19 79448]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"RTHDCPL"="RTHDCPL.EXE" [2011-02-17 20029032]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-04-04 98304]
"EPSON Stylus CX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 98304]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1301882656\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/5/2011 1:38 AM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/5/2011 1:38 AM 309848]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/5/2011 1:38 AM 19544]
S1 MpKsl6f779b7c;MpKsl6f779b7c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C4971698-16B6-4491-AC15-A874E621839A}\MpKsl6f779b7c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C4971698-16B6-4491-AC15-A874E621839A}\MpKsl6f779b7c.sys [?]
S1 MpKslce5d6ce8;MpKslce5d6ce8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7AEC9F7A-41C8-4362-B42B-9657742BAD63}\MpKslce5d6ce8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7AEC9F7A-41C8-4362-B42B-9657742BAD63}\MpKslce5d6ce8.sys [?]
S1 MpKsle9f5855b;MpKsle9f5855b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{787F632C-9A93-456B-B0A7-DF1DFB2A0083}\MpKsle9f5855b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{787F632C-9A93-456B-B0A7-DF1DFB2A0083}\MpKsle9f5855b.sys [?]
S1 MpKslf70ac845;MpKslf70ac845;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B204FD26-800D-430E-AED4-51CC671B2DD9}\MpKslf70ac845.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B204FD26-800D-430E-AED4-51CC671B2DD9}\MpKslf70ac845.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/4/2011 10:11 AM 1691480]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-13 c:\windows\Tasks\User_Feed_Synchronization-{EC00EFAA-ED35-45C8-91FF-491785EA2167}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8077063E-AE18-456C-A678-F80BFB18D963}: NameServer = 208.67.222.222,208.67.220.220
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-13 12:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(780)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1780)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\windows\eHome\ehRecvr.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\mHotkey.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\CNYHKey.exe
c:\windows\system32\RUNDLL32.EXE
c:\progra~1\COMMON~1\AOL\130188~1\EE\AOLHOS~1.EXE
c:\progra~1\COMMON~1\AOL\130188~1\EE\AOLServiceHost.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-07-13 12:49:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-13 16:49
ComboFix2.txt 2011-07-12 21:56
.
Pre-Run: 225,895,403,520 bytes free
Post-Run: 225,916,616,704 bytes free
.
- - End Of File - - 1FF3F3A05AB5FE2900FFB4E3F430D75E
  • 0

#9
ali.B
Posted 13 July 2011 - 12:11 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

you missed my second step

again

Download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#10
dumbum
Posted 13 July 2011 - 03:13 PM

dumbum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Oops.. I did the step but forgot to paste.. no matter here it is

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 179):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 aliide.sys
0xBA5AE000 cmdide.sys
0xBA5B0000 toside.sys
0xBA5B2000 viaide.sys
0xBA5B4000 intelide.sys
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5B6000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xBA4BC000 cpqarray.sys
0xB9F0B000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xB9EF3000 atapi.sys
0xBA4C0000 aha154x.sys
0xBA338000 sparrow.sys
0xBA4C4000 symc810.sys
0xBA0D8000 aic78xx.sys
0xBA4C8000 dac960nt.sys
0xBA0E8000 ql10wnt.sys
0xBA4CC000 amsint.sys
0xBA340000 asc.sys
0xBA4D0000 asc3550.sys
0xBA348000 mraid35x.sys
0xBA350000 i2omp.sys
0xBA4D4000 ini910u.sys
0xBA0F8000 ql1240.sys
0xBA108000 aic78u2.sys
0xBA358000 symc8xx.sys
0xBA360000 sym_hi.sys
0xBA368000 sym_u3.sys
0xBA370000 ABP480N5.SYS
0xBA378000 asc3350p.sys
0xBA5B8000 cd20xrnt.sys
0xBA118000 ultra.sys
0xB9EDA000 adpu160m.sys
0xBA380000 dpti2o.sys
0xBA128000 ql1080.sys
0xBA138000 ql1280.sys
0xBA148000 ql12160.sys
0xBA388000 perc2.sys
0xBA5BA000 perc2hib.sys
0xBA390000 hpn.sys
0xBA4D8000 cbidf2k.sys
0xB9EAE000 dac2w2k.sys
0xBA158000 disk.sys
0xBA168000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E8E000 fltmgr.sys
0xB9E7C000 sr.sys
0xBA398000 PxHelp20.sys
0xB9E65000 KSecDD.sys
0xB9DD8000 Ntfs.sys
0xB9DAB000 NDIS.sys
0xBA178000 Combo-Fix.sys
0xBA188000 sisagp.sys
0xBA198000 viaagp.sys
0xBA1A8000 ohci1394.sys
0xBA1B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9D91000 Mup.sys
0xBA1C8000 agp440.sys
0xBA1D8000 alim1541.sys
0xBA1E8000 amdagp.sys
0xBA1F8000 agpCPQ.sys
0xBA228000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xB992B000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB9917000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA468000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB98F3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA470000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA308000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xBA318000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB9D81000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB98D0000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA478000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xB98A7000 \SystemRoot\system32\DRIVERS\hcwPP2.sys
0xB979B000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xBA480000 \SystemRoot\System32\Drivers\Modem.SYS
0xB9773000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB9CCD000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB9701000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xB96CA000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xB9D71000 \SystemRoot\system32\DRIVERS\serial.sys
0xB9CC9000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB9616000 \SystemRoot\system32\DRIVERS\parport.sys
0xB95E6000 \SystemRoot\system32\drivers\windrvr6.sys
0xBA5D0000 \SystemRoot\system32\drivers\USBD.SYS
0xBA749000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB9D61000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9CC5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB95CF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB9D51000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB9D41000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA488000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB95BE000 \SystemRoot\system32\DRIVERS\psched.sys
0xB9D31000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA490000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA498000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xB958E000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB9D21000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5D2000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB94E0000 \SystemRoot\system32\DRIVERS\update.sys
0xB9CA9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB9D01000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB9CF1000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA258000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xBA568000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA5D8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6DA000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5DA000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA3E0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA3E8000 \SystemRoot\System32\drivers\vga.sys
0xBA5DC000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5DE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3F0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3F8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA570000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB65F2000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB6599000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA278000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xB6573000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB654B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA400000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xB6529000 \SystemRoot\System32\drivers\afd.sys
0xBA288000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB6507000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xBA408000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB64DC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB646C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA2C8000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA2D8000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xBA410000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA418000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB63FA000 \SystemRoot\System32\Drivers\aswSP.SYS
0xB633A000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xB9757000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB96BA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB9753000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xBA428000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xB974B000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBA430000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xB94CC000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB62EE000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB62D6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA60A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB6468000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA450000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA761000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF3CC000 \SystemRoot\System32\ATMFD.DLL
0xB5B22000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xB5ACA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB593F000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB4DA2000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA666000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xB4C49000 \SystemRoot\System32\Drivers\HTTP.sys
0xB49EE000 \SystemRoot\system32\DRIVERS\srv.sys
0xB4BD9000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBA668000 \SystemRoot\system32\drivers\MSPQM.sys
0xBA460000 \??\C:\ComboFix\catchme.sys
0xBA5CE000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 49):
0 System Idle Process
4 System
680 C:\WINDOWS\system32\smss.exe
756 csrss.exe
780 C:\WINDOWS\system32\winlogon.exe
824 C:\WINDOWS\system32\services.exe
836 C:\WINDOWS\system32\lsass.exe
1012 C:\WINDOWS\system32\svchost.exe
1060 svchost.exe
1156 C:\WINDOWS\system32\svchost.exe
1236 svchost.exe
1352 svchost.exe
1460 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
504 C:\WINDOWS\system32\spoolsv.exe
1224 svchost.exe
1832 C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
1856 C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
1988 C:\WINDOWS\ehome\ehrecvr.exe
204 aoltpspd.exe
208 C:\WINDOWS\ehome\ehSched.exe
384 C:\Program Files\Java\jre6\bin\jqs.exe
908 C:\WINDOWS\system32\nvsvc32.exe
1112 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
1652 svchost.exe
1584 C:\WINDOWS\system32\svchost.exe
2120 C:\WINDOWS\ehome\ehtray.exe
2152 C:\WINDOWS\mHotkey.exe
2188 mcrdsvc.exe
2196 C:\WINDOWS\CNYHKey.exe
2224 C:\Program Files\Digital Media Reader\readericon45G.exe
2268 C:\WINDOWS\system32\rundll32.exe
2316 C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
2376 C:\Program Files\QuickTime\qttask.exe
2384 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAEA.EXE
2460 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2468 C:\Program Files\AVAST Software\Avast\AvastUI.exe
2600 C:\Program Files\Common Files\AOL\1301882656\EE\AOLHostManager.exe
2620 C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
2728 C:\PROGRA~1\COMMON~1\AOL\130188~1\EE\AOLServiceHost.exe
3792 C:\WINDOWS\system32\dllhost.exe
164 alg.exe
2276 C:\WINDOWS\ehome\ehmsas.exe
2952 C:\WINDOWS\system32\svchost.exe
2252 C:\WINDOWS\system32\wuauclt.exe
1780 C:\WINDOWS\explorer.exe
2232 C:\WINDOWS\system32\notepad.exe
1972 C:\WINDOWS\system32\ctfmon.exe
2168 C:\WINDOWS\system32\wscntfy.exe
2856 C:\Documents and Settings\Owner.YOUR-BDE1DFDEAA\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`04d22800 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: WDCWD2500AAJB-00J3A0, Rev: 01.03E01

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Gateway MBR code detected
SHA1: 007DADCB3671462B53686F6996D328CFD544ABBD


Done!
  • 0

Advertisements

#11
ali.B
Posted 13 July 2011 - 03:30 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
still getting redirected?
  • 0

#12
dumbum
Posted 13 July 2011 - 03:45 PM

dumbum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
I haven`t been for a couple days..but that`s happened before..while we were working on this I somehow lost my audio..I havent a clue on what where or how.

Thanks for the fix on redirects...ummm I just followed your steps I had, have no clue on what we did
  • 0

#13
ali.B
Posted 13 July 2011 - 03:49 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Try reinstalling your audio driver :)
  • 0

#14
dumbum
Posted 13 July 2011 - 04:39 PM

dumbum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Ok..I did a microsoft update and when I re-booted sound was back?? :)
  • 0

#15
ali.B
Posted 14 July 2011 - 01:10 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP