Would appreciate your help. Virus(s) I suspect.
Very sluggish performance
Not able to install / execute AVAST, MBAM, Paragon Drive Backup 9.0, SuperAntiSpyware
Existing programs seem to work but computer is extremely slow to operate.
Able to search & download files from internet
My results follow from the tutorial at:
http://www.geekstogo...t-run-tutorial/
Rkill did not complete on any of the 3 options
explorer.exe ran with no noticeable effect
Re-installed and ran MBAM, only ran for ~2 seconds before disappearing.
VipreRescue did scan
From the log Three Threats:
4718385 Name: VirTool.Win32.Obfuscator.hg!b(v) Category Trojan
4728748 Name: Packed.Win32.Zbot.gen.y.6(v) Category Trojan
4726030 Name: Trojan.Win32.Bredolab.mt (v) Category Trojan
Ran MBAM again with the same results, disappeared after ~2 seconds
SuperAntiSpyware Portable Scanner ran for 2 seconds and disappeared
OTL did scan the log follows:
OTL logfile created on: 9/24/2011 8:41:05 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = K:\VirusRemoval
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.87 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 48.18% Memory free
11.58 Gb Paging File | 10.52 Gb Available in Paging File | 90.80% Paging File free
Paging file location(s): c:\pagefile.sys 9000 9000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.55 Gb Total Space | 201.92 Gb Free Space | 70.46% Space Free | Partition Type: NTFS
Drive D: | 11.54 Gb Total Space | 1.52 Gb Free Space | 13.17% Space Free | Partition Type: NTFS
Drive K: | 243.73 Mb Total Space | 20.75 Mb Free Space | 8.51% Space Free | Partition Type: FAT
Computer Name: BILLSTOWING-PC | User Name: Bill's Towing | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
========== Processes (SafeList) ==========
PRC - [2011/09/24 20:35:30 | 000,582,656 | ---- | M] (OldTimer Tools) -- K:\VirusRemoval\OTL.scr
PRC - [2011/08/05 04:05:13 | 005,828,952 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
PRC - [2011/07/06 13:47:16 | 001,156,968 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2011/07/06 13:45:32 | 001,178,984 | ---- | M] (Intuit Inc.) -- C:\Program Files\Intuit\QuickBooks 2008\QBW32.EXE
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 22:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
========== Modules (No Company Name) ==========
MOD - [2011/08/10 03:28:04 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\beab37721e12fef7fc1e8f2ff130fa31\System.ServiceModel.ni.dll
MOD - [2011/08/10 03:27:41 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\5534465ace7f8b214a31a34f56280602\System.Web.Services.ni.dll
MOD - [2011/08/10 03:27:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll
MOD - [2011/08/10 03:24:58 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
MOD - [2011/08/10 03:24:43 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
MOD - [2011/08/10 03:24:35 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
MOD - [2011/08/10 03:24:11 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\180849cb54aab0bc77a229c41f967c90\PresentationFramework.ni.dll
MOD - [2011/08/10 03:23:44 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\cbe5fbb2e20534d89c0588cc05418840\PresentationCore.ni.dll
MOD - [2011/08/10 03:23:29 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9afe86eee3ddf79c5f6cf5d85873c464\WindowsBase.ni.dll
MOD - [2011/08/10 03:23:23 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/08/05 04:05:13 | 000,083,800 | ---- | M] () -- C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.XmlSerializers.dll
MOD - [2011/07/06 13:46:14 | 000,125,288 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2008\QBMAPILibrary.dll
MOD - [2011/07/06 13:46:12 | 000,020,840 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2008\QBCompressor.DLL
MOD - [2011/07/06 13:45:56 | 000,042,344 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2008\mbpopup.dll
MOD - [2011/07/06 13:45:38 | 000,268,648 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2008\boost_regex-vc90-mt-p-1_33.dll
MOD - [2011/07/06 13:45:38 | 000,176,488 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2008\boost_serialization-vc90-mt-p-1_33.dll
MOD - [2011/07/06 13:45:36 | 000,346,984 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2008\BackupLib.dll
MOD - [2011/06/15 03:32:15 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2009/04/11 02:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2005/07/20 00:18:00 | 000,059,904 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2008\zlib1.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (LMIGuardianSvc)
SRV - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/07/06 12:39:58 | 000,045,056 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/06/30 13:25:52 | 001,249,792 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - [2011/09/24 19:35:25 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 16:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Users\Bill's Towing\AppData\Local\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/16 10:25:39 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Users\Bill's Towing\AppData\Local\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)
DRV - [2010/09/17 16:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2009/04/11 00:45:22 | 000,066,560 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\smb.sys -- (Smb) Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)
DRV - [2009/02/09 18:59:20 | 000,272,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20090318.001\IDSvix86.sys -- (IDSvix86)
DRV - [2008/12/13 14:47:38 | 000,129,896 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2008/12/13 14:47:38 | 000,032,056 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2008/05/22 10:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/22 05:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/05/21 07:44:10 | 001,049,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/02/12 11:27:34 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS3.sys -- (HSXHWBS3)
DRV - [2008/02/12 11:25:22 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 11:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/12/12 13:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\..\URLSearchHook: {1c9b96a0-cba2-482e-9c40-9200b547123a} - C:\Program Files\Productivity\prxtbPro0.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://frontier.my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {1c9b96a0-cba2-482e-9c40-9200b547123a} - C:\Program Files\Productivity\prxtbPro0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://frontier.my.yahoo.com/"
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/14 09:32:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/09/24 11:21:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/12 12:59:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/14 09:32:17 | 000,000,000 | ---D | M]
[2011/08/12 13:00:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bill's Towing\AppData\Roaming\Mozilla\Extensions
[2011/08/12 12:59:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/15 11:42:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/07/08 03:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Productivity Toolbar) - {1c9b96a0-cba2-482e-9c40-9200b547123a} - C:\Program Files\Productivity\prxtbPro0.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Productivity Toolbar) - {1c9b96a0-cba2-482e-9c40-9200b547123a} - C:\Program Files\Productivity\prxtbPro0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Productivity Toolbar) - {1C9B96A0-CBA2-482E-9C40-9200B547123A} - C:\Program Files\Productivity\prxtbPro0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: paymode.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BFAA950-4CA1-47B9-AD79-9B893ECC9F11}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -Explorer.exe ()
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\awave.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\awave.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/28 13:44:48 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0f1fc4b7-a5e2-11df-90ed-00226805fd89}\Shell\AutoRun\command - "" = F:\Autorun.exe /run
O33 - MountPoints2\{0f1fc4b7-a5e2-11df-90ed-00226805fd89}\Shell\Shell00\Command - "" = F:\Autorun.exe /run
O33 - MountPoints2\{0f1fc4b7-a5e2-11df-90ed-00226805fd89}\Shell\Shell01\Command - "" = F:\Autorun.exe /action
O33 - MountPoints2\{0f1fc4b7-a5e2-11df-90ed-00226805fd89}\Shell\Shell02\Command - "" = F:\Autorun.exe /uninstall
O33 - MountPoints2\{0f1fc4f8-a5e2-11df-90ed-00226805fd89}\Shell\AutoRun\command - "" = F:\winamp_cache_0001\ehthumbs.exe
O33 - MountPoints2\{0f1fc4f8-a5e2-11df-90ed-00226805fd89}\Shell\explore\command - "" = F:\winamp_cache_0001/ehthumbs.exe
O33 - MountPoints2\{0f1fc4f8-a5e2-11df-90ed-00226805fd89}\Shell\open\command - "" = F:\winamp_cache_0001/ehthumbs.exe
O33 - MountPoints2\{d758edb1-9d8f-11e0-9aca-00226805fd89}\Shell - "" = AutoRun
O33 - MountPoints2\{d758edb1-9d8f-11e0-9aca-00226805fd89}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 60 Days ==========
File not found -- C:\Windows\System32\drivers\
File not found -- C:\Windows\System32\
[2011/09/24 20:13:12 | 000,000,000 | ---D | C] -- C:\Users\Bill's Towing\AppData\Roaming\SUPERAntiSpyware.com
[2011/09/24 20:13:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/09/24 18:52:11 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/09/24 18:52:11 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\sbbd.exe
[2011/09/24 18:52:02 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/09/24 16:17:17 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/09/24 16:17:13 | 000,000,000 | ---D | C] -- C:\Users\Bill's Towing\AppData\Roaming\Malwarebytes
[2011/09/24 16:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/24 16:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/24 16:17:01 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/09/24 16:17:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/24 13:06:42 | 000,040,496 | ---- | C] (Paragon Software Group) -- C:\Windows\System32\drivers\hotcore3.sys
[2011/09/24 13:06:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/09/24 13:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\Paragon Software
[2011/09/24 11:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/09/24 11:06:55 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/09/24 11:06:54 | 000,320,856 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/09/24 10:23:10 | 000,442,200 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/09/24 10:23:10 | 000,052,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/09/24 10:23:10 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/09/24 10:23:09 | 000,054,616 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/09/24 10:22:49 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/09/24 10:22:48 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/09/21 23:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/09/21 09:26:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/09/21 09:26:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/23 20:26:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/15 13:28:20 | 000,000,000 | ---D | C] -- C:\Users\Bill's Towing\AppData\Local\Google
[2011/08/15 13:28:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011/08/15 13:28:09 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/08/15 13:25:11 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/08/12 13:00:01 | 000,000,000 | ---D | C] -- C:\Users\Bill's Towing\AppData\Roaming\Mozilla
[2011/08/12 13:00:01 | 000,000,000 | ---D | C] -- C:\Users\Bill's Towing\AppData\Local\Mozilla
[2011/08/12 12:59:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/08/10 03:04:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/10 03:04:06 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/08/10 03:04:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/10 03:04:05 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/10 03:04:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/09 19:28:30 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/09 19:28:03 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/09 19:28:03 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/04 11:48:59 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 60 Days ==========
File not found -- C:\Windows\System32\drivers\
File not found -- C:\Windows\System32\
[2011/09/24 20:44:06 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/24 20:37:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/24 20:37:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/24 20:04:45 | 000,002,585 | ---- | M] () -- C:\Users\Bill's Towing\Desktop\Microsoft Office Excel 2007.lnk
[2011/09/24 19:35:25 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/09/24 19:35:13 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/24 18:52:19 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[2011/09/24 18:43:30 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/24 18:43:30 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/24 18:37:14 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/24 18:37:02 | 000,000,000 | ---- | M] () -- C:\Windows\1501442901
[2011/09/24 18:37:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/24 18:36:58 | 3084,029,952 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/24 18:26:30 | 000,000,690 | ---- | M] () -- C:\Users\Bill's Towing\Documents\Virus Removal Info.rtf
[2011/09/24 11:29:20 | 000,000,000 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/09/24 11:21:55 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/09/24 09:40:07 | 448,043,623 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/22 09:44:48 | 000,002,627 | ---- | M] () -- C:\Users\Bill's Towing\Desktop\Microsoft Office Word 2007.lnk
[2011/09/21 10:00:07 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/09/20 11:10:48 | 000,000,000 | -HS- | M] () -- C:\Windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/09/06 16:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/09/06 16:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/09/06 16:36:26 | 000,054,616 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/15 13:29:35 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/08/12 12:59:57 | 000,000,872 | ---- | M] () -- C:\Users\Bill's Towing\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/12 12:59:57 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/10 08:12:42 | 000,014,512 | ---- | M] () -- C:\Users\Bill's Towing\Documents\Bill's Towing AF WC Loss Runs.pdf
[2011/08/10 08:12:12 | 000,034,409 | ---- | M] () -- C:\Users\Bill's Towing\Documents\Bill's Towing IN Pkg-Auto Losses.pdf
[2011/08/05 11:24:34 | 000,000,288 | ---- | M] () -- C:\Users\Bill's Towing\AppData\Roaming\32ED2746.reg
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/09/24 18:52:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2011/09/24 18:24:11 | 000,000,690 | ---- | C] () -- C:\Users\Bill's Towing\Documents\Virus Removal Info.rtf
[2011/09/24 16:17:04 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/24 11:21:55 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/09/20 11:10:48 | 000,000,000 | -HS- | C] () -- C:\Windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/09/20 11:10:30 | 000,000,000 | ---- | C] () -- C:\Windows\1501442901
[2011/08/15 13:28:50 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/15 13:28:49 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/12 12:59:57 | 000,000,872 | ---- | C] () -- C:\Users\Bill's Towing\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/12 12:59:57 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/12 12:59:57 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/10 08:12:42 | 000,014,512 | ---- | C] () -- C:\Users\Bill's Towing\Documents\Bill's Towing AF WC Loss Runs.pdf
[2011/08/10 08:12:12 | 000,034,409 | ---- | C] () -- C:\Users\Bill's Towing\Documents\Bill's Towing IN Pkg-Auto Losses.pdf
[2011/08/05 11:24:34 | 000,000,288 | ---- | C] () -- C:\Users\Bill's Towing\AppData\Roaming\32ED2746.reg
[2011/08/04 11:52:44 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2010/12/07 13:53:59 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/08/20 14:38:30 | 000,026,340 | ---- | C] () -- C:\Users\Bill's Towing\AppData\Roaming\UserTile.png
[2010/08/19 16:34:31 | 000,000,040 | ---- | C] () -- C:\Users\Bill's Towing\AppData\Roaming\wklnhst.dat
[2010/06/14 09:22:10 | 000,160,876 | ---- | C] () -- C:\Windows\hpoins44.dat
[2009/09/18 09:50:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/18 09:50:47 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/18 09:50:18 | 000,066,560 | ---- | C] () -- C:\Windows\System32\drivers\smb.sys
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/11 05:30:02 | 000,000,586 | ---- | C] () -- C:\Windows\hpomdl44.dat
[2009/02/04 04:04:00 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/30 18:59:50 | 000,000,680 | ---- | C] () -- C:\Users\Bill's Towing\AppData\Local\d3d9caps.dat
[2009/01/30 18:08:39 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/01/30 18:08:39 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2140.DAT
[2008/08/28 13:45:40 | 000,107,357 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/08/28 13:20:26 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/08/28 13:20:26 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,339,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
========== Alternate Data Streams ==========
@Alternate Data Stream - 816 bytes -> C:\Windows\1501442901:2865529254.exe
< End of report >