Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Freezing and crashing

Started by jones082 , Mar 13 2011 03:36 PM

  • This topic is locked This topic is locked

#46
Salagubang
Posted 29 March 2011 - 10:29 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi jones082,

Are you using the paid version of AVAST? If not, we need to temporarily removed it (go to control panel > add/remove programs and uninstall Avast). For alternative protection download Microsoft Security Essentials and install it on the ailing machine.

Next

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
FF - prefs.js..network.proxy.no_proxies_on: "64.136.29.30,64.136.21.30,64.136.29.34,searchap.untd.com,127.0.0.1,localhost,*microsoft.com,*windowsupdate.com,*wustat.windows.com,*.pogo.com,*.worldwinner.com,*test-speed.com,liveupdate.symantecliveupdate.com,*symantec.com,*.nai.com,*.networkassociates.com,*photosite.com,*.dir.untd.com,localhost,127.0.0.1"
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\06043172.sys -- (06043172)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\01592982.sys -- (01592982)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\0604317.sys -- (setup_9.0.0.722_30.03.2011_02-21drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\06043171.sys -- (06043171)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\01592981.sys -- (01592981)
DRV - [2011/03/29 16:27:13 | 000,011,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\uzm4odk1.sys -- (uzm4odk1)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

Advertisements

#47
jones082
Posted 30 March 2011 - 10:58 AM

jones082

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 253 posts
I uninstalled Avast.
I installed MSE, updated definitions, and it will not start. First it timed out, then it gave me an error message.
I will try to uninstall and re-install when I get home.
  • 0

#48
jones082
Posted 30 March 2011 - 06:53 PM

jones082

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 253 posts
I tried 3 times.
I got MSE to update and it even did a quick scan and found nothing.
But I can't get it to turn on real time protection.
I get a time out error 0x800705b4.
Should I install another virus detector?
  • 0

#49
Salagubang
Posted 30 March 2011 - 07:07 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi,

Yes we need to install protection.

Uninstall MSE and download and install Avira (free version) and install in into the ailing computer.
  • 0

#50
jones082
Posted 30 March 2011 - 07:54 PM

jones082

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 253 posts
Avira would not install. It says that it will only install on newer versions of Windows, not XP.

I reinstalled Avast, just to have something.

Edited by jones082, 30 March 2011 - 08:02 PM.

  • 0

#51
Salagubang
Posted 30 March 2011 - 08:12 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts

I reinstalled Avast, just to have something.

:D

Download and run Combofix from Bleepingcomputer and post the log on your next reply for review.
  • 0

#52
jones082
Posted 30 March 2011 - 08:23 PM

jones082

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 253 posts
I will do that next.



[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
[/list]

OTL logfile created on: 3/30/2011 7:03:21 PM - Run 8
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Bill\Desktop\security
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 273.00 Mb Available Physical Memory | 53.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.36 Gb Total Space | 88.99 Gb Free Space | 61.64% Space Free | Partition Type: NTFS
Drive D: | 4.68 Gb Total Space | 1.14 Gb Free Space | 24.42% Space Free | Partition Type: FAT32

Computer Name: YOUR-Xxxx | User Name: xxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/23 10:49:21 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/03/13 14:11:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\security\OTL.exe
PRC - [2011/02/23 08:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 08:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008/07/01 10:34:48 | 002,326,528 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2004/08/26 19:40:20 | 000,282,624 | ---- | M] (Digital Networks North America, Inc.) -- C:\WINDOWS\system32\RioMSC.exe
PRC - [2003/06/11 08:34:58 | 000,155,770 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe


========== Modules (SafeList) ==========

MOD - [2011/03/13 14:11:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\security\OTL.exe
MOD - [2011/02/23 08:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/29 17:56:26 | 003,229,784 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Akamai/netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2011/02/23 08:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2004/08/26 19:40:20 | 000,282,624 | ---- | M] (Digital Networks North America, Inc.) [Auto | Running] -- C:\WINDOWS\system32\RioMSC.exe -- (RioMSC)
SRV - [2003/06/11 08:34:58 | 000,155,770 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 07:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 07:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 07:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 07:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 07:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 07:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 07:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/26 18:25:45 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/02 18:08:01 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/02 18:08:01 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/04/13 11:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 11:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 11:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/12/28 15:02:12 | 000,287,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2007/05/23 14:26:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2005/06/02 20:38:36 | 000,018,025 | ---- | M] (Winbond Electronics Corp.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wbusbbus.sys -- (WbUsbBus)
DRV - [2005/06/02 20:33:52 | 000,022,340 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wbusbscr.sys -- (wbusbscr)
DRV - [2004/01/29 10:07:00 | 000,796,064 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPVRP2.sys -- (hcwPVRP2) Hauppauge WinTV-PVR PCI II (Encoder-16)
DRV - [2003/08/27 19:48:00 | 000,011,510 | ---- | M] (Winbond Electronics Corp.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\wbusb.sys -- (WbUsb)
DRV - [2003/07/30 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/07/30 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/05/22 08:44:44 | 000,670,203 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctxs51.sys -- (Intels51)
DRV - [2003/03/20 15:01:46 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 07:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.no_proxies_on: "64.136.29.30,64.136.21.30,64.136.29.34,searchap.untd.com,127.0.0.1,localhost,*microsoft.com,*windowsupdate.com,*wustat.windows.com,*.pogo.com,*.worldwinner.com,*test-speed.com,liveupdate.symantecliveupdate.com,*symantec.com,*.nai.com,*.networkassociates.com,*photosite.com,*.dir.untd.com,localhost,127.0.0.1"


File not found (No name found) -- C:\PROGRAM FILES\NETSCAPE\NAVIGATOR 9\EXTENSIONS\{3EC9C995-8072-4FC0-953E-4F30620D17F3}

O1 HOSTS File: ([2011/03/30 08:24:59 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE (Dale Nurden)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: jango.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...ector/swdir.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://download.micr...b?1093135076296 (MSSecurityAdvisor Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} https://support.micr...ActiveX/odc.cab (Microsoft PID Sniffer)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://www.maricopa....in/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1118468142156 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1118468013203 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} http://h36.e-tmm.com/bin/tol9inst.cab (Installer9Ctrl Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7919.2453587963 (Reg Error: Key error.)
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} http://www.microsoft...ols/DoomCln.CAB (DoomCln Object)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} http://mail.lycos.co.../AttachMail.cab (LycosMail Upload Control)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.micr...04/clearadj.cab (CTAdjust Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.c...driveragent.cab (Driver Agent ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Bill\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bill\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/10/25 16:26:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/30 18:19:13 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/03/30 18:19:13 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/03/30 18:19:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/03/30 18:19:11 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/03/30 18:19:11 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/03/30 18:19:11 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/03/30 18:19:10 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/03/30 18:19:10 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/03/30 18:19:10 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/03/30 18:18:04 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/03/30 18:18:02 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/03/30 08:51:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2011/03/30 08:19:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/30 08:18:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Local Settings\Application Data\PCHealth
[2011/03/29 17:56:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2011/03/29 16:22:20 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\0159298.sys
[2011/03/29 08:22:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bill\Recent
[2011/03/27 18:35:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/27 13:20:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/03/27 13:06:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/27 13:02:21 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/03/27 12:21:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/03/21 06:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Puran Defrag
[2011/03/21 06:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2011/03/20 20:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/17 08:26:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/17 08:26:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/17 08:26:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/17 08:26:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/14 18:04:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/14 18:04:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/14 18:04:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/14 18:04:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/14 17:53:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/13 14:03:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Local Settings\Application Data\Help
[2011/03/13 12:23:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavalys
[2011/03/12 18:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\Auslogics
[2011/03/12 18:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2011/03/12 18:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2011/03/12 17:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/03/12 08:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/03/12 08:25:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/03/12 07:50:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/03/11 11:04:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WhoCrashed
[2011/03/11 11:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2011/03/08 15:53:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\ImgBurn
[2011/03/08 15:40:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/03/08 15:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/03/08 08:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2011/03/03 20:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/03/02 19:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/03/02 17:27:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Templates
[2011/03/02 17:00:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Local Settings\Application Data\Temp
[2006/07/15 02:27:38 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 30 Days ==========

[2011/03/30 19:12:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{91AD3615-D7B6-4577-84DE-F0F77B97CE47}.job
[2011/03/30 18:35:21 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-531059437-3393555123-1363351605-1006UA.job
[2011/03/30 18:19:13 | 000,001,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/30 18:19:10 | 000,002,631 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/03/30 18:14:21 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/30 18:14:09 | 000,021,961 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/03/30 18:13:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/30 18:13:39 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/30 18:10:07 | 062,623,864 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\setup_av_free.exe
[2011/03/30 18:06:17 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/03/30 08:24:59 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/03/29 17:03:45 | 000,014,528 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\avptool_sysinfo.zip
[2011/03/28 09:00:15 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/28 09:00:14 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Google Chrome.lnk
[2011/03/27 13:06:30 | 000,000,396 | RHS- | M] () -- C:\Boot.ini
[2011/03/27 13:01:34 | 004,303,726 | R--- | M] () -- C:\Documents and Settings\Bill\Desktop\ComboFix.exe
[2011/03/27 12:26:34 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/03/27 12:26:34 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/03/25 19:10:34 | 000,000,279 | ---- | M] () -- C:\Boot.bak
[2011/03/24 15:35:05 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-531059437-3393555123-1363351605-1006Core.job
[2011/03/21 12:14:16 | 000,000,017 | ---- | M] () -- C:\WINDOWS\System32\npd6.d
[2011/03/14 17:37:11 | 002,418,084 | ---- | M] () -- C:\MGtools.exe
[2011/03/14 17:33:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bill\defogger_reenable
[2011/03/08 15:41:00 | 000,001,556 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/03/06 12:19:12 | 004,816,641 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Vince Guaraldi Trio - Charlie Brown Slow.mp3
[2011/03/03 20:38:05 | 000,429,905 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110303-222229.backup

========== Files Created - No Company Name ==========

[2011/03/30 18:19:13 | 000,001,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/30 18:08:43 | 062,623,864 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\setup_av_free.exe
[2011/03/29 17:06:26 | 536,399,872 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/29 17:04:22 | 000,014,528 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\avptool_sysinfo.zip
[2011/03/27 13:06:30 | 000,000,279 | ---- | C] () -- C:\Boot.bak
[2011/03/25 19:10:28 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
[2011/03/21 06:42:30 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\npd6.d
[2011/03/14 18:04:23 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/14 18:04:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/14 18:04:23 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/14 18:04:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/14 18:04:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/14 17:37:18 | 002,418,084 | ---- | C] () -- C:\MGtools.exe
[2011/03/14 17:33:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bill\defogger_reenable
[2011/03/14 17:30:10 | 004,303,726 | R--- | C] () -- C:\Documents and Settings\Bill\Desktop\ComboFix.exe
[2011/03/08 15:40:59 | 000,001,556 | ---- | C] () -- C:\Documents and Settings\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/03/08 08:17:52 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/03/06 12:18:12 | 004,816,641 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Vince Guaraldi Trio - Charlie Brown Slow.mp3
[2011/02/19 16:15:11 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\Bill\Application Data\Sys2662.Config.Repository.bin
[2010/08/23 20:55:32 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\housecall.guid.cache
[2010/08/04 07:18:54 | 000,018,432 | ---- | C] () -- C:\WINDOWS\ss3unstl.exe
[2010/07/30 18:19:09 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\Bill\Application Data\Sys6925.Config Collection.sys
[2010/07/30 18:19:09 | 000,000,022 | -HS- | C] () -- C:\WINDOWS\Sys3390 SettingsCollection.bin
[2010/07/21 19:47:23 | 000,023,084 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2009/07/18 07:42:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/11 10:02:41 | 000,059,296 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/03/12 20:37:56 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\pdwindows20.bin
[2009/03/12 19:19:58 | 000,074,752 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe
[2008/06/07 17:51:11 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\strings.exe
[2008/06/07 17:51:11 | 000,039,184 | ---- | C] () -- C:\WINDOWS\System32\Ntrights.exe
[2008/06/07 17:51:11 | 000,011,254 | ---- | C] () -- C:\WINDOWS\System32\locate.com
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/10/17 03:05:51 | 000,000,031 | ---- | C] () -- C:\WINDOWS\bluevoda.ini
[2007/03/12 01:00:33 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2006/11/12 16:56:36 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/24 02:36:39 | 002,768,896 | ---- | C] () -- C:\WINDOWS\System32\GSDLL32.dll
[2006/10/24 02:36:39 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\gswin32c.exe
[2006/10/24 02:36:39 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\PSConvert.exe
[2006/10/24 02:36:39 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\psparam.ini
[2006/09/12 15:24:09 | 000,046,345 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/04/12 23:28:45 | 000,105,168 | ---- | C] () -- C:\WINDOWS\NSUninst.exe
[2006/04/12 23:28:18 | 000,105,168 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
[2006/04/10 02:17:53 | 000,329,216 | ---- | C] () -- C:\WINDOWS\System32\HTMLExpertLib.dll
[2006/04/10 02:17:53 | 000,104,960 | ---- | C] () -- C:\WINDOWS\System32\UAFDLL.DLL
[2006/04/10 02:17:53 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\HTMLProcessors.dll
[2006/04/10 02:17:53 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\ScriptSyntaxMgr.dll
[2006/04/10 02:17:53 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\HTMLValidator.dll
[2006/04/10 02:17:52 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\HDPREV.DLL
[2006/04/10 02:17:52 | 000,049,664 | ---- | C] () -- C:\WINDOWS\System32\ElementSyntaxMgr.dll
[2006/04/10 02:17:51 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\Crde96v3.dll
[2006/03/26 21:11:56 | 000,000,035 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/03/26 21:11:06 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2006/03/26 21:11:05 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\Inetwh16.dll
[2006/03/26 21:11:04 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\Sh33w32.dll
[2006/03/26 21:11:04 | 000,004,528 | ---- | C] () -- C:\WINDOWS\System32\Setbrows.exe
[2006/03/26 21:10:12 | 000,000,157 | ---- | C] () -- C:\Documents and Settings\Bill\Application Data\ntl.ini
[2006/03/26 21:10:08 | 000,002,223 | ---- | C] () -- C:\Documents and Settings\Bill\Application Data\ntl.nws
[2006/03/24 05:41:33 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006/03/24 05:41:03 | 000,014,191 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/11/30 13:34:40 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2005/11/29 02:33:09 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/11/29 01:19:31 | 000,000,032 | ---- | C] () -- C:\WINDOWS\thxcfg.ini
[2005/09/20 03:59:52 | 000,069,320 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2005/09/20 03:59:52 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2005/08/03 01:25:31 | 000,000,004 | ---- | C] () -- C:\WINDOWS\RM_RESULT.DAT
[2005/08/03 01:17:49 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/07/28 19:34:45 | 000,000,702 | ---- | C] () -- C:\WINDOWS\GraphicsDesk.INI
[2005/07/01 02:00:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CALENDARPLUS.INI
[2005/05/23 00:05:49 | 000,000,059 | ---- | C] () -- C:\WINDOWS\LTDLG13N.INI
[2005/05/21 00:08:50 | 000,005,603 | ---- | C] () -- C:\WINDOWS\1st-ftp.ini
[2005/05/03 11:44:44 | 000,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 11:43:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/04/27 21:22:38 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/04/27 21:22:34 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/04/01 16:16:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/03/04 12:20:49 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2005/03/03 16:16:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2005/01/20 01:03:08 | 000,000,019 | ---- | C] () -- C:\WINDOWS\squotes.ini
[2004/12/01 19:14:42 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2004/10/22 12:51:04 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2004/10/13 17:24:03 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/10/01 17:33:46 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/09/08 14:52:43 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/21 22:58:47 | 000,000,603 | ---- | C] () -- C:\WINDOWS\etel5.ini
[2004/08/12 06:02:34 | 000,000,057 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2004/07/22 17:28:02 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/07/14 20:05:36 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2004/07/14 18:55:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2004/07/12 22:12:49 | 000,001,859 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/07/12 20:19:07 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2004/07/12 20:11:32 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2004/07/12 20:10:44 | 000,000,111 | ---- | C] () -- C:\WINDOWS\EPSON Stylus CX5400.ini
[2004/07/12 17:56:09 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/07/11 16:54:37 | 000,106,496 | ---- | C] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/07/11 16:54:37 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\fusioncache.dat
[2004/01/25 11:43:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/11/12 01:54:00 | 001,287,168 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2003/11/12 01:54:00 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/11/07 12:59:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/11/03 17:43:03 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\MSIFPCTL.exe
[2003/11/03 07:54:17 | 000,233,472 | ---- | C] () -- C:\WINDOWS\CMIRMDRV.EXE
[2003/11/03 07:54:17 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRMDRV.DLL
[2003/11/03 07:54:17 | 000,003,424 | ---- | C] () -- C:\WINDOWS\cmiainfo.sys
[2003/11/03 07:54:17 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2003/11/03 07:54:17 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2003/11/03 07:54:16 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2003/11/03 07:54:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2003/11/03 07:54:15 | 000,074,085 | ---- | C] () -- C:\WINDOWS\Cmuda.ini
[2003/11/03 07:54:13 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2003/11/03 07:54:13 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2003/11/03 07:54:13 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2003/11/03 07:46:30 | 000,000,958 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/11/01 11:46:06 | 000,000,015 | ---- | C] () -- C:\WINDOWS\NASBA.ini
[2003/10/27 05:42:20 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/10/26 10:01:01 | 000,073,728 | ---- | C] () -- C:\WINDOWS\Dit.exe
[2003/10/26 10:01:01 | 000,065,536 | ---- | C] () -- C:\WINDOWS\DitExp.exe
[2003/10/26 10:01:01 | 000,065,536 | ---- | C] () -- C:\WINDOWS\Dit.DLL
[2003/10/26 10:01:01 | 000,000,208 | ---- | C] () -- C:\WINDOWS\Dit.INI
[2003/10/26 09:38:11 | 000,294,912 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2003/10/26 09:38:11 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2003/10/25 16:41:54 | 000,000,874 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/10/25 16:31:55 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/10/25 16:28:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/10/25 16:23:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/10/25 16:16:30 | 000,000,916 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/10/25 16:15:58 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NSREG.DLL
[2003/10/25 16:15:51 | 000,458,946 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/10/25 16:15:51 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/10/25 16:15:51 | 000,079,514 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/10/25 16:15:51 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/10/25 16:15:50 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/10/25 16:15:49 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/10/25 16:15:48 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/10/25 16:15:42 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/10/25 16:15:42 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/10/25 16:15:36 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/10/25 16:15:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/10/25 16:15:27 | 000,147,901 | ---- | C] () -- C:\WINDOWS\System32\mtxptlib.dll
[2003/10/25 09:20:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/10/25 09:20:17 | 000,281,336 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/01/07 13:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/05 17:51:00 | 000,059,392 | R--- | C] () -- C:\WINDOWS\streamhlp.dll
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/03/14 12:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2002/03/13 16:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/10/28 17:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\prnmnt.dll
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/01/12 11:40:22 | 000,029,184 | ---- | C] () -- C:\WINDOWS\rmud.exe
[1998/08/16 05:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== LOP Check ==========

[2010/10/18 08:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2006/04/15 02:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Authentium
[2011/03/30 18:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/07/29 17:45:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/05/22 17:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/03/12 20:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Iceni
[2011/03/14 17:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2008/03/21 20:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Filter
[2009/12/20 09:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/03/12 18:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Auslogics
[2007/08/30 23:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\BluesBegone001
[2007/12/03 17:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\eFax Messenger
[2010/07/20 17:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\ElevatedDiagnostics
[2011/03/06 11:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\FrostWire
[2009/01/22 19:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\ICAClient
[2011/03/08 15:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\ImgBurn
[2011/02/19 17:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\LimeWire
[2007/12/18 15:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Netscape
[2009/07/02 23:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Opera
[2009/10/29 11:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\OverDrive
[2009/06/09 21:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\PC Registry Cleaner
[2010/08/27 16:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Philipp Winterberg
[2007/01/21 13:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Sereniti
[2010/07/25 15:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Stardock
[2009/08/01 16:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\SystemRequirementsLab
[2004/07/11 21:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Template
[2011/02/19 17:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\WinPatrol
[2011/03/30 19:12:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{91AD3615-D7B6-4577-84DE-F0F77B97CE47}.job

========== Purity Check ==========



< End of report >
  • 0

#53
jones082
Posted 30 March 2011 - 09:34 PM

jones082

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 253 posts
ComboFix 11-03-30.01 - Bill 03/30/2011 20:13:23.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.251 [GMT -7:00]
Running from: c:\documents and settings\Bill\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-31 )))))))))))))))))))))))))))))))
.
.
2011-03-31 01:19 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-31 01:19 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-31 01:19 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-31 01:19 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-31 01:19 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-31 01:19 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-03-31 01:19 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-03-31 01:19 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-03-31 01:18 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-31 01:18 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-30 15:51 . 2011-03-30 15:51 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2011-03-30 15:19 . 2011-03-30 15:19 -------- d-----w- C:\_OTL
2011-03-30 15:18 . 2011-03-30 15:18 -------- d-----w- c:\documents and settings\Bill\Local Settings\Application Data\PCHealth
2011-03-30 00:56 . 2011-03-31 03:08 -------- d-----w- c:\program files\Common Files\Akamai
2011-03-29 23:22 . 2009-10-10 06:31 315408 ----a-w- c:\windows\system32\drivers\0159298.sys
2011-03-27 19:21 . 2011-03-31 03:10 -------- d-----w- c:\windows\system32\CatRoot2
2011-03-21 13:42 . 2011-02-16 01:39 233472 ----a-w- c:\windows\system32\PuranDefragS.exe
2011-03-21 13:42 . 2011-02-16 01:39 229376 ----a-w- c:\windows\system32\PuranDC.exe
2011-03-21 13:42 . 2011-02-16 01:39 1114112 ----a-w- c:\windows\system32\PuranFD.exe
2011-03-21 13:42 . 2011-02-16 01:39 108544 ----a-w- c:\windows\system32\PuranDefragBT.exe
2011-03-21 13:42 . 2009-12-31 21:02 212992 ----a-w- c:\windows\system32\PuranDefrag.dll
2011-03-21 13:42 . 2011-03-23 14:48 -------- d-----w- c:\program files\Puran Defrag
2011-03-21 03:19 . 2011-03-21 03:19 -------- d-----w- c:\program files\ESET
2011-03-17 15:26 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-17 15:26 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-17 15:26 . 2011-03-17 15:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-15 00:37 . 2011-03-15 00:37 2418084 ----a-w- C:\MGtools.exe
2011-03-13 21:03 . 2011-03-13 21:03 -------- d-----w- c:\documents and settings\Bill\Local Settings\Application Data\Help
2011-03-13 01:26 . 2011-03-13 01:26 -------- d-----w- c:\documents and settings\Bill\Application Data\Auslogics
2011-03-13 01:25 . 2011-03-13 01:25 -------- d-----w- c:\program files\Auslogics
2011-03-13 00:16 . 2011-03-15 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2011-03-12 15:25 . 2011-03-31 01:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-03-12 15:25 . 2011-03-12 15:25 -------- d-----w- c:\program files\AVAST Software
2011-03-12 14:50 . 2011-03-12 14:50 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-03-11 18:04 . 2011-03-11 18:07 -------- d-----w- c:\program files\WhoCrashed
2011-03-08 22:53 . 2011-03-08 22:53 -------- d-----w- c:\documents and settings\Bill\Application Data\ImgBurn
2011-03-08 22:40 . 2011-03-08 22:40 -------- d-----w- c:\program files\ImgBurn
2011-03-08 15:20 . 2011-02-03 01:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-08 15:07 . 2011-03-08 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2011-03-04 03:20 . 2011-03-06 22:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-03 02:35 . 2011-03-03 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-03-03 00:00 . 2011-03-28 01:35 -------- d-----w- c:\documents and settings\Bill\Local Settings\Application Data\Temp
2011-03-02 14:32 . 2010-12-09 15:15 718336 -c--a-w- c:\windows\system32\dllcache\ntdll.dll
2011-03-02 14:32 . 2010-12-09 15:15 718336 ----a-w- c:\windows\system32\ntdll.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-19 23:15 . 2011-02-19 23:15 22 --sha-w- c:\documents and settings\Bill\Application Data\Sys2662.Config.Repository.bin
2011-02-09 13:53 . 2003-11-12 08:54 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2003-11-12 08:54 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2003-10-25 23:22 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2003-10-25 23:22 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2003-10-25 23:15 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2003-10-25 23:15 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2011-02-18 15:35 1854976 ----a-w- c:\windows\system32\win32k.sys
2006-07-15 09:27 . 2006-07-15 09:27 774144 ----a-w- c:\program files\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ------w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TClockEx"="c:\program files\TClockEx\TCLOCKEX.EXE" [2000-03-09 89088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-04-01 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-01 5562368]
"ehTray"="c:\windows\ehome\ehtray.exe" [2008-04-14 50176]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-7-1 2326528]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoFavoritesMenu"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Rio\\Rio Music Manager\\riomm.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\ABBYY FineReader 5.0 Sprint\\Sprint.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\StubInstaller.exe"=
"c:\documents and settings\Bill\Local Settings\Apps\2.0\06TZVVQ6.JXN\JY03NKBX.R20\thef...app_0d221d3645bc6701_0002.0005_8decbbb466c17454\The Filter.exe"= c:\documents and settings\Bill\Local Settings\Apps\2.0\06TZVVQ6.JXN\JY03NKBX.R20\thef...app_0d221d3645bc6701_0002.0005_8decbbb466c17454\The Filter.exe:127.0.0.1/255.255.255.255:Enabled:The Filter: Windows Media Player plugin
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\doom 3\\Doom3.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"123:TCP"= 123:TCP:time.windows.com
"1088:TCP"= 1088:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/30/2011 6:19 PM 301528]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/11/2009 10:44 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/11/2009 10:44 AM 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [10/25/2003 4:15 PM 14336]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]
R2 WbUsbBus;Winbond USB Smart Card Controller;c:\windows\system32\drivers\wbusbbus.sys [11/6/2003 12:34 PM 18025]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [12/28/2007 3:02 PM 287232]
R3 wbusbscr;Winbond Smartcard Reader;c:\windows\system32\drivers\wbusbscr.sys [11/6/2003 12:34 PM 22340]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/30/2011 6:19 PM 371544]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/30/2011 6:19 PM 19544]
S2 WbUsb;Winbond Generic USB Controller;c:\windows\system32\drivers\wbusb.sys [11/3/2003 5:41 PM 11510]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/11/2009 10:44 AM 12872]
S3 utm4odk1;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\utm4odk1.sys --> c:\windows\system32\Drivers\utm4odk1.sys [?]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [3/21/2011 6:42 AM 233472]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-531059437-3393555123-1363351605-1006Core.job
- c:\documents and settings\Bill\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-28 03:20]
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-531059437-3393555123-1363351605-1006UA.job
- c:\documents and settings\Bill\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-28 03:20]
.
2011-03-31 c:\windows\Tasks\User_Feed_Synchronization-{91AD3615-D7B6-4577-84DE-F0F77B97CE47}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: jango.com\www
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-30 20:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_a35e6b9.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_a35e6b9.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\NETGEAR\WG111v3]
@DACL=(02 0000)
"CurrentProfile"="2\00No\00\12\00*&|l\12\00\00&|e\01\04s\00\12\00\14\00\00\00\01"
"ProfileNumber"=" 2\00|]\00|\04|\00\00\14\00\00\00\00\00(x\18\00\18\12\00\04|(x\18\00\00\00\00\00l\12"
"XPDialog"="Enable\00\00\00\00G\00\00\00\00\00\1b\00j\01\0f\00\14\000\00\00\00`\00\00\00\00\14\00\12\00\00\00\14"
"XPZeroConfig"="Disable\00\00\00G\00\00\00\00\00\1b\00j\01\0f\00\14\000\00\00\00`\00\00\00\00\14\00\12\00\00\00\14"
"Domain"="United States"
"RegionalDomainDialog"="Disable"
"FixedDeviceDescription"="Enable"
"UtilityNumber"="0"
"FirstRun"="No\00\12\00*&|l\12\00h\07\01\01\04s\00\12\00\14\00\00\00\01\00\00\00\00\00\00\00\00\00\00\00\08"
"WizardFirstRun"="Yes"
"WizardButton"="Yes"
"WizardIsRunning"="Disable\00\12\00\00\00\00\005\02\05\00\00\00\12\00\00\00\00\00\04\00\00\00\12\00j;Pw"
"FlashCount"="10"
"InternetConnectionDialog"="Enable\00G\00\18\00\00\00\12\00D\00\05\00\00\14\00\12\00\12\00\08H\00\00\00\00\0050G\00i0G"
"OptionsDialog"="Enable\00States\00S\00t\00a\00t\00e\00s\00\00\00\12\00\12\00G\00\18\00\00\00T\00\01\01\12"
"OptionsMenu"="Disable"
"AnimationWizard"="Enable"
"ProfileTabListCtrl1"="155"
"ProfileTabListCtrl2"="155"
"SitesurveyTabListCtrl1"="168\00\00\00(\12\008G\00\02\04\03\01\00\1d\10\00\00\06\00\00\00\00\00\00\00TK\00D\12\00>G\00\1d\10"
"SitesurveyTabListCtrl2"="56\00\00\00\00(\12\008G\00\02\04\03\01\00\1d\10\00\00\06\00\00\00\00\00\00\00TK\00D\12\00>G\00\1d\10"
"SitesurveyTabListCtrl3"="45\00\00\00\00(\12\008G\00\02\04\03\01\00\1d\10\00\00\06\00\00\00\00\00\00\00TK\00D\12\00>G\00\1d\10"
"SitesurveyTabListCtrl4"="117\00\00\00(\12\008G\00\02\04\03\01\00\1d\10\00\00\06\00\00\00\00\00\00\00TK\00D\12\00>G\00\1d\10"
"SitesurveyTabListCtrl5"="46\00\00\00\00(\12\008G\00\02\04\03\01\00\1d\10\00\00\06\00\00\00\00\00\00\00TK\00D\12\00>G\00\1d\10"
"SitesurveyTabListCtrl6"="111\00\00\00(\12\008G\00\02\04\03\01\00\1d\10\00\00\06\00\00\00\00\00\00\00TK\00D\12\00>G\00\1d\10"
"SitesurveyTabListCtrl7"="90\00\00\00\00(\12\008G\00\02\04\03\01\00\1d\10\00\00\06\00\00\00\00\00\00\00TK\00D\12\00>G\00\1d\10"
"Internetmessage"="Yes"
"Writeable"="No"
"FadeTime"="300"
"Alpha"="255"
"SProRun"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(540)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2704)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-03-30 20:30:28
ComboFix-quarantined-files.txt 2011-03-31 03:30
ComboFix2.txt 2011-03-17 04:32
ComboFix3.txt 2011-03-15 01:36
.
Pre-Run: 95,649,906,688 bytes free
Post-Run: 95,628,234,752 bytes free
.
- - End Of File - - 40F341A0FE006725817F7E4C6A63C7D9
  • 0

#54
Salagubang
Posted 30 March 2011 - 10:03 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi jones082,

Nothing much in the logs. I am thinking of using the system restore going back to when the machine was still working properly. But first we need to create a back-up of the current registry using ERUNT for failsafe.
  • Start ERUNT
  • Choose a location for the backup
    The default location C:\WINDOWS\ERDNT\[today's date] is preferred
    Posted Image
  • The first two check boxes are ticked by default (System registry and Current user registry).
  • Press OK
  • When prompted, click YES to create a new folder.
  • Progress bars will show backup status.
  • A confirmation window will popup when complete. Click OK to close.

Next

Restore the computer to an earlier point.

  • Click Start.
  • Point to All Programs.
  • Point to Accessories.
  • Point to System Tools.
  • Click System Restore.
  • Choose a restore date
  • Follow the instructions on the wizard.

Tell me how it goes.
  • 0

#55
jones082
Posted 30 March 2011 - 11:16 PM

jones082

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 253 posts
I tried that way back...it was no help. I went back to the furthest restore point that I had and the system ran no better. I then wiped out all the restore points and ran Malware bytes, Avast, SuperAntispyware, etc.
  • 0

Advertisements

#56
Salagubang
Posted 31 March 2011 - 12:27 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi Jones082,

Not many other options. All that is left is the backup registry from when the system was first installed, and yet if we use that, programs that were installed after, will no longer work and will need to be reinstalled (so as the drivers); though hard disk contents will remain intact and all the saved documents and files as opposed to a clean install.

Let me know if you want to go with this.
  • 0

#57
jones082
Posted 31 March 2011 - 09:11 AM

jones082

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 253 posts
What do you think the situation is? Is the machine clear of viruses? Is it the registry that is the issue?
Could it be the problem that I've had in the past that certain drivers are conflicting with updates?
  • 0

#58
Salagubang
Posted 31 March 2011 - 05:40 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts

What do you think the situation is? Is the machine clear of viruses? Is it the registry that is the issue?
Could it be the problem that I've had in the past that certain drivers are conflicting with updates?


Yes the machine is I believed now free from virus but not without creating some damage to your system. Also, you are correct in your assessment that incompatible or poorly written drivers installed in the past can contribute to all this poor performance.

The fastest way to solve this is to backup up all of your important files then do a clean OS install. An alternative to this is to use the copy of the registry when the machine was first installed then proceed to installing the correct drivers then reinstalling your applications.
  • 0

#59
jones082
Posted 31 March 2011 - 06:51 PM

jones082

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 253 posts
I'm afraid that is more than I can handle right now. I really appreciate your help and I wish we could've solved this, but I think I need to give up for awhile. Maybe it's time for a new computer. Again, thank you for trying and for all the great troubleshooting.
  • 0

#60
Salagubang
Posted 03 April 2011 - 12:33 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP