ran OTL fix and OTL scan afterwards here's logs:
All processes killed
========== OTL ==========
HKU\S-1-5-21-3481838351-1427231013-1611418634-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-3481838351-1427231013-1611418634-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate deleted successfully.
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:ows\w deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:iders deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:ngs... deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:ecution Options\iexplore.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:e deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\camy\Desktop\cmd.bat deleted successfully.
C:\Users\camy\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: camy
->Temp folder emptied: 4825812 bytes
->Temporary Internet Files folder emptied: 5308934 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 517 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 275577 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 10.00 mb
[EMPTYFLASH]
User: All Users
User: camy
->Flash cache emptied: 0 bytes
User: Default
User: Default User
User: Public
Total Flash Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.27.0 log created on 09102011_074954
Files\Folders moved on Reboot...
File\Folder C:\Users\camy\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
OTL logfile created on: 9/10/2011 7:57:53 AM - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\camy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.75 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 69.59% Memory free
11.50 Gb Paging File | 9.51 Gb Available in Paging File | 82.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.07 Gb Total Space | 532.45 Gb Free Space | 91.16% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 2.17 Gb Free Space | 18.09% Space Free | Partition Type: NTFS
Computer Name: CAMY-PC | User Name: camy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/09/08 07:56:54 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\camy\Desktop\OTL.exe
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/03/15 08:50:05 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2011/01/30 10:33:26 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2011/01/30 10:32:51 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2011/01/30 10:32:48 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgam.exe
PRC - [2011/01/30 10:32:46 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/01/13 07:20:00 | 000,041,296 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.6\waol.exe
PRC - [2011/01/13 07:19:58 | 000,045,392 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.6\shellmon.exe
PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\AOL\1295542896\ee\aolsoftware.exe
PRC - [2010/01/02 03:46:56 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2009/11/06 16:19:58 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/11/06 13:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/05/26 04:36:13 | 000,656,896 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/05/31 10:20:54 | 000,050,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\WmdHost.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
========== Modules (No Company Name) ========== MOD - [2011/08/10 03:50:51 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll
MOD - [2011/08/10 03:38:12 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7f94f6b13f92f1e093716d3e15bf86d1\PresentationFramework.Aero.ni.dll
MOD - [2011/08/10 03:38:02 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\873449038f590bc102daf0effd94c952\System.Web.Services.ni.dll
MOD - [2011/08/10 03:37:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll
MOD - [2011/08/10 03:37:52 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\b7d1c271ec6b4df64c95563fc81ffc2f\System.Data.ni.dll
MOD - [2011/08/10 03:37:42 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c60906a715473ceccf93f0559527e84d\PresentationFramework.ni.dll
MOD - [2011/08/10 03:37:28 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011/08/10 03:37:21 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/08/10 03:37:19 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8b3b6ed74cb3d94695b0eaf94a362d42\UIAutomationTypes.ni.dll
MOD - [2011/08/10 03:37:18 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\4a63fb97b3c648a28b8047697869ee7d\UIAutomationProvider.ni.dll
MOD - [2011/08/10 03:37:18 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\b614f2d2f13857c09c98b02944fc1c41\Accessibility.ni.dll
MOD - [2011/08/10 03:37:17 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5566b57732d9edea236f54d06149835a\PresentationCore.ni.dll
MOD - [2011/08/10 03:37:07 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
MOD - [2011/08/10 03:37:01 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/08/10 03:36:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/08/10 03:36:57 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/08/10 03:36:47 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/11 17:17:47 | 000,123,448 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2011/01/13 07:20:01 | 000,048,640 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.6\zlib.dll
MOD - [2010/11/04 21:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/06/30 00:12:54 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/06/30 00:12:52 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/06/30 00:12:42 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2010/06/30 00:12:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2010/06/30 00:12:40 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2010/06/30 00:12:40 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2010/06/30 00:12:36 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2010/06/30 00:12:18 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/05/26 04:36:13 | 000,656,896 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
========== Win32 Services (SafeList) ========== SRV:
64bit: - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:
64bit: - [2010/06/07 13:02:48 | 000,125,440 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:
64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:
64bit: - [2009/03/27 14:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:
64bit: - [2006/05/11 09:06:56 | 000,452,608 | ---- | M] ( ) [On_Demand | Stopped] -- C:\Windows\SysNative\lxcjcoms.exe -- (lxcj_device)
SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/01/30 10:32:51 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2011/01/30 10:32:46 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/09/03 02:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/07/28 17:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/02 03:46:56 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/11/06 13:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
========== Driver Services (SafeList) ========== DRV:
64bit: - [2011/07/04 07:36:56 | 000,600,920 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:
64bit: - [2011/07/04 07:36:54 | 000,288,088 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:
64bit: - [2011/07/04 07:35:28 | 000,045,400 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:
64bit: - [2011/07/04 07:32:35 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:
64bit: - [2011/07/04 07:32:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:
64bit: - [2011/07/04 07:32:14 | 000,022,360 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:
64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:
64bit: - [2011/05/05 09:40:07 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:
64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:
64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:
64bit: - [2011/01/30 10:34:35 | 000,056,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (AvgRkx64)
DRV:
64bit: - [2011/01/30 10:34:29 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:
64bit: - [2011/01/30 10:34:28 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:
64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:
64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:
64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:
64bit: - [2009/11/06 13:00:36 | 000,135,280 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)
DRV:
64bit: - [2009/11/06 13:00:34 | 000,037,488 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssfs0bbc.sys -- (ssfs0bbc)
DRV:
64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2009/07/09 06:38:42 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:
64bit: - [2009/06/11 19:34:34 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:
64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:
64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:
64bit: - [2009/05/19 12:19:38 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:
64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:
64bit: - [2006/11/29 18:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...bestbuy&pf=cndtIE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.h...bestbuy&pf=cndtIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...bestbuy&pf=cndtIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.h...bestbuy&pf=cndtIE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3481838351-1427231013-1611418634-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3481838351-1427231013-1611418634-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.aol.comIE - HKU\S-1-5-21-3481838351-1427231013-1611418634-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3481838351-1427231013-1611418634-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2011/09/10 07:50:01 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:
64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-3481838351-1427231013-1611418634-1001\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKU\S-1-5-21-3481838351-1427231013-1611418634-1001\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4:
64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:
64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:
64bit: - HKLM..\Run: [Windows Mobile Device Center] File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1295542896\ee\AOLSoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3481838351-1427231013-1611418634-1001..\Run: [AOL Fast Start] C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE (AOL Inc.)
O4 - HKU\S-1-5-21-3481838351-1427231013-1611418634-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3481838351-1427231013-1611418634-1001\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1A0FBCA-0112-4F48-9677-74A15FF817D4}: DhcpNameServer = 192.168.1.1
O18:
64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:
64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:
64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:
64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:
64bit: - LSA: Authentication Packages - (ows\w) - File not found
O30 - LSA: Authentication Packages - (ows\w) - File not found
O30:
64bit: - LSA: Security Packages - (krberos) - File not found
O30 - LSA: Security Packages - (krberos) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{145681dd-4aee-11e0-bd95-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{145681dd-4aee-11e0-bd95-00038a000015}\Shell\AutoRun\command - "" = K:\LaunchU3.exe
O33 - MountPoints2\{fdc0da83-16e5-11df-a3c7-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{fdc0da83-16e5-11df-a3c7-00038a000015}\Shell\AutoRun\command - "" = K:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2011/09/10 07:49:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/08 08:01:34 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\camy\Desktop\OTL.scr
[2011/09/08 07:59:47 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\camy\Desktop\OTL.com
[2011/09/08 07:56:54 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\camy\Desktop\OTL.exe
[2011/09/08 01:51:08 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/09/08 01:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/08 01:51:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/08 01:35:57 | 000,000,000 | ---D | C] -- C:\Users\camy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/09/08 01:35:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/09/06 16:01:48 | 000,000,000 | ---D | C] -- C:\Users\camy\Documents\unknown
[2011/08/27 01:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/27 01:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/27 01:45:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/08/27 01:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/18 23:18:54 | 000,000,000 | ---D | C] -- C:\Users\camy\Documents\butterflies3_hyper+btn
[2011/08/14 17:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/14 17:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
========== Files - Modified Within 30 Days ========== [2011/09/10 08:01:31 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/10 08:01:31 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/10 07:53:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/10 07:53:27 | 334,942,207 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/10 07:50:01 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/09/10 04:00:06 | 000,001,710 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_LFA0D1D891B43492EB69627EECE84C3CA.job
[2011/09/10 00:57:56 | 000,000,512 | ---- | M] () -- C:\Users\camy\Desktop\MBR.dat
[2011/09/09 23:14:00 | 000,012,800 | ---- | M] () -- C:\Users\camy\Documents\goaliestats201011.xlr
[2011/09/09 23:14:00 | 000,009,318 | ---- | M] () -- C:\Users\camy\AppData\Roaming\wklnhst.dat
[2011/09/09 18:01:20 | 085,648,698 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2011/09/08 08:01:37 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\camy\Desktop\OTL.scr
[2011/09/08 07:59:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\camy\Desktop\OTL.com
[2011/09/08 07:56:54 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\camy\Desktop\OTL.exe
[2011/09/08 01:51:09 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/08 01:35:57 | 000,002,971 | ---- | M] () -- C:\Users\camy\Desktop\HiJackThis.lnk
[2011/09/08 01:33:15 | 001,402,880 | ---- | M] () -- C:\Users\camy\Desktop\HiJackThis.msi
[2011/09/07 17:52:33 | 000,377,344 | ---- | M] () -- C:\Users\camy\Documents\ItineraryWoodchuckTournament-2011.wps
[2011/09/07 11:40:53 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForcamy.job
[2011/09/06 16:01:48 | 000,282,350 | ---- | M] () -- C:\Users\camy\Documents\unknown.zip
[2011/09/06 09:33:49 | 000,015,872 | ---- | M] () -- C:\Users\camy\Documents\Fall2011.wps
[2011/09/04 13:39:05 | 000,023,552 | ---- | M] () -- C:\Users\camy\Documents\CREDIT CARDS.xlr
[2011/08/27 01:46:31 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/19 19:23:24 | 001,085,440 | ---- | M] () -- C:\Users\camy\Documents\anatomy.pps
[2011/08/18 23:18:54 | 003,614,628 | ---- | M] () -- C:\Users\camy\Documents\butterflies3_hyper+btn.zip
[2011/08/14 17:07:19 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/12 08:58:05 | 000,013,440 | ---- | M] () -- C:\Users\camy\Documents\0704011706_0001.jpg
[2011/08/12 08:45:13 | 000,015,168 | ---- | M] () -- C:\Users\camy\Documents\2011-08-109518.14.54_0001.jpg
========== Files Created - No Company Name ========== [2011/09/10 00:57:56 | 000,000,512 | ---- | C] () -- C:\Users\camy\Desktop\MBR.dat
[2011/09/08 01:51:09 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/08 01:35:57 | 000,002,971 | ---- | C] () -- C:\Users\camy\Desktop\HiJackThis.lnk
[2011/09/08 01:33:14 | 001,402,880 | ---- | C] () -- C:\Users\camy\Desktop\HiJackThis.msi
[2011/09/07 17:52:33 | 000,377,344 | ---- | C] () -- C:\Users\camy\Documents\ItineraryWoodchuckTournament-2011.wps
[2011/09/06 16:01:47 | 000,282,350 | ---- | C] () -- C:\Users\camy\Documents\unknown.zip
[2011/09/06 09:33:49 | 000,015,872 | ---- | C] () -- C:\Users\camy\Documents\Fall2011.wps
[2011/08/27 01:46:31 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/19 19:23:22 | 001,085,440 | ---- | C] () -- C:\Users\camy\Documents\anatomy.pps
[2011/08/18 23:18:49 | 003,614,628 | ---- | C] () -- C:\Users\camy\Documents\butterflies3_hyper+btn.zip
[2011/08/14 17:07:19 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/12 08:58:05 | 000,013,440 | ---- | C] () -- C:\Users\camy\Documents\0704011706_0001.jpg
[2011/08/12 08:45:13 | 000,015,168 | ---- | C] () -- C:\Users\camy\Documents\2011-08-109518.14.54_0001.jpg
[2011/06/09 13:21:34 | 000,112,262 | ---- | C] () -- C:\Users\camy\AppData\Local\tmpCRICA.JPG
[2011/05/29 11:31:16 | 000,210,226 | ---- | C] () -- C:\Users\camy\AppData\Local\tmp2009_REEBOK_REVOKE_PZ_PAD_WHITENAVYBABYBLUE_LG.4
[2011/05/29 11:31:14 | 000,047,397 | ---- | C] () -- C:\Users\camy\AppData\Local\tmp2009_REEBOK_REVOKE_PZ_PAD_WHITENAVYBABYBLUE_LG.3
[2011/05/29 11:31:13 | 000,046,753 | ---- | C] () -- C:\Users\camy\AppData\Local\tmp2009_REEBOK_REVOKE_PZ_PAD_WHITENAVYBABYBLUE_LG.2
[2011/05/29 11:31:12 | 000,045,940 | ---- | C] () -- C:\Users\camy\AppData\Local\tmp2009_REEBOK_REVOKE_PZ_PAD_WHITENAVYBABYBLUE_LG.1
[2011/05/29 11:31:11 | 000,210,226 | ---- | C] () -- C:\Users\camy\AppData\Local\tmp2009_REEBOK_REVOKE_PZ_PAD_WHITENAVYBABYBLUE_LG.0
[2011/05/29 11:31:11 | 000,046,845 | ---- | C] () -- C:\Users\camy\AppData\Local\tmp2009_REEBOK_REVOKE_PZ_PAD_WHITENAVYBABYBLUE_LG.JPG
[2011/03/23 20:50:59 | 000,012,542 | ---- | C] () -- C:\Users\camy\AppData\Local\tmp191428_10150442941285291_560060290_17684903_12266_O.JPG
[2011/01/20 12:48:51 | 000,000,006 | ---- | C] () -- C:\Windows\msoffice.ini
[2010/10/13 23:19:10 | 000,007,609 | ---- | C] () -- C:\Users\camy\AppData\Local\Resmon.ResmonCfg
[2010/07/01 01:09:35 | 000,114,668 | ---- | C] () -- C:\Users\camy\AppData\Local\tmp26695_139080306104494_100000075760216_393298_903712_N.0
[2010/07/01 01:09:35 | 000,080,757 | ---- | C] () -- C:\Users\camy\AppData\Local\tmp26695_139080306104494_100000075760216_393298_903712_N.JPG
[2010/06/30 00:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/05/04 09:40:25 | 000,498,236 | ---- | C] () -- C:\Users\camy\AppData\Local\tmpSCANNEDAT5-3-20108-14AM.JPG
[2010/05/04 09:40:24 | 000,339,054 | ---- | C] () -- C:\Users\camy\AppData\Local\tmpSCANNEDAT5-3-20108-14AM.0
[2010/01/02 03:44:35 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2009/12/29 00:24:36 | 000,009,318 | ---- | C] () -- C:\Users\camy\AppData\Roaming\wklnhst.dat
[2009/12/28 22:09:11 | 000,000,171 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/12/28 19:08:43 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/11/06 13:00:28 | 000,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
========== LOP Check ========== [2009/12/30 22:11:01 | 000,000,000 | ---D | M] -- C:\Users\camy\AppData\Roaming\funkitron
[2010/12/23 18:50:26 | 000,000,000 | ---D | M] -- C:\Users\camy\AppData\Roaming\iWin
[2009/12/28 19:03:12 | 000,000,000 | ---D | M] -- C:\Users\camy\AppData\Roaming\PictureMover
[2010/01/07 20:28:35 | 000,000,000 | ---D | M] -- C:\Users\camy\AppData\Roaming\Template
[2009/12/28 22:08:18 | 000,000,000 | ---D | M] -- C:\Users\camy\AppData\Roaming\WildTangent
[2009/12/29 19:53:44 | 000,000,000 | ---D | M] -- C:\Users\camy\AppData\Roaming\WinBatch
[2011/03/29 23:02:02 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/10 04:00:06 | 000,001,710 | ---- | M] () -- C:\Windows\Tasks\wrSpySweeper_LFA0D1D891B43492EB69627EECE84C3CA.job
========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 1557 bytes -> C:\Users\camy\Documents\24835-Camyrx;[eDED]download;31000565.eml:OECustomProperty
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
< End of report >
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: PEGATRON CORPORATION
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: HP-Pavilion
System Product Name: NY545AA-ABA p6210y
Logical Drives Mask: 0x000001fc
Kernel Drivers (total 158):
0x02A5D000 \SystemRoot\system32\ntoskrnl.exe
0x02A14000 \SystemRoot\system32\hal.dll
0x00BA4000 \SystemRoot\system32\kdcom.dll
0x00CED000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CFA000 \SystemRoot\system32\PSHED.dll
0x00D0E000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E6A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F0E000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F1D000 \SystemRoot\system32\drivers\ACPI.sys
0x00F74000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F7D000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F87000 \SystemRoot\system32\drivers\pci.sys
0x00FBA000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00FC7000 \SystemRoot\System32\drivers\partmgr.sys
0x00FDC000 \SystemRoot\system32\DRIVERS\ssfs0bbc.sys
0x00E00000 \SystemRoot\system32\DRIVERS\ssidrv.sys
0x00E24000 \SystemRoot\system32\drivers\volmgr.sys
0x00D6C000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E39000 \SystemRoot\System32\drivers\mountmgr.sys
0x010DD000 \SystemRoot\system32\DRIVERS\nvstor64.sys
0x0111B000 \SystemRoot\system32\DRIVERS\storport.sys
0x0117E000 \SystemRoot\system32\drivers\amdxata.sys
0x01189000 \SystemRoot\system32\drivers\fltmgr.sys
0x011D5000 \SystemRoot\system32\drivers\fileinfo.sys
0x01226000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
0x013C9000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0105E000 \SystemRoot\System32\Drivers\cng.sys
0x013E4000 \SystemRoot\System32\drivers\pcw.sys
0x013F5000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014FE000 \SystemRoot\system32\drivers\ndis.sys
0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x016CE000 \SystemRoot\System32\drivers\tcpip.sys
0x018D2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0191C000 \SystemRoot\system32\drivers\volsnap.sys
0x01968000 \SystemRoot\System32\Drivers\spldr.sys
0x01970000 \SystemRoot\System32\drivers\rdyboost.sys
0x019AA000 \SystemRoot\System32\Drivers\mup.sys
0x019BC000 \SystemRoot\System32\drivers\hwpolicy.sys
0x019C5000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01600000 \SystemRoot\system32\DRIVERS\disk.sys
0x01616000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01646000 \SystemRoot\System32\Drivers\avgrkx64.sys
0x0148B000 \SystemRoot\system32\drivers\cdrom.sys
0x02C59000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x02CF1000 \SystemRoot\System32\Drivers\Null.SYS
0x02CFA000 \SystemRoot\System32\Drivers\Beep.SYS
0x02D01000 \SystemRoot\System32\drivers\vga.sys
0x02D0F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02D34000 \SystemRoot\System32\drivers\watchdog.sys
0x02D44000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02D4D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02D56000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02D5F000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02D6A000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02D7B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02D9D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02DAA000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x02C00000 \SystemRoot\System32\Drivers\avgtdia.sys
0x02DB8000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03AF3000 \SystemRoot\system32\drivers\afd.sys
0x03B7C000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x03B86000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03B8F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03BB5000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03BC4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03BDF000 \SystemRoot\system32\drivers\termdd.sys
0x03BF3000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x03A00000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x03A0A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03A5B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03A67000 \SystemRoot\system32\drivers\mssmbios.sys
0x03A72000 \SystemRoot\System32\drivers\discache.sys
0x03A81000 \SystemRoot\System32\Drivers\dfsc.sys
0x03A9F000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03AB0000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x014B5000 \SystemRoot\System32\Drivers\avgldx64.sys
0x04060000 \SystemRoot\System32\Drivers\aswSP.SYS
0x040AD000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x040D3000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x040E8000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x040F3000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x040FE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04154000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04165000 \SystemRoot\system32\drivers\HDAudBus.sys
0x04189000 \SystemRoot\system32\drivers\1394ohci.sys
0x041C7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04000000 \SystemRoot\system32\DRIVERS\nvmf6264.sys
0x0484F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0534D000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x04430000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04524000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05685000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x057B6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x057B8000 \SystemRoot\system32\drivers\modem.sys
0x057C7000 \SystemRoot\system32\drivers\wmiacpi.sys
0x057D0000 \SystemRoot\system32\drivers\CompositeBus.sys
0x057E0000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05600000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05624000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x05630000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0565F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0456A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0458B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x045A5000 \SystemRoot\system32\DRIVERS\wanatw64.sys
0x045B1000 \SystemRoot\system32\drivers\kbdclass.sys
0x045C0000 \SystemRoot\system32\drivers\mouclass.sys
0x0567A000 \SystemRoot\system32\drivers\swenum.sys
0x0534F000 \SystemRoot\system32\drivers\ks.sys
0x045CF000 \SystemRoot\system32\drivers\umbus.sys
0x05392000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x045E1000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05E24000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04800000 \SystemRoot\system32\drivers\portcls.sys
0x05FD8000 \SystemRoot\system32\drivers\drmk.sys
0x05FFA000 \SystemRoot\system32\drivers\ksthunk.sys
0x05E00000 \SystemRoot\system32\drivers\hidusb.sys
0x04400000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x05E0E000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x05E17000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x041D4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x03AB8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x04419000 \SystemRoot\system32\drivers\kbdhid.sys
0x053EC000 \SystemRoot\System32\Drivers\crashdmp.sys
0x057F6000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x01653000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x03AD3000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x0483D000 \SystemRoot\System32\drivers\Dxapi.sys
0x041F1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00530000 \SystemRoot\System32\TSDDD.dll
0x00790000 \SystemRoot\System32\cdd.dll
0x00950000 \SystemRoot\System32\ATMFD.DLL
0x01691000 \SystemRoot\system32\drivers\luafv.sys
0x05488000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x054C2000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x054CB000 \SystemRoot\system32\drivers\WudfPf.sys
0x054FD000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05512000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0552A000 \SystemRoot\system32\drivers\HTTP.sys
0x05400000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0541E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05436000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06A42000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06A90000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06AC5000 \SystemRoot\system32\drivers\peauth.sys
0x06B6B000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06B87000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06BB8000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0944E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x094B7000 \SystemRoot\System32\DRIVERS\srv.sys
0x09560000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0942E000 \SystemRoot\system32\DRIVERS\WinUsb.sys
0x77910000 \Windows\System32\ntdll.dll
0x48430000 \Windows\System32\smss.exe
0xFFC30000 \Windows\System32\apisetschema.dll
Processes (total 83):
0 System Idle Process
4 System
320 C:\Windows\System32\smss.exe
476 csrss.exe
532 csrss.exe
540 C:\Windows\System32\wininit.exe
552 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
584 C:\Windows\System32\winlogon.exe
596 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
656 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
716 C:\Windows\System32\services.exe
780 C:\Windows\System32\lsass.exe
788 C:\Windows\System32\lsm.exe
448 C:\Windows\System32\svchost.exe
1080 C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe
1112 C:\Windows\System32\nvvsvc.exe
1156 C:\Windows\System32\svchost.exe
1244 C:\Windows\System32\svchost.exe
1304 C:\Windows\System32\svchost.exe
1332 C:\Windows\System32\svchost.exe
1496 C:\Windows\System32\svchost.exe
1596 C:\Windows\System32\svchost.exe
1696 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1736 C:\Windows\System32\nvvsvc.exe
1952 C:\Windows\System32\dwm.exe
1960 C:\Windows\explorer.exe
1780 C:\Windows\System32\spoolsv.exe
1932 C:\Windows\System32\svchost.exe
2140 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
2164 C:\Program Files\LSI SoftModem\agr64svc.exe
2196 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2236 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
2260 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2292 C:\Windows\System32\svchost.exe
2316 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
2352 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2476 C:\Program Files (x86)\AVG\AVG9\avgam.exe
2504 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
2560 C:\Windows\System32\svchost.exe
2680 C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
3060 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
2840 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
3408 C:\Windows\System32\rundll32.exe
3652 WUDFHost.exe
3724 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
3552 C:\Windows\notepad.exe
3820 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
3580 C:\Windows\WindowsMobile\wmdc.exe
3616 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
4032 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
3676 C:\Program Files (x86)\AOL Desktop 9.6\waol.exe
3132 C:\Windows\System32\svchost.exe
1312 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
2064 C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
208 C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
3472 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
1484 C:\Program Files (x86)\Common Files\AOL\1295542896\ee\aolsoftware.exe
3324 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
3912 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2016 C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe
4224 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4600 C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
4756 C:\Program Files\iPod\bin\iPodService.exe
4424 C:\Windows\System32\SearchIndexer.exe
2780 WUDFHost.exe
1848 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
4460 C:\Windows\System32\mobsync.exe
5296 C:\Program Files\Windows Media Player\wmpnetwk.exe
5612 C:\Windows\System32\svchost.exe
5752 C:\Windows\WindowsMobile\WmdHost.exe
6100 C:\Program Files (x86)\AOL Desktop 9.6\shellmon.exe
5776 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
3180 C:\Users\camy\Desktop\OTL.exe
1520 C:\Windows\notepad.exe
3688 C:\Program Files (x86)\Internet Explorer\iexplore.exe
5012 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3824 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4668 C:\Windows\System32\SearchProtocolHost.exe
1864 C:\Windows\System32\SearchFilterHost.exe
4092 C:\Windows\System32\audiodg.exe
3680 C:\Users\camy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5TBRHWLG\MBRCheck.exe
6116 C:\Windows\System32\conhost.exe
3924 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000092`0aa00000 (NTFS)
PhysicalDrive0 Model Number: WDC WD6400AAKS-65A7B, Rev: 01.0
Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 RE: Unknown MBR code
SHA1: EA86DEA936A7937E6201DADF57DB786F2049D1CB
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
Edited by rxnet, 10 September 2011 - 06:12 AM.